PHP guru wanted!

[nikos]

after my online contact form (via formmail.pl) has been spammed to death, i had enough and wrote my own small PHP script to send emails. I am still not certain that it cannot be used by spammers

can some PHP expert have a look and advise?

Code: Select all

<?php

function valid_email($tmp)
{
	$addr = urldecode($tmp);

	if (strlen($addr) < 5) return 0;

	$pos = strpos($addr, '@');
	if ($pos === FALSE || $pos < 1) return 0;

	$pos = strpos($addr, '.');
	if ($pos === FALSE || $pos < 1) return 0;

	if(strpos ($addr,"\r")!==false) return 0;
	if(strpos ($addr,"\n")!==false) return 0;

	return 1;
}

// required fields: email
$name = $_POST['name'] ;
$email = $_POST['email'] ;

$content = "Below is the result of your feedback form. It was submitted by\r\n";
$content .= sprintf("%s (%s) on %s\r\n-----------------------------\r\n\r\n", $name, $email, date('l dS \of F Y h:i:s A'));

$content .= sprintf("Name: %s\r\n\r\n", $name);

$content .= "-----------------------------\r\n\r\n";

// these are hidden fields in the form
$ERROR_URL = $_POST['missing_fields_redirect'];
$SENT_URL = $_POST['redirect'];

$recipient = "info@";
$recipient .= "zabkat.com";

$ok = 0;
if (valid_email($email))
{
	$tmp = urldecode($content . $email . $name);

	$catch = explode( "http:", $tmp);
	if( count( $catch) <= 1) $ok = 1; // at most one URL allowed
}

if( $ok )
{
	mail( $recipient, "xplorer2 mailing list", $content, "FROM: $email");
	header( "Location: $SENT_URL");
}
else
	header( "Location: $ERROR_URL");
?>

supposedly it blocks URLs and should not allow recipients other than my personal email

what i've noticed is that it will allow trash email addresses like "1@2.3" but then no email is actually sent  :?:

thanks for any tips