Other Software > Developer's Corner

PHP post form for bug reports and feedback

(1/1)

Apathetic_Coding:
I am currently looking into using PHP and Get/Post functions to give my app the ability of sending user feedback or bug reports via an html form on our site. We are currently just sending these through POP3. I have never done any heavy work in PHP so I have a few concerns about the security downfalls of doing something like this.

Any opinions? Could I be going about this the wrong way?

Apathetic_Coding:
just realized I should have posted this in the Developers Corner board. Can I get this moved please?  :-[

justice:
Form Security Anti Spam Techniques:
* a salted hash (hash1) that is unique to each session, and is unique everyday is generated and added to the form
* a differently salted hash (hash2) of the above is added to the session on the server
* when submitted we generate hash 2 from hash1
* if it is not the same then session or date is different, no submit
* on sending the form the session var is deleted, so resubmitting the same form is not possible'
* emails can only have a max of 3 urls
* emails cannot contain certain spamwords
* a  anti-spamid is added to each email that is only known to angus college so email filters can be adjusted for this if necessary
* when the page is opened and submitted, the time is recorded and compared. If the page is submitted within X seconds, the form will not be emailed to combat auto form filling software where humans are quickly manually filling in forms.

That's what I built on the website I maintained at work (not in php). And you can get the spamwords list from the wordpress codex.

Navigation

[0] Message Index