Web Design Discussion

Many form mail scripts are insecure these days due to the number of spambots, viruses etc that seem to render the scripts useless. Up until now I was using Jack’s PHP Form Mail Script for most web sites.

Since it has not been updated for a while it developed some nasty security flaws i.e. site owners were getting spammed
through their forms.

Based upon my google search recently I came across a Secure PHP Form Mail Script. The developer appears to keep it updated.

Here are some features of this Form Mailer Script:

• A system to easily edit the form structure through the options without writing any code!
• Easily rearrange form fields through settings
• Valid HTML (if you move the CSS to the proper place)
• Can choose one recipient, multiple recipients, or use a drop-down box to select
• email and url validation
• Image verification can be disabled if desired
• Verification option for each field
• Uses superglobals for secure form handling
• Strips slashes from input if magic quotes are on
• Extensive error checking
• Checks for input length (in case form restrictions are bypassed)
• Check for email header injections using the new line/return method
• Image Verification (code must be typed in)
• “Faked session” protection
• An extra check for characters in injected headers
• Can wraps email lines to 70 characters (to meet RFC specs)
• Generates proper email headers
• CSS-based form generation
• Error message system
• Can show indication of required fields
• Can specify CSS class for each input independently

Here is a Secure Form Mailer Plugin For Wordpress

This entry was posted on Monday, April 24th, 2006 at 5:34 pm and is filed under Web Design . You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.