• How to correctly make a PHP contact form

  • I use contact forms on many websites, and over the years I have discovered many problems with using them, including hijacking, mail injection, server hacks, XSS and platform issues.

    The main cause of this is simply due to lack of validation and error checking.

    Firstly you must fully understand how forms work with PHP. When you set the form “method” to POST, it sends the data to PHP as a super global variable called “$_POST”. In the HTML each “input” has a “name”, that is used to identify the related data.

    For example, there is an input field named “message”, to retrieve this in PHP you simply use “$_POST[‘message’]”, we will be using this method to pass the data between the form and PHP for processing.

    This is a fine example of how NOT to do it, so what is wrong with this method you may ask?

    Here are some of the issues we need to overcome:

    • Data directly input into the mail() function without processing
    • Does data from input fields contain malicious code
    • Check user input is not empty
    • Validation on user inputs
    • If the email address the user entered is real
    • Whether the email successfully sent or not
    • Ensure the correct data is processed
    • Which website the form was sent from
    • The IP address of the sender
    • Display the form at appropriate times
    • Append additional fields to the end of the message

    Download here: PHP Contact Form by HM2K v1.0.1

    The comments I have made within the code explains the reason what it does, and why it is included.

    I hope this solves some of the problems people experience with contact forms.

    Additional Notes:

  • Windows Genuine Advantage Removal

  • First of all for those that don't know, Windows Genuine Advantage or WGA is a peice of software released by Microsoft to validate your copy of windows when using services such as Windows Update or Download Center.

    Due to the fact that these days you are required to keep windows up-to-date it is a good idea to satify the WGA notification.

    However, because of the concerns over whether this application is infact a form of spyware due to the data it collects and sends back to Microsoft, also due to the fact that once you have established that you have a (il)legal version of Windows there is no longer any requirement to have the software installed.

    Therefore Windows Genuine Advantage Remover software was created.

    Once you have run RemoveWGA.exe and rebooted, before long you will be asked to install new Windows Updates. At this point you can simply choose custom on Windows Update, and de-select the Windows Genuine Advantage update, Windows Update will then ask you if you do not want to install this again in the future, you simply select no. This will be the end of WGA, and your windows updates will continue to function as before.

    There are many other ways to remove the WGA however this is the most effective.

    If you still have questions the Wikipedia has more information about the Windows Genuine Advantage.

  • Fax to email

  • Fax to email is perhaps one of the most interesting, oldest and most overlooked technology.

    These days although it seems like everyone has an email address, there are businesses that rely on their fax machine asif its their only means of communication to the outside world.

    However, we can’t always be around to man a fax machine 24/7/365, so usually you’re left with a number of options:

    • Wait until you return so you can check your fax machine
    • Get someone else to check your fax machine, then send them to your current location
    • Tell people sending the fax to send to a different number depending on your location at the time
    • Tell them to scan it in and email it to you
    • Tell them not to bother at all

    As you are probably aware for businesses that are none stop 24/7, if you are unable to reach critical information it is possible to loose business.

    There is really only one solution…

    That is you must have a computer, broadband, a fax modem, a phone line, and a piece of software to tie it all together.

    The software you require must do the following functions:

    • Receive faxes
    • Send faxes via email.
    • Distinguish the difference between voice calls and faxes
    • Act as an answering machine if a voice call is received
    • Have some method of remotely accessing or sending voice messages

    So far the only software I have found that will do this task is called FaxTalk, in particular FaxTalk Messenger Pro 7. This software is GREAT! It has the following features:

    • Complete voice messaging and fax solution.
    • Access contacts from Microsoft Outlook 2000/2002/2003 and Windows Address Book.
    • Send faxes over the internet to any email address.
    • Forward received faxes and messages by email.
    • Access received faxes and voice messages in Microsoft Outlook.
    • Receive calls and send faxes when logged out of Windows 2000/XP.
    • Block the reception of unwanted junk faxes.
    • Process received voice messages and faxes using notification rules.

