Welcome to the Treehouse Community

Want to collaborate on code errors? Have bugs you need feedback on? Looking for an extra set of eyes on your latest project? Get support with fellow developers, designers, and programmers of all backgrounds and skill levels here with the Treehouse Community! While you're at it, check out some resources Treehouse students have shared here.

Looking to learn something new?

Treehouse offers a seven day free trial for new students. Get access to thousands of hours of content and join thousands of Treehouse students and alumni in the community today.

Start your free trial

PHP

Posted by I7x Coder
I7x Coder
Courses Plus Student 2,202 Points

I want to protect This code 

<?php
// ----------------------------------------- 
//  The Web Help .com
// ----------------------------------------- 
// remember to replace you@email.com with your own email address lower in this code.

// load the variables form address bar
$subject = $_REQUEST["subject"];
$message = $_REQUEST["message"];
$from = $_REQUEST["from"];
$verif_box = $_REQUEST["verif_box"];

// remove the backslashes that normally appears when entering " or '
$message = stripslashes($message); 
$subject = stripslashes($subject); 
$from = stripslashes($from); 

// check to see if verificaton code was correct
if(md5($verif_box).'a4xn' == $_COOKIE['tntcon']){
    // if verification code was correct send the message and show this page
    mail("you@email.com", 'Online Form: '.$subject, $_SERVER['REMOTE_ADDR']."\n\n".$message, "From: $from");
    // delete the cookie so it cannot sent again by refreshing this page
    setcookie('tntcon','');
} else {
    // if verification code was incorrect then return to contact page and show error
    header("Location:".$_SERVER['HTTP_REFERER']."?subject=$subject&from=$from&message=$message&wrong_code=true");
    exit;
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>E-Mail Sent</title>
<style type="text/css">
<!--
body,td,th {
    font-family: Arial, Helvetica, sans-serif;
    font-size: 12px;
}
-->
</style></head>

<body>
Email sent. Thank you.<br />
<br />
Return to <a href="/">home page</a> ? 
</body>
</html>

3 Answers

thomascawthorn
thomascawthorn
22,986 Points

james neal, I can list off lot's of different ways that will make your code more secure, however you'll probably benefit most by learning about them first hand!

Why not check out this course, which also includes information on sending and securing emails. This should be enough to get you started.

The course is also a little more up to date with regards to the code you've provided in the question, so well worth checking out anyway!

Hope this helps

I7x Coder
I7x Coder
Courses Plus Student 2,202 Points

thank you

I7x Coder
PLUS
I7x Coder
Courses Plus Student 2,202 Points
I7x Coder
I7x Coder
Courses Plus Student 2,202 Points

Hello Tom

iwant more secure this Code

PLz

thomascawthorn
thomascawthorn
22,986 Points
thomascawthorn
thomascawthorn
22,986 Points

Hi James, which particular bits are you looking to make more secure?

I7x Coder
I7x Coder
Courses Plus Student 2,202 Points

iwant more secure this Code

Justin Black
Justin Black
24,793 Points
Justin Black
Justin Black
24,793 Points

In all honesty the best way to protect that code ( more so, to protect the world from that code ) is to delete it. I haven't seen markup or code like that since the dinosaurs were around.