cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Exit
search
  • Global community
    • Language:
      • Deutsch
      • English
      • Español
      • Français
      • Português
  • 日本語コミュニティ
  • 한국 커뮤니티
0
Upvote

PHP Contact form Scam???

Guest
May 11, 2009 May 11, 2009

I work mostly with XHTML, CSS & Some ASP... not .Net.

I found a PHP Contact form on HotScripts.com
http://www.web1marketing.com/resources/tools/form-mailer.php.txt
http://www.web1marketing.com/resources/tools/php-form-mailer.htm

As you can see this set off a Red Flag Scam for me:
$mailPassword = "password"; // The mail password associated with $mailTo


$params["password"] = $mailPassword;

Is it a Scam or Not???
It just looks Phishy to me...

-Thanks  8)

TOPICS
Server side applications
905
Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines

correct answers 1 Correct answer

David_Powers
LEGEND , May 12, 2009 May 12, 2009

By the way, I notice that the script is using $HTTP_POST_VARS, which is obsolete. So, I would be wary of the script for other reasons, but not because of the use of the SMTP password.

Translate
replies 4 Replies 4
latest latest Jump to latest reply
Guest
May 11, 2009 May 11, 2009

I have never seen a contact form that needs a password to your e-Mail account!

Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
David_Powers
LEGEND ,
May 12, 2009 May 12, 2009

Is it a Scam or Not???

I haven't studied the script in minute detail, but it's not a scam. As the HTML page explains:

This particular contact form uses SMTP instead of sendmail to avoid common issues that are commonly found in the latter.

The PHP mail() function hands email messages directly to a mail transport agent (MTA), such as sendmail, residing on the same server. Consequently, no authentication is required. However, mail() is not capable of handling HTML email or attachments. To do so, you need to use a third-party script, such as PEAR Mail and Mail_Mime, PHPMailer, or Zend_Mail.

What this script does is incorporate the PEAR Mail class to bypass the local MTA and send your mail through your own ISP's SMTP server. Don't know why they think this is better, because PEAR Mail on its own doesn't handle HTML or attachments. But there's certainly no problem with using the password. As long as the password is stored in a PHP variable, and not exposed through echo, it's perfectly legit.

Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
David_Powers
LEGEND ,
May 12, 2009 May 12, 2009
In Response To David_Powers

By the way, I notice that the script is using $HTTP_POST_VARS, which is obsolete. So, I would be wary of the script for other reasons, but not because of the use of the SMTP password.

Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Guest
May 12, 2009 May 12, 2009
LATEST
In Response To David_Powers

Thanks for the Tip!!!

I have a PHP book if I ever get around to reading it...

Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Copyright © 2025 Adobe. All rights reserved.
Using the Community Experience League Terms of Use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices