\$\begingroup\$
\$\endgroup\$
I want to ask if you can review the code for a simple contact form and the PHP code which sends me an email once a visitor fills the form and is validated through Recaptcha
On my index.php file here are the form and php code
HTML:
<form id="contactform" action="index.php#contact" method="post" class="form" role="form">
<div class="form-group">
<input class="form-control required" id="vname" name="vname" placeholder="Your Name" type="text" required />
</div>
<div class="form-group">
<input class="form-control required" id="vemail" name="vemail" placeholder="Your Email" type="email" required />
</div>
<div class="form-group">
<textarea class="form-control required" id="msg" name="msg" placeholder="Your Message" rows="7" required></textarea>
</div>
<div class="form-group">
<div class="g-recaptcha" data-sitekey="GOOGLE PUBLIC KEY"></div>
</div>
<div class="form-group">
<input type="submit" class="btn btn-success form-send" value="Send">
</div>
</form>
PHP:
<?php
$captcha;
if (isset($_POST['g-recaptcha-response'])) { $captcha = $_POST['g-recaptcha-response']; }
// Check for correct reCAPTCHA
$response = file_get_contents("https://www.google.com/recaptcha/api/siteverify?secret=GOOGLE SECRET KEY&response=" . $captcha . "&remoteip=" . $_SERVER['REMOTE_ADDR']);
if (!$captcha || $response.success == false) {
echo "Your CAPTCHA response was wrong";
exit ;
} else {
// Check for Blank Fields..
if ($_POST["vname"] == "" || $_POST["vemail"] == "" || $_POST["msg"] == "") {
echo "Please fill all required fields";
} else {
// Check if the "Sender's Email" input field is filled out
$email = $_POST['vemail'];
// Sanitize E-mail Address
$email = filter_var($email, FILTER_SANITIZE_EMAIL);
// Validate E-mail Address
$email = filter_var($email, FILTER_VALIDATE_EMAIL);
if (!$email) {
echo "Invalid Sender's Email";
} else {
$to = '[email protected]';
$subject = 'New Form Entry';
$message = "New message was submitted from <br /> " . "<strong>" . $_POST['vname'] . "</strong>" . "<br /><br />The message is:<br />" . "<strong>" . $_POST['msg'] . "</strong>";
$headers = "From:" . $_POST['vname'] . "<" . $email . ">";
$headers .= "MIME-Version: 1.0" . "\r\n";
$headers .= "Content-type:text/html;charset=UTF-8" . "\r\n";
// Sender's Email
// Message lines should not exceed 70 characters (PHP rule), so wrap it
$message = wordwrap($message, 70, "\r\n");
// Send Mail By PHP Mail Function
if (mail($to, $subject, $message, $headers)) {
echo "Your mail has been sent successfully!";
} else {
echo "Failed to send email, try again.";
exit ;
}
}
}
}
?>
The only function of this is to send me an email and it works as I want it, but I am not aware if this form is secure?
Is it possible that someone can exploit this code and upload a shell, or do any other sort of attack against my site.
200_success
145k22 gold badges190 silver badges478 bronze badges
1 Answer 1
\$\begingroup\$
\$\endgroup\$
Since $_POST['vname'] is not escaped, your mail script is vulnerable to a header-splitting attack like this. A cleverly crafted name could be used to make your script CC any arbitrary recipient and thus send spam.
answered Nov 25, 2015 at 15:31
lang-php