Re: [PHP] security with email data entries

Wed, 15 Aug 2001 08:05:29 -0700 

well you add to your .forward file or .qmail-default file if you use qmail
to exec it(sends the email)

then you do something like this..

<?php
$fp = fopen("php://stdin", "r");
while(!feof($fp))
{
$buffer = fgets($fp);
if(eregi("From:", $buffer))
$from = chop($buffer);
if(eregi("To:", $buffer))
$to = chop($buffer);
if(eregi("Subject:", $buffer))
$subject = chop($buffer);
if(eregi("Reply-to", $buffer))
$replyto = chop($buffer);
if(empty(chop($buffer)))
$getmessage = 1;
if($getmessage == 1)
$message .= $buffer;
}
fclose($fp);

//write $from to d/b
//write $message to d/b if needed
?>
----- Original Message -----
From: "Chris Hayes" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, August 16, 2001 1:20 AM
Subject: [PHP] security with email data entries


> Hi group!
> i have this script to read data in POP emails and put them in a database.
>
> I would like to know if anybody knows how people would try to get around
the
> tests I've build in.
>
> - normal registration by web form (password scrambled), with confirmation
> through email response
> - the first header starting with 'From:' in the mail is scanned for a the
> email addtess and then i check whether the email address is in the
database
> - the mail contains the non-scrambled username and password, which are
also
> checked
> - there must be a magic word in the email subject (to prevent SPAM mail
> confusing my script)
>
> Oh and I intend only to disclose the email address to people i know.
>
> thanks,
> Chris
>
>
>
>
>
>
>
> --------------------------------------------------------------------
> --  C.Hayes  Droevendaal 35  6708 PB Wageningen  the Netherlands  --
> --------------------------------------------------------------------
>
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> To contact the list administrators, e-mail: [EMAIL PROTECTED]
>


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Reply via email to