Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How to secure the use of a PHP script that triggers emails?

Tags:

security

php

I build a PHP script to send emails (based on Amazon SES).

So I can make a GET or POST Ajax call to my PHP script:

envoi.php?nom=John&[email protected]

triggers an email to be sent to [email protected].

My website has a registration form which on submit makes a jquery ajax call to the PHP script (website and PHP script are on the same server). I use the script also for other events.

Now I am concerned that this script could obviously be abused if anyone gets hold of its URL.

How can I secure the access to this script?

like image 600
Timothée HENRY Avatar asked Jul 17 '12 14:07

Timothée HENRY


Video Answer


2 Answers

You could use a captcha to protect access to this script and make abuses a little harder.

like image 181
Darin Dimitrov Avatar answered Sep 22 '22 09:09

Darin Dimitrov


Step1: When the user opens the registration form, from which he can send mail and passes captcha, set a $_SESSION parameter.

$_SESSION["mail_allowed"] = true;

Step2: The request is sent as usual to

envoi.php?nom=John&[email protected]

Step3: Finally, in the mail script, do something like the following:

if($_SESSION["mail_allowed"]){
    $_SESSION["mail_allowed"] = false;
    //send mail  
}
else{
    die('File cannot be executed directly');
}

This way, the user is allowed to send mail once he opens your page, but cannot execute the mailer script directly.

like image 41
Anirudh Ramanathan Avatar answered Sep 22 '22 09:09

Anirudh Ramanathan