|
|
Dear CodeToad Community (by the way...I love the name).
Hi, I was glad to find your website and forum, as it appears that you address many of the webbuiling issues that are relevant to me right now.
I'm looking forward to long and mutually prosperous relationship with ya'll.
And...if you don't mind, me as a newbie coming here and breaking the ice, I was wondering if someone might be able to help me with a viable "form mail" solution.
I currently have several online inquiry/feedback forms using server-side .php script to process and pass on the submitted info.
Unfortunately, I have recently had someone hijack at least one of my forms that shared a .php file on the server with at least one other form. It then became immediately necessary for me to rename the html page and the .php file.
I also took the precautionary steps further by adding form field validation/requirements and encrypting
the entire form page html. However, I still feel that my .php file is yet vulnerable thus still allowing my mailer form security to be somewhat compromised.
The reason I'm yet concerned is because, upon clicking the send button and submitting the form entry, my page then opens to the .php file confirmation page. This all works very well, as long no one tries to hit the back button...it then submits another entry.
...Regarding the security vulnerabilities, once the visitor hits "Send", my .php file URL is right there in the address bar for everyone to see. So, in theory, the only thing a malicious spammer has to do is submit the form once and they have the new .php file name.
For a possible solution I was considering an "onload" event that would immediately re-direct to a "dummy" .php page with the confirmation dialog.
Does this sound like the best solution? And, if it does, I would then have to ask how I might write the code to accomplish that redirect?
Thank you in advance for any help or suggestions you
might have to offer!
Sincerely,
Creemo
|
|
|
|
|
|
|
// |
Creemo
