topbanner_forum
  *

avatar image

Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
  • Thursday March 28, 2024, 7:45 pm
  • Proudly celebrating 15+ years online.
  • Donate now to become a lifetime supporting member of the site and get a non-expiring license key for all of our programs.
  • donate

Author Topic: PHP post form for bug reports and feedback  (Read 3927 times)

Apathetic_Coding

  • Honorary Member
  • Joined in 2010
  • **
  • Posts: 27
    • View Profile
    • Apathy Softworks
    • Donate to Member
PHP post form for bug reports and feedback
« on: June 01, 2011, 10:43 AM »
I am currently looking into using PHP and Get/Post functions to give my app the ability of sending user feedback or bug reports via an html form on our site. We are currently just sending these through POP3. I have never done any heavy work in PHP so I have a few concerns about the security downfalls of doing something like this.

Any opinions? Could I be going about this the wrong way?


Apathetic_Coding

  • Honorary Member
  • Joined in 2010
  • **
  • Posts: 27
    • View Profile
    • Apathy Softworks
    • Donate to Member
Re: PHP post form for bug reports and feedback
« Reply #1 on: June 01, 2011, 10:46 AM »
just realized I should have posted this in the Developers Corner board. Can I get this moved please?  :-[

justice

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 1,898
    • View Profile
    • Donate to Member
Re: PHP post form for bug reports and feedback
« Reply #2 on: June 03, 2011, 07:46 AM »
Form Security Anti Spam Techniques:
* a salted hash (hash1) that is unique to each session, and is unique everyday is generated and added to the form
* a differently salted hash (hash2) of the above is added to the session on the server
* when submitted we generate hash 2 from hash1
* if it is not the same then session or date is different, no submit
* on sending the form the session var is deleted, so resubmitting the same form is not possible'
* emails can only have a max of 3 urls
* emails cannot contain certain spamwords
* a  anti-spamid is added to each email that is only known to angus college so email filters can be adjusted for this if necessary
* when the page is opened and submitted, the time is recorded and compared. If the page is submitted within X seconds, the form will not be emailed to combat auto form filling software where humans are quickly manually filling in forms.

That's what I built on the website I maintained at work (not in php). And you can get the spamwords list from the wordpress codex.
« Last Edit: June 03, 2011, 08:01 AM by justice »