Welcome Guest.   Make a donation to an author on the site December 22, 2014, 11:46:23 AM  *

Please login or register.
Or did you miss your validation email?


Login with username and password (forgot your password?)
Why not become a lifetime supporting member of the site with a one-time donation of any amount? Your donation entitles you to a ton of additional benefits, including access to exclusive discounts and downloads, the ability to enter monthly free software drawings, and a single non-expiring license key for all of our programs.


You must sign up here before you can post and access some areas of the site. Registration is totally free and confidential.
 
The N.A.N.Y. Challenge 2011! Download 30+ custom programs!
   
   Forum Home   Thread Marks Chat! Downloads Search Login Register  
Pages: [1]   Go Down
  Reply  |  New Topic  |  Print  
Author Topic: PHP post form for bug reports and feedback  (Read 1283 times)
Apathetic_Coding
Honorary Member
**
Posts: 27



see users location on a map View Profile WWW Give some DonationCredits to this forum member
« on: June 01, 2011, 10:43:55 AM »

I am currently looking into using PHP and Get/Post functions to give my app the ability of sending user feedback or bug reports via an html form on our site. We are currently just sending these through POP3. I have never done any heavy work in PHP so I have a few concerns about the security downfalls of doing something like this.

Any opinions? Could I be going about this the wrong way?

Logged
Apathetic_Coding
Honorary Member
**
Posts: 27



see users location on a map View Profile WWW Give some DonationCredits to this forum member
« Reply #1 on: June 01, 2011, 10:46:09 AM »

just realized I should have posted this in the Developers Corner board. Can I get this moved please?  embarassed
Logged
justice
Supporting Member
**
Posts: 1,890



Solve issues simply.

View Profile WWW Give some DonationCredits to this forum member
« Reply #2 on: June 03, 2011, 07:46:47 AM »

Form Security Anti Spam Techniques:
* a salted hash (hash1) that is unique to each session, and is unique everyday is generated and added to the form
* a differently salted hash (hash2) of the above is added to the session on the server
* when submitted we generate hash 2 from hash1
* if it is not the same then session or date is different, no submit
* on sending the form the session var is deleted, so resubmitting the same form is not possible'
* emails can only have a max of 3 urls
* emails cannot contain certain spamwords
* a  anti-spamid is added to each email that is only known to angus college so email filters can be adjusted for this if necessary
* when the page is opened and submitted, the time is recorded and compared. If the page is submitted within X seconds, the form will not be emailed to combat auto form filling software where humans are quickly manually filling in forms.

That's what I built on the website I maintained at work (not in php). And you can get the spamwords list from the wordpress codex.
« Last Edit: June 03, 2011, 08:01:17 AM by justice » Logged

Pages: [1]   Go Up
  Reply  |  New Topic  |  Print  
 
Jump to:  
   Forum Home   Thread Marks Chat! Downloads Search Login Register  

DonationCoder.com | About Us
DonationCoder.com Forum | Powered by SMF
[ Page time: 0.047s | Server load: 0.03 ]