    And so much more, the list is endless! This is the ultimate solution.

    However I didn’t stop there…

    I also looked other fax to email solutions including fax gateways.

    Tiscali offer a fax gateway to all of their members, and since its free to signup to Tiscali, its available to anyone. Once your signed up and logged in, you simply assign yourself a new number and you can receive faxes via email/webmail via your new number as of immediate effect.

    There are many other broadband providers (such as Demon) that offer a similar service free providing you have a business broadband package with them, unlike BT, who simply are unaware of such a service.

    Another fax gateway to have a look at is, apparently its free!

  • A new month

  • First of all I'd like to say thanks to everyone who has visited my website since I began at the start of last month.

    So far I have been going pretty much full steam ahead with this, releasing all my articles and posts I could think of, at a rate of 1 per day.

    Over the next few months my other projects are pretty much going to take a front seat, which will mean I will have less time for this website.

    I am going to attempt to make a post every few days or so. You can keep track of my posts by adding the RSS feed to Firefox or your RSS reader.

    If you use any of my projects, scripts, or found any of my information useful, please provide me with feedback by leaving a comment in the relevant place or contacting me via IRC or by email.

    Thanks and Enjoy!

  • MSN via IRC

  • Quite some time ago I decided that I wanted to offer support via MSN for a business. This is all very well until you want multiple staff to cover the “live” support, obviously you cannot have more than one client connected via the MSN protocol using the same account at any one time.

    My solution to this was to use an existing platform that allowed multiple users, which was IRC. The next step was to create a “bot” that would connect to the MSN Messenger network and relay the information back and forth.

    Originally due to my skills in coding in mIRC I decided to code a very simple MSN messenger client. This proved quite a challenge after looking at the MSN Messenger Protocol Docs. I decided to check out existing MSN messenger clients for mIRC and see how they had done it.

    I tried roughly 5 from, none of them worked apart from MSNMIRC by Artweks.

    I decided to strip this down and allow relaying via remotely triggered commands, I codenamed this script “xmsn”. This worked very well for quite some time, until MSN decided to change the way their older protocols work, which meant they now required SSL to authenticate.

    It took some time to figure out, but eventually the script was fully functional again with the addition of a DLL (ssl.dll – 58kb), however it seemed that this DLL would only work on some machines, yet not others, this meant I required a new machine to run one mIRC bot.

    I ran this for some time, probably around a year, and decided that running a whole machine just for on mIRC based bot was a bit of a waste, so I decided to investigate my options.

    Eggdrop was my first port of call, using some kind of TCL script that could connect to the MSN protocol would be fantastic, yet this did not appear to exist, however I did locate an MSN messenger client called aMSN, which was based on TCL. There were some issues with this though, firstly it is not eggdrop based, fine I thought i’ll strip it down, secondly there is no console mode, its a 100% GUI application, therefore a BIG task. I simply didn’t have the time to deal with this complexity.

    After some further searching I discovered the BitlBee project, which is in itself an amazing project and an amazing idea. In principle its an IRCd that can connect to many popular instant messenger protocols such as MSN messenger.

    The idea was to somehow run an eggdrop that would connect to a BitlBee server, connect to MSN, and relay the details to another IRCd using a relay tcl script. Obviously the relay script would also need the ability to accept triggers from the other IRCd so the users can control it and send messages, etc.

    An alternative idea would be to use psyBNC with multiuser enabled, even though this method would probably be more secure, i’d prefer to use the eggdrop method.

    In the end I decided to trim down a version of linkchan.tcl, which I had used before over the years and so was already fimilar with its structure and functionatility. This offers me a fantastic platform to base this project on.

    There is the project research so far, the next step is to release bitlbee.tcl once i’m happy the script is stable.

    Update: A beta version of the “bitlbee.tcl” was posted under the eggdrop tcl section.

subscribe via RSS