Hi, The Session variable is like a secret word or phrase. Since the variable is only on the server you can test for it at the top of the script. No match or does not exist, no email sent. cURL is PHP extension that allows you to use PHP to interact with a server as if it was a user interacting with the server through a browser. Here is the link:
http://curl.haxx.se/ From the cURL site: curl is a command line tool for transferring files with URL syntax, supporting FTP, FTPS, HTTP, HTTPS, GOPHER, TELNET, DICT, FILE and LDAP. Curl supports HTTPS certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies, user+password authentication (Basic, Digest, NTLM, Negotiate, kerberos...), file transfer resume, proxy tunneling and a busload of other useful tricks. Mike -- Mike Brandonisio * IT Planning & Support Tech One Illustration * Database Applications tel (630) 759-9283 * e-Commerce [EMAIL PROTECTED] * www.techoneillustration.com On Aug 30, 2005, at 8:50 AM, Wade Smart wrote: > 08302005 0857 GMT-5 > > If you use a session variable and match the var to a var on the > server, > I dont know what cURL is but, wouldnt that prevent something from > seeing the server side var and even if you know the client side > var, you > still have to match them. If they match great, run your tests against > spam words, or even better, have a templete page of what should go out > against what is going out. Except for the few variables you need from > the one putting data into the form, the rest should be the same every > time. Right? > > Wade > > David Smyth wrote: > > >> Nice idea though, I'll give that a try and see if that stops them for >> the time being, I have no doubt that the bots will get round it >> eventually. >> >> Many thanks, >> >> David. >> >> --- In [email protected], Mike Brandonisio <[EMAIL PROTECTED]> >> wrote: >> >> >> >>> Hi, >>> >>> For me, I put a hidden session variable that is set when the form >>> loads. I then test for it before emailing. If it does not exist I do >>> not send the email. If it does exist I send the email and kill >>> session. I usually do my forms as 2 parts one form page and one >>> processing page. >>> >>> Since the variable is hidden in the session it forces someone to at >>> least use the first form page. Although it is not fool proof. I >>> guess >>> someone could use cURL to get around that. >>> >>> Mike >>> -- >>> Mike Brandonisio * IT Planning & Support >>> Tech One Illustration * Database Applications >>> tel (630) 759-9283 * e-Commerce >>> [EMAIL PROTECTED] * www.techoneillustration.com >>> >>> On Aug 30, 2005, at 5:19 AM, David Smyth wrote: >>> >>> >>> >>> >>>> Hi, I have a php form that I believe is being abused by some >>>> kind of >>>> crawler or something like that (not sure if these exist, but >>>> it's the >>>> only thing I could think of causing my problem) >>>> >>>> My client has started to receive emails from the site that >>>> appear to >>>> be junk, but information is appearing in the email that >>>> shouldn't be >>>> there. For instance, there is a checkbox on my form that will send >>>> through a yes/no depending on whether it's been checked or not, but >>>> the junk email manages to send through a junk email address >>>> instead. >>>> >>>> Can someone give me some pointers on the extra security I need >>>> to put >>>> in place? So far I basically just format the variables into a >>>> string >>>> and use the mail() function to email it to my client. This >>>> appears to >>>> not be sufficient. >>>> >>>> Any help here would be greatly appreciated. >>>> >>>> TIA, >>>> >>>> David. >>>> >>>> >>>> >>>> >>>> ------------------------ Yahoo! Groups Sponsor -------------------- >>>> ~--> >>>> Get Bzzzy! (real tools to help you find a job). Welcome to the >>>> Sweet Life. >>>> http://us.click.yahoo.com/A77XvD/vlQLAA/TtwFAA/CefplB/TM >>>> ------------------------------------------------------------------- >>>> - >>>> ~-> >>>> >>>> The php_mysql group is dedicated to learn more about the PHP/MySQL >>>> web database possibilities through group learning. >>>> Yahoo! Groups Links >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>>> >> >> >> >> >> >> The php_mysql group is dedicated to learn more about the PHP/MySQL >> web database possibilities through group learning. >> Yahoo! Groups Links >> >> >> >> >> >> >> >> >> >> >> > > > ------------------------ Yahoo! Groups Sponsor -------------------- > ~--> > Get Bzzzy! (real tools to help you find a job). Welcome to the > Sweet Life. > http://us.click.yahoo.com/A77XvD/vlQLAA/TtwFAA/CefplB/TM > -------------------------------------------------------------------- > ~-> > > The php_mysql group is dedicated to learn more about the PHP/MySQL > web database possibilities through group learning. > Yahoo! Groups Links > > > > > > > > > ------------------------ Yahoo! Groups Sponsor --------------------~--> Most low income households are not online. Help bridge the digital divide today! http://us.click.yahoo.com/cd_AJB/QnQLAA/TtwFAA/CefplB/TM --------------------------------------------------------------------~-> The php_mysql group is dedicated to learn more about the PHP/MySQL web database possibilities through group learning. Yahoo! Groups Links <*> To visit your group on the web, go to: http://groups.yahoo.com/group/php_mysql/ <*> To unsubscribe from this group, send an email to: [EMAIL PROTECTED] <*> Your use of Yahoo! Groups is subject to: http://docs.yahoo.com/info/terms/
