contact form security code php problem? How to remove code?
I'm trying to find the security code in this php for a mailer. Please could you tell me which parts of the code I need to delete to remove this.
Thanks for your help
<?php
$adminemail = 'info@blue.co.uk'; // type your actual email address in place of you@yourdomain.com
$usesecimage = ''; // the path to a WSN Links, Gallery, KB or Forum install if you wish to borrow it开发者_Python百科s security image prompt
$autoresponse = ''; // type the URL of a text file which should be used as the autoresponder body text
$controlvars = ' thankspage submitteremail ccsubmitter messagetosubmitter ';
$messagetoadmin = "A user has filled out a form with this content:
";
if (!isset($_POST['messagetosubmitter'])) $messagetosubmitter = "You have submitted a form with the content listed below. Your submission will be reviewed, please be patient in awaiting a response.
";
else $messagetosubmitter = $_POST['messagetosubmitter'];
while(list($key, $value) = each($_POST))
{
if (!stristr($controlvars, ' '. $key .' '))
{
$messagetoadmin .= $key .': '. $value .'
';
$messagetosubmitter .= $key .': '. $value .'
';
}
}
$submitter = $_POST['submitteremail'];
if ($submitter == '') $submitter = 'info@innco.uk';
if (strstr($submitter, "\n") || strlen($submitter) > 50) die("Begone, foul spammer.");
if ($usesecimage)
{
$curr_path = getcwd();
chdir($usesecimage); // Go to the WSN directory
require 'start.php';
if (isset($_REQUEST['seed'])) $seed = $_REQUEST['seed']; else $seed = false;
$correct = securityimagevalue($seed);
if (strtolower($_POST['securityimage']) != $correct) die("You did not type the value from the image correctly. Press the back button.");
chdir($curr_path); // Return to original directory
}
session_start();
if(empty($_POST['TermsOfBusiness']))
{
error_reporting(0);
echo "You must agree to our Terms of Business. Please <a href='javascript: history.go(-1)'>click here</a> to return to the form";
}
elseif(($_SESSION['security_code'] == $_POST['security_code']) && (!empty($_SESSION['security_code'])) ) {
mail("$adminemail, kat@cat.com", 'Form Submitted: '. stripslashes($_POST['subject']), stripslashes($messagetoadmin), 'From: '. $submitter);
unset($_SESSION['security_code']);
} else {
error_reporting(0);
echo "The security code you entered was incorrect, please click the back button on your browser to try again.";
}
if ($_POST['ccsubmitter'] == 'yes')
{
mail($submitteremail, 'Form Submitted: '. stripslashes($_POST['subject']), stripslashes($messagetosubmitter), 'From: '. $adminemail);
}
if ($autoresponse != '')
{
$body = geturl($autoresponse);
mail($submitteremail, 'Re: '. stripslashes($_POST['subject']), stripslashes($body), 'From: '. $adminemail);
}
header('Location: '. $_POST['thankspage']);
// just in case redirect doesn't work
die('<meta http-eqiv="refresh" content="0;url='. $_POST['thankspage'] .'">');
if (!function_exists('geturl'))
{
function geturl($url)
{
if (extension_loaded('curl'))
{
$user_agent = 'Mozilla/4.0 (compatible; MSIE 6.02; PHP)';
$ch = curl_init();
curl_setopt ($ch, CURLOPT_URL, $url);
curl_setopt ($ch, CURLOPT_USERAGENT, $user_agent);
curl_setopt ($ch, CURLOPT_HEADER, false);
curl_setopt ($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt ($ch, CURLOPT_CONNECTTIMEOUT, 15); // timeout after 5 seconds
curl_setopt ($ch, CURLOPT_TIMEOUT, 15); // timeout after 5 seconds
curl_setopt ($ch, CURLOPT_FOLLOWLOCATION, true);
$result = curl_exec ($ch);
curl_close ($ch);
// curl_error($ch); // for debugging
return $result;
}
if (version_compare("4.3.0", phpversion(), "<"))
{
$filecontents = @file_get_contents($url);
}
else
{
$fd = @fopen($url, 'rb');
$filecontents = "";
do
{
$data = @fread($fd, 8192);
if (strlen($data) == 0)
{
break;
}
$filecontents .= $data;
} while(true);
@fclose ($fd);
}
return $filecontents;
}
}
?>
The binary-search method can be used here, which starts like this:
- Delete the bottom half of the file; check: Did that contain the "security code"?
- No: Delete the top half of the file; check: Did that contain the "security code"?
- No: Retest-assumption: Are you sure the security code is in this file?
Once you've found which half the "security code" is in:
- Delete the bottom half of that half of the file; check: Did that contain the "security code"?
- No: Delete the top half of that half of the file; check: Did that contain the "security code"?
- No: Retest-assumption: Are you sure the security code is in this half of this file?
Repeat until you have found the line (or lines) that you are interested in.
remove this :)
EDIT: the elseif.. wasn't showing as code, corrected.
elseif(($_SESSION['security_code'] == $_POST['security_code']) && (!empty($_SESSION['security_code'])) ) {
mail("$adminemail, kat@cat.com", 'Form Submitted: '. stripslashes($_POST['subject']), stripslashes($messagetoadmin), 'From: '. $submitter);
unset($_SESSION['security_code']);
} else {
error_reporting(0);
echo "The security code you entered was incorrect, please click the back button on your browser to try again.";
}
and this (by Cameron Conner)
if ($usesecimage)
{
$curr_path = getcwd();
chdir($usesecimage); // Go to the WSN directory
require 'start.php';
if (isset($_REQUEST['seed'])) $seed = $_REQUEST['seed']; else $seed = false;
$correct = securityimagevalue($seed);
if (strtolower($_POST['securityimage']) != $correct) die("You did not type the value from the image correctly. Press the back button.");
chdir($curr_path); // Return to original directory
}
so, your file should stay like this:
<?php
$adminemail = 'info@blueriverwm.co.uk'; // type your actual email address in place of you@yourdomain.com
$usesecimage = ''; // the path to a WSN Links, Gallery, KB or Forum install if you wish to borrow its security image prompt
$autoresponse = ''; // type the URL of a text file which should be used as the autoresponder body text
$controlvars = ' thankspage submitteremail ccsubmitter messagetosubmitter ';
$messagetoadmin = "A user has filled out a form with this content:
";
if (!isset($_POST['messagetosubmitter'])) $messagetosubmitter = "You have submitted a form with the content listed below. Your submission will be reviewed, please be patient in awaiting a response.
";
else $messagetosubmitter = $_POST['messagetosubmitter'];
while(list($key, $value) = each($_POST))
{
if (!stristr($controlvars, ' '. $key .' '))
{
$messagetoadmin .= $key .': '. $value .'
';
$messagetosubmitter .= $key .': '. $value .'
';
}
}
$submitter = $_POST['submitteremail'];
if ($submitter == '') $submitter = 'info@innco.uk';
if (strstr($submitter, "\n") || strlen($submitter) > 50) die("Begone, foul spammer.");
session_start();
if(empty($_POST['TermsOfBusiness']))
{
error_reporting(0);
echo "You must agree to our Terms of Business. Please <a href='javascript: history.go(-1)'>click here</a> to return to the form";
}
if ($_POST['ccsubmitter'] == 'yes')
{
mail($submitteremail, 'Form Submitted: '. stripslashes($_POST['subject']), stripslashes($messagetosubmitter), 'From: '. $adminemail);
}
if ($autoresponse != '')
{
$body = geturl($autoresponse);
mail($submitteremail, 'Re: '. stripslashes($_POST['subject']), stripslashes($body), 'From: '. $adminemail);
}
header('Location: '. $_POST['thankspage']);
// just in case redirect doesn't work
die('<meta http-eqiv="refresh" content="0;url='. $_POST['thankspage'] .'">');
if (!function_exists('geturl'))
{
function geturl($url)
{
if (extension_loaded('curl'))
{
$user_agent = 'Mozilla/4.0 (compatible; MSIE 6.02; PHP)';
$ch = curl_init();
curl_setopt ($ch, CURLOPT_URL, $url);
curl_setopt ($ch, CURLOPT_USERAGENT, $user_agent);
curl_setopt ($ch, CURLOPT_HEADER, false);
curl_setopt ($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt ($ch, CURLOPT_CONNECTTIMEOUT, 15); // timeout after 5 seconds
curl_setopt ($ch, CURLOPT_TIMEOUT, 15); // timeout after 5 seconds
curl_setopt ($ch, CURLOPT_FOLLOWLOCATION, true);
$result = curl_exec ($ch);
curl_close ($ch);
// curl_error($ch); // for debugging
return $result;
}
if (version_compare("4.3.0", phpversion(), "<"))
{
$filecontents = @file_get_contents($url);
}
else
{
$fd = @fopen($url, 'rb');
$filecontents = "";
do
{
$data = @fread($fd, 8192);
if (strlen($data) == 0)
{
break;
}
$filecontents .= $data;
} while(true);
@fclose ($fd);
}
return $filecontents;
}
}
?>
Expanding on CuSS's answer.. This is unnecessary as well.
if ($usesecimage)
{
$curr_path = getcwd();
chdir($usesecimage); // Go to the WSN directory
require 'start.php';
if (isset($_REQUEST['seed'])) $seed = $_REQUEST['seed']; else $seed = false;
$correct = securityimagevalue($seed);
if (strtolower($_POST['securityimage']) != $correct) die("You did not type the value from the image correctly. Press the back button.");
chdir($curr_path); // Return to original directory
}
精彩评论