|
Add the url that the script will be called from without the www! Example: if the url of your site is www.abc.com you would add abc.com as seen in red below. And for extra security, hard code the e-mail address of the form recipient as seen in red. Add this: ^ in front of the e-mail address plus two back slashes \ as seen in red for maximum security, making it impossible for anyone using your script costing you bandwidth. This e-mail address must match the one that you will set up in hidden fields later in this tutorial. Step 7
#!/usr/bin/perl
##############################################################################
# FormMail Version 1.9
# Copyright 1995-2001 Matt Wright mattw@worldwidemart.com
# Created 06/09/95 Last Modified 08/03/00
# Matt's Script Archive, Inc.: http://www.worldwidemart.com/scripts/
##############################################################################
# COPYRIGHT NOTICE
# Copyright 1995-2001 Matthew M. Wright All Rights Reserved.
#
# FormMail may be used and modified free of charge by anyone so long as this
# copyright notice and the comments above remain intact. By using this
# code you agree to indemnify Matthew M. Wright from any liability that
# might arise from its use.
#
# Selling the code for this program without prior written consent is
# expressly forbidden. In other words, please ask first before you try and
# make money off of my program.
#
# Obtain permission before redistributing this software over the Internet or
# in any other medium.In all cases copyright and header must remain intact
##############################################################################
# ACCESS CONTROL FIX: Peter D. Thompson Yezek
# http://www.securityfocus.com/archive/1/62033
##############################################################################
# Define Variables
# Detailed Information Found In README File.
# $mailprog defines the location of your sendmail program on your unix
# system.
$mailprog = '/usr/sbin/sendmail';
# @referers allows forms to be located only on servers which are defined
# in this field. This security fix from the last version which allowed
# anyone on any server to use your FormMail script on their web site.
@referers = ('abc.com');
# @recipients defines the e-mail addresses or domain names that e-mail can
# be sent to. This must be filled in correctly to prevent SPAM and allow
# valid addresses to receive e-mail. Read the documentation to find out how
# this variable works!!! It is EXTREMELY IMPORTANT.
@recipients = ('^info\@abc\.com');
# ACCESS CONTROL FIX: Peter D. Thompson Yezek
# @valid_ENV allows the sysadmin to define what environment variables can
# be reported via the env_report directive. This was implemented to fix
# the problem reported at http://www.securityfocus.com/bid/1187
@valid_ENV = ('REMOTE_HOST','REMOTE_ADDR','REMOTE_USER','HTTP_USER_AGENT');
# Done
##############################################################################
  
Back to Index - Anton's Homepage
|
