Oh no! Where's the JavaScript?
Your Web browser does not have JavaScript enabled or does not support JavaScript. Please enable JavaScript on your Web browser to properly view this Web site, or upgrade to a Web browser that does support JavaScript.
Sign In
Not a member yet? Click here to register.

Problems With contact.php file

I received an email from my webhost telling that they have it on good authority that the contact.php file in my php-fusion site is sending out spam emails and have asked me to change my FTP and web account password. I am running version 8.00.21 and have no idea what could be triggering the spam email. I have not changed the contact.php file that came with the download. At the moment, I have made the site unaccessible until I can figure out what is going on. I would also like to know how to reset admin password in this version.

Any assistance/suggestions would be much appreciated.
The administrator password can be changed in your profile. To protect the administrative part, in my opinion, it is better to add the .htaccess file to the folder "administration".

CodeDownload  
<Files *>
Order Deny,Allow
deny from all
allow from 111.111.111.111
</Files>



Instead of the numbers 111.111.111.111, add your ip address through which you go to the admin part.

But in order to prevent spam from coming to your mail, try this:

contact.php
CodeDownload  
echo "<input type='submit' name='sendmessage' value='".$locale['406']."' class='button' /></td>\n";


Replace:
CodeDownload  
echo "<input type='submit' name='sendmessage' value='".$locale['406']."' class='button' onclick=\"document.getElementById('check').value = 'stopSpam';\" /></td>\n";



includes/sendmail_include.php
CodeDownload  
$mail->addReplyTo($fromemail, $fromname);


Add after line:
CodeDownload  
if ($_POST['check'] != 'stopSpam') exit('Spam decected');

I was told that the contact.php form is being used to send spam emails...I'm not receiving spam.
Attach the contents of your contact.php file here
Here is the content for the contact.php file

CodeDownload  
<?php
/*-------------------------------------------------------+
| PHP-Fusion Content Management System
| Copyright (C) PHP-Fusion Inc
| https://www.php-fusion.co.uk/
+--------------------------------------------------------+
| Filename: contact.php
| Author: PHP-Fusion Development Team
+--------------------------------------------------------+
| This program is released as free software under the
| Affero GPL license. You can redistribute it and/or
| modify it under the terms of this license which you
| can read by viewing the included agpl.txt or online
| at www.gnu.org/licenses/agpl.html. Removal of this
| copyright header is strictly prohibited without
| written permission from the original author(s).
+--------------------------------------------------------*/
require_once __DIR__."/maincore.php";
require_once THEMES."templates/header.php";
include LOCALE.LOCALESET."contact.php";

add_to_title($locale['global_200'].$locale['400']);

if (isset($_POST['sendmessage'])) {
 $error = "";
 $mailname = isset($_POST['mailname']) ? substr(stripinput(trim($_POST['mailname'])), 0, 50) : "";
 $email = isset($_POST['email']) ? substr(stripinput(trim($_POST['email'])), 0, 100) : "";
 $subject = isset($_POST['subject']) ? substr(str_replace(["\r", "\n", "@"], "", descript(stripslash(trim($_POST['subject'])))), 0, 50) : "";
 $message = isset($_POST['message']) ? descript(stripslash(trim($_POST['message']))) : "";
 if ($mailname == "") {
 $error .= " <span class='alt'>".$locale['420']."</span><br />\n";
 }
 if ($email == "" || !preg_match("/^[-0-9A-Z_\.]{1,50}@([-0-9A-Z_\.]+\.){1,50}([0-9A-Z]){2,4}$/i", $email)) {
 $error .= " <span class='alt'>".$locale['421']."</span><br />\n";
 }
 if ($subject == "") {
 $error .= " <span class='alt'>".$locale['422']."</span><br />\n";
 }
 if ($message == "") {
 $error .= " <span class='alt'>".$locale['423']."</span><br />\n";
 }

