PHP Email Form Sending Random Text

StackOverflow https://stackoverflow.com/questions/4566367

  •  14-10-2019
  •  | 
  •  

Question

I did a webpage for a client that involved a series of text boxes asking for specific information such as a person's name, e-mail address, company, etc. Along with a button that would e-mail the information to my client. Whenever I tested the button it seemed to work perfectly, I uploaded the page and thought I was done. But, the other day my client got this email from the site:

Name: rfhopzdgmx rfhopzdgmx
Email: envlxw@lnlnsm.com
Company: zUDXatAfoDvQrdH

Mailing Address:
AaSsXklqpHIsoCNcei
gXsimMPRBYZqq
vGLvZraZNdpOAV, ChsmuibE PoKzaSCubXPRI

Home Phone: CIJbIfjMfjIaTqAlD
Work Phone: JFLZBOvru
Cell Phone: XlFJTTFGiTTiiFQfy
Fax: UEJMOVZodWPkKxew

Comments: sPvSCE hgetwoguderu,*
[url=http://atyktjlxcznl.com/]atyktjlxcznl[/url],
[link=http://nudvfcehwpyg.com/]nudvfcehwpyg[/link], http://lvvwkbzbhnzp.com/

Note: The * line contained HTML link code, I just don't know how to get this site to show it.

Here is the PHP code in the site for the e-mail button.

<?php
//This Sends A Formatted Text Email Using The Text Boxes
if ($_POST['submit']){
    //This Gets The Form Data
    $fname = $_POST['fName'];
    $lname = $_POST['lName'];
    $email = $_POST['email'];
    $company = $_POST['co'];
    $address1 = $_POST['address1'];
    $address2 = $_POST['address2'];
    $city = $_POST['city'];
    $state = $_POST['state'];
    $zip = $_POST['zip'];
    $homep = $_POST['homeP'];
    $workp = $_POST['workP'];
    $cellp = $_POST['cellP'];
    $fax = $_POST['fax'];
    $comments = $_POST['txaOutputField'];

    //echo "<script language = 'javascript'>alert('YAY');</script>";

    if ($fname && $lname && $email && $comments){ //Check If Required Fields Are Filled
        //This Sets The SMTP Configuration In php.ini
        ini_set("SMTP", "smtp.2ndsourcewire.com");

        //This Replaces Any Blank Fields With 'None's
        if ($company == ""){
            $company = "None";
        }
        if ($address1 == ""){
            $address1 = "None";
        }
        if ($city == ""){
            $city = "None";
        }
        if ($state == ""){
            $state = "None";
        }
        if ($zip == ""){
            $zip = "None";
        }
        if ($homep == ""){
            $homep = "None";
        }
        if ($workp == ""){
            $workp = "None";
        }
        if ($cellp == ""){
            $cellp = "None";
        }
        if ($fax == ""){
            $fax = "None";
        }

        //This Creates The Variables Necessary For The Email
        $to = "CLIENT EMAIL WHICH I'M CENSORING";
        $subject = "Email from 2ndSourceWire.com";
        $from = "From: noreply@2ndsourcewire.com";
        $secondEmail = "MY EMAIL WHICH I'M ALSO CENSORING";

        if ($address2 == ""){
            $body = "Name: $fname $lname\n".
                    "Email: $email\n".
                    "Company: $company\n\n".
                    "Mailing Address:\n".
                    "$address1\n".
                    "$city, $state $zip\n\n".
                    "Home Phone: $homep\n".
                    "Work Phone: $workp\n".
                    "Cell Phone: $cellp\n".
                    "Fax: $fax\n\n".
                    "Comments:\n".
                    "$comments";
        }
        else {
            $body = "Name: $fname $lname\n".
                    "Email: $email\n".
                    "Company: $company\n\n".
                    "Mailing Address:\n".
                    "$address1\n".
                    "$address2\n".
                    "$city, $state $zip\n\n".
                    "Home Phone: $homep\n".
                    "Work Phone: $workp\n".
                    "Cell Phone: $cellp\n".
                    "Fax: $fax\n\n".
                    "Comments:\n".
                    "$comments";
        }

        //This Sends The Email
        mail($to, $subject, $body, $from);
        mail($secondEmail, $subject, $body, $from);

        echo "<script language = 'javascript'>alert('The email was sent successfully.');</script>";
    }
    else {
        //The Required Fields Are Not Filled
        echo "<script language = 'javascript'>alert('Please fill your first name, last name, email address, and your comment or question.');</script>";
    }
}

?>

I'm a little dumbfounded on how this happened, the client mentioned a couple e-mails of this, so I don't think it is a random glitch. Also, the e-mail address was formatted like an e-mail address, so someone or some program was interpreting the labels next to each text box. I also noticed that the first and last names entered are the same word, even though they were in different text boxes, I'm thinking its some spam program, but wouldn't they try to advertise something and make money, rather than just spouting out random text? Also, the comments section makes no sense to me at all, the links goto nowhere and they're all perfectly formatted, a random person just screwing around wouldn't know those tags, and a programmer doing it wouldn't bother with it, but also neither would a program.

I have no idea what caused this or how to fix it, I'm drawing a blank here. Anyone have any ideas?

Was it helpful?

Solution

A spammer/bot entered duff data into your page and you dutifully sent it on in your application.

Why do you think this is a mystery?

OTHER TIPS

add a CAPTCHA to stop it happening. If you dont what to write your own you can use reCAPTCHA

even a simple question like "are you a human Y/n?" or "2+2?" will stop the bot, also using some js to set an hidden value on submit and check for that on the server. some validation on $email and $phone would be nice to have.

Instead of making people try to read CAPTCHAs, I like to have four text boxes in a row and ask the user to check two random ones (e.g. "Please check the first and third boxes") and make sure those are the only two checked in the validation.

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top