 | View Full Version : PHP Challenge #7 DoobyWho 08-15-2002, 01:44 AM TO-DO ASSIGNMENT: Go back to your "send a url to a friend" mail script from PHP challenge # 6 and add security so that only direct links from your domain and webhostingtalk (so that we can check it out from the forum without the error popping up) can access the form and provide an error routine for those that try to come in from bookmark or type-in or illegal domain. michaeln 08-15-2002, 08:55 AM Again, this is very crude but it works.... I sure hope no one is actually using this for anything important... ;) <? if($view_source) { show_source('challenge7.php'); exit; } $text = <<<END <html> <head> <title>PHP Challenge 7</title> </head> <body> END; $referer = split('//', $HTTP_REFERER); $my_referer = $referer[1]; $referer = split('/', $referer[1]); if((!stristr($referer[0], 'webhostingtalk.com') && !stristr($referer[0], 'hostevolve.com')) || stristr($my_referer, 'suexec')) { $text .= <<<END Only people from WebHostingTalk.com and HostEvolve.com can view this page....<br> You came from $referer[0] END; $no_view = 1; } $check_ereg = "^([0-9,a-z,A-Z]+)([.,_]([0-9,a-z,A-Z]+))*[@]([0-9,a-z,A-Z]+)"; $check_ereg .= "([.,_,-]([0-9,a-z,A-Z]+))*[.]([0-9,a-z,A-Z]){2}([0-9,a-z,A-Z])?$"; if(!$form && !$no_view) { $text .= <<<END <form method="post" action="${PHP_SELF}"> <input type="hidden" name="form" value="1"> <p>What is your email address: <input name="email" type="text" id="email" size="40"> <br> <br> Enter three URLS Below:<br> <input name="url[0]" type="text" id="url[0]" size="40"> <br> <input name="url[1]" type="text" id="url[1]" size="40"> <br> <input name="url[2]" type="text" id="url[2]" size="40"> <br> <br> Enter three emails addresses to send the above URLS to:<br> <input name="sendto[0]" type="text" id="sendto[0]" size="40"> <br> <input name="sendto[1]" type="text" id="sendto[1]" size="40"> <br> <input name="sendto[2]" type="text" id="sendto[2]" size="40"> </p> <p> <input type="submit" name="Submit" value="Submit"> </p> </form> END; } elseif(!$no_view) { if(!ereg($check_ereg, $email)) { $text .= "Your email address is invalid"; $error =1; } else $text .= "Your message/s have been sent to:<br>\n"; $x = 0; while($sendto[$x] && !$error) { $y = 0; $mesg = "Please visit the following URLS:\r\n"; while($url[$y]) { $mesg .= "$url[$y]\r\n"; $y++; } if(!ereg($check_ereg, $sendto[$x])) { $text .= "The email address $sendto[$x] is invalid<br>\r\n"; } else { $text .= "$sendto[$x]<br>\n"; $mesg .= "\r\nThanks,\r\n$email"; mail($sendto[$x], "Here are some URLS", $mesg, "From: $email <$email>"); } $x++; } } $text .= "</body></html>"; echo $text; ?> http://www.hostevolve.com/tmp/challenge7.php |