 if (!iADMIN) {
 $_CAPTCHA_IS_VALID = FALSE;
 include INCLUDES."captchas/".$settings['captcha']."/captcha_check.php";
 if ($_CAPTCHA_IS_VALID == FALSE) {
 $error .= " <span class='alt'>".$locale['424']."</span><br />\n";
 }
 }

 if (!$error) {
 require_once INCLUDES."sendmail_include.php";
 $template_result = dbquery("
 SELECT template_key, template_active, template_sender_name, template_sender_email
 FROM ".DB_EMAIL_TEMPLATES."
 WHERE template_key='CONTACT'
 LIMIT 1");
 if (dbrows($template_result)) {
 $template_data = dbarray($template_result);
 if ($template_data['template_active'] == "1") {
 if (!sendemail_template("CONTACT", $subject, $message, "", $template_data['template_sender_name'], "", $template_data['template_sender_email'], $mailname, $email)) {
 $error .= " <span class='alt'>".$locale['425']."</span><br />\n";
 }
 } else {
 if (!sendemail($settings['siteusername'], $settings['siteemail'], $mailname, $email, $subject, $message)) {
 $error .= " <span class='alt'>".$locale['425']."</span><br />\n";
 }
 }
 } else {
 if (!sendemail($settings['siteusername'], $settings['siteemail'], $mailname, $email, $subject, $message)) {
 $error .= " <span class='alt'>".$locale['425']."</span><br />\n";
 }
 }
 }
 if ($error) {
 opentable($locale['400']);
 echo "<div style='text-align:center'><br />\n".$locale['442']."<br /><br />\n".$error."<br />\n".$locale['443']."</div><br />\n";
 closetable();
 } else {
 opentable($locale['400']);
 echo "<div style='text-align:center'><br />\n".$locale['440']."<br /><br />\n".$locale['441']."</div><br />\n";
 closetable();
 }
} else {
 opentable($locale['400']);
 echo $locale['401']."<br /><br />\n";
 echo "<form name='userform' method='post' action='".BASEDIR."contact.php'>\n";
 echo "<table cellpadding='0' cellspacing='0' class='center'>\n<tr>\n";
 echo "<td width='100' class='tbl'>".$locale['402']."</td>\n";
 echo "<td class='tbl'><input type='text' name='mailname' maxlength='50' class='textbox' style='width: 200px;' /></td>\n";
 echo "</tr>\n<tr>\n";
 echo "<td width='100' class='tbl'>".$locale['403']."</td>\n";
 echo "<td class='tbl'><input type='text' name='email' maxlength='100' class='textbox' style='width: 200px;' /></td>\n";
 echo "</tr>\n<tr>\n";
 echo "<td width='100' class='tbl'>".$locale['404']."</td>\n";
 echo "<td class='tbl'><input type='text' name='subject' maxlength='50' class='textbox' style='width: 200px;' /></td>\n";
 echo "</tr>\n<tr>\n";
 echo "<td width='100' class='tbl'>".$locale['405']."</td>\n";
 echo "<td class='tbl'><textarea name='message' rows='10' class='textbox' cols='50'></textarea></td>\n";
 echo "</tr>";

 if (!iADMIN) {
 echo "<tr>\n";
 echo "<td width='100' class='tbl'>".$locale['407']."</td>\n";
 echo "<td class='tbl'>";
 include INCLUDES."captchas/".$settings['captcha']."/captcha_display.php";
 if (!isset($_CAPTCHA_HIDE_INPUT) || (isset($_CAPTCHA_HIDE_INPUT) && !$_CAPTCHA_HIDE_INPUT)) {
 echo "</td>\n</tr>\n<tr>";
 echo "<td class='tbl'><label for='captcha_code'>".$locale['408']."</label></td>\n";
 echo "<td class='tbl'>";
 echo "<input type='text' id='captcha_code' name='captcha_code' class='textbox' autocomplete