Increase security in tell-a-friend PHP script -


good day masters. i'm looking increase spam security of old tell-a-friend php script i'm using. last week victim of spam bot use 60 times in less minute overloading server. question is, how can modify in easiest or simplest way, maybe saving ip or cookie, not sure, same user can't use more 3 times in less minute example or if have better suggestion, more welcome ;]

this html page loads script: (html outdated too, i'm working on it)

<html> <head>     <title>tell friend</title>     <meta name="robots" content="noindex, nofollow" />     <script language="javascript">     function reset() {         document.tellafriend.name.value="";         document.tellafriend.email.value="";         document.tellafriend.fmail1.value="";         document.tellafriend.fmail2.value="";         document.tellafriend.fmail3.value="";     }     function validate() {         if (document.tellafriend.fmail1.value.length==0) {             alert("oops! you'll need enter friend's email address");             return false;         }         if (document.tellafriend.email.value.length==0) {             alert("oops! forget enter email address");             return false;         }         if (document.tellafriend.name.value.length==0) {             alert("oops! forgot enter name");             return false;         }         document.tellafriend.submit()         return true;     }     </script> </head> <body onload="reset()">      <table>         <tr>             <td>                 <span>complete details below send link friend:</span>                 <? $refurl = $_server['http_referer']; ?>                 <span><? print $refurl;?></span>                 <form name="tellafriend" action="tellafriend.php" method="post" onsubmit="return checkfields()">                     <table>                         <tr>                         <td> name*:</td>                             <td>                                 <input name="name" size="30" maxlength="45">                             </td>                         </tr>                         <tr>                             <td>your email*:</td>                             <td>                                 <input name="email" size="30" maxlength="45">                             </td>                         </tr>                         <tr>                             <td colspan="2">                                 <p align="center">enter friend's email addresses:</p>                             </td>                         </tr>                         <tr>                             <td>email 1*:</td>                             <td>                                 <input name="fmail1" class="bordesolid1" size="30" maxlength="50">                             </td>                         </tr>                         <tr>                             <td>email 2*:</td>                             <td>                                 <input name="fmail2" size="30" maxlength="50">                             </td>                         </tr>                         <tr>                             <td>email 3*:</td>                             <td>                                 <input name="fmail3" size="30" maxlength="50">                             </td>                         </tr>                         <tr>                             <td colspan="2">                                 <p align="center">                                 <span>this message contain name &amp; email address.</span><br>                                 <input onclick="validate();" type="button" value="click once send">                                 <input type=hidden name=refurl value="<? print $refurl;?>">                              </td>                         </tr>                     </table>                 </form>             </td>         </tr>     </table> </body> </html>

this php script (tellafriend.php):

<?php if(count($_post)) {     foreach(array('fmail1','fmail2','fmail3','email','name') $key) $_post[$key] = strip_tags($_post[$key]);     if(!is_secure($_post)) {         die("peace people! stop spamming!");     }     $emailto = "admin@domain.com";      $esubject = "recommendation form submission";      $emailtext = "$_post[name] has used recommendation form using email address of $_post[email].     people recommendation has been submitted are:     $_post[fmail1]     $_post[fmail2]     $_post[fmail3]     page recommended:     $_post[refurl]";     @mail("$emailto", $esubject, $emailtext, "from: $_post[email]");     $thankyoupage = "thankyou.htm";      $tsubject = "a web page recommendation $_post[name]";     $ttext = "hi, $_post[name], email address $_post[email] thought may interested in web page.      $_post[refurl];     @mail("$_post[fmail1],$_post[fmail2],$_post[fmail3]", $tsubject, $ttext, "from: $_post[email]");     header("location: $thankyoupage");     exit; } function is_secure($ar) {     $reg = "/(content-type|bcc|mime-version|content-transfer-encoding)/i";     if(!is_array($ar)) {         return preg_match($reg,$ar);     }     $incoming = array_values_recursive($ar);     foreach($incoming $k=>$v) if(preg_match($reg,$v)) return false;     return true; } function array_values_recursive($array) {     $arrayvalues = array();     foreach ($array $key=>$value) {         if (is_scalar($value) || is_resource($value)) {             $arrayvalues[] = $value;             $arrayvalues[] = $key;         }         elseif (is_array($value)) {             $arrayvalues[] = $key;             $arrayvalues = array_merge($arrayvalues, array_values_recursive($value));         }     }     return $arrayvalues; } ?>

million help. if can recommend me (simple) 1 better security great too.

i 1) should validate email addresses (both sender , recipient) valid (there plenty of regex available check that) - far not bullet-proof it's step.

2) simple threshold: create db table tracks ip address of sender , date referral email request submitted. before approve request, check there not x rows in table same ip in last y minutes

3) add captcha validate sender human (requires more effort spam)

more complex solutions require tracking , analysing pattern of spammer: lot of different ip addresses, maybe coming countries can block? similar email addresses many senders? etc.


Comments

Post a Comment

Popular posts from this blog

java.util.scanner - How to read and add only numbers to array from a text file -

i'm learning java , have question regarding reading file want read numbers file contains strings well. here example of file: 66.56 "3 java 3-43 5-42 2.1 1 and here coding: public class test { public static void main (string [] args){ if (0 < args.length) { file x = new file(args[0]); try{ scanner in = new scanner( new fileinputstream(x)); arraylist<double> test = new arraylist<>(); while(in.hasnext()){ if(in.hasnextdouble()){ double f=in.nextdouble(); test.add(f);} else {in.next();} } catch(ioexception e) { system.err.println("exception during reading: " + e); } } my problem add 66.56,2.1 , 1 doesn't add 3 after "3 or ignores 3-43 , 5-42 can tell me how skip strings , add doubles here? thanks all said 3 ie; "3, 3-43 , 4-42 strings either u read string , split , check number @ " , - or put in space between characters , integers. jvm after compilation tre...
Read more

rewrite - Trouble with Wordpress multiple custom querystrings -

i'm working on adding multiple querystring , doesn't seem work. i've found codes seems work others might i'm missing something. i want like: http://mydomain.com/board/?getyear=2013&getsometext2=sometext to http://mydomain.com/board/2013/sometext/ i added code below functions.php file. doesn't seem work should though. this works. echoing querystring gets both variable without problem. http://mydomain.com/board/2013/sometext/ but doesn't. tested querystring vis isset() seems nothing being set/get http://mydomain.com/board/2013/ function add_query_vars($vars) { $vars[] = "getyear"; $vars[] = "getsometext2"; return $vars; } add_filter('query_vars', 'add_query_vars'); function add_rewrite_rules($arules) { $anewrules = array('board/([^/]+)/([^/]+)/?$' => 'index.php?pagename=board&getyear=$matches[1]&getsometext2=$matches[2]'); $arules = $a...
Read more