ricosend

Warning: Abandoned
This page/script has been classified as abandoned and will no longer be updated. I will keep this page here indefinitely as a reference, but it will no longer be updated and I no longer offer support of any kind regarding content found on this page.

Description

  • ricosend is a formmail-type PHP script to email the results of a form on a website
  • Created because I needed a script that was fairly simple and was more secure than most existing scripts.

Example

  • See bottom of this page.

Download

Terms of Use

  • Version 1.2.1 and onward is released under GNU General Public License. Basically this means you are free to use the script, modify it, and even redistribute versions of your own under the same license.

What's new

  • 1.2.3 [December 16, 2007] - Cleaned up the code, made more "checking" options available
  • 1.2.2 [November 11, 2006] - Added additions to filter out multiline header fields (used to try to send spam via your form)
  • 1.2.1 [October 11, 2006] - Change it so had an option to discard email if they tried using [url]Free Spam[/url] spam
  • 1.2.0 [March 21, 2006]- Change it so had an option to discard email if they tried to use BCC for spamming
  • 1.1.1 - Changed it so IP is "real" ip even if using a semi-secure proxy

Instructions

ricosend.php settings

  • Open ricosend.php and scroll down to line 33 and set the $config['recipient'] to the address you want your form mailed to
  • The setting $config['CheckReferer'] is the type of checking to perform on the server. The options are:
    • 0: do not check
    • 1: check for invalid && blank referer. if either, display error message to user and stop script (not recommended, easy to forge either and some legit people use blank referers)
    • 2: check for invalid && blank referer. if either, discard message silently, but continue like sent (not recommended, easy to forge either and some legit people use blank referers)
    • 3: check for invalid referer only. display error message to user and stop script
    • 4: check for invalid referer only. discard message silently, but continue like sent
  • The setting $config['referer'] you can set the hosts that are allowed to submit forms to be mailed. You can put multiple hosts using the format provided, or you can use Regular Expressions to make wildcard matches.
  • The setting $config['checkEmail'] is the type of checking to perform on the "email" field submitted. Syntax refers to how the email address is made up (eg: they can't submit an email from user@#!&%@hotmail.com). Host domain exists checks to make sure the domain part of the address exists (eg: checks to make sure ssjfslkfjsl.com from user@ssjfslkfjsl.com exists). Host domain checking is fairly accurate, but occationally will not on some servers.
    • 0: do not check
    • 1: check syntax && host domain exists. [display error]
    • 2: check syntax && host domain exists. [discard silently]
    • 3: check syntax only. [display error]
    • 4: check syntax only. [discard silently]
    • 5: host domain exists only. [display error]
    • 6: host domain exists only. [discard silently]
  • The setting $config['CheckSpam'] is a check I added because I get many spam messages sent to me through my own form with links like [url=http://www.domain.com/]Free Spam[/url]. If you don't get these type of messages, you probably don't need to enable this check.
    • 0: do not check
    • 1: check for potential spam. [display error]
    • 2: check for potential spam. [discard silently]
  • The setting $config['CheckHeaders'] checks the email header fields submitted (realname, email, subject) for multiple lines. The favorite trick of form spammers is to feed a fake multi-line reply, where the second line is a BCC email header and address. When the mail server goes to read the header, it sees the BBC header and address and then will send a copy of the form to that faked address as well. So i HIGHLY recommend you leave this check enabled (either with error, or silent discard) as there is no way this will effect a legitimate user, and can help prevent spam from being sent to other people through your form.
    • 0: do not check
    • 1: check for fake headers. [display error]
    • 2: check for fake headers. [discard silently]

Form fields (optional)

  • These are fields that the form supports. For instance, if you name a textbox "realname" then your email will appear to come from whatever was put in that textbox.
    • email: address who message from (required unless $config['checkEmail'] is set to 0)
    • realname: is name who it's from
    • subject: is message subject
    • redirect: is the page you go to after you submit
    • referer: is the page that submits the form. With SSI, I use: <input type="hidden" name="referer" value="<!--#echo var="HTTP_REFERER" -->"> and with PHP I can use <input type="hidden" name="referer" value="<?php echo $_SERVER['HTTP_REFERER']; ?>">; but if left blank the script will put the location of the page that sends the form
    • You can add any other field names/types you want, those are just the supported ones that have special features
Example (does not email message)
Name:
('realname' field)
Email:
('email' field. required)
Will you use ricosend:
Message:
Normally Hidden Fields

('redirect' field. try putting in URL)

('subject' field. normally hidden)

('referer' field. normally hidden)
Settings
$config['CheckReferer']=3;
$config['CheckEmail']=1;
$config['CheckSpam']=1;
$config['CheckHeaders']=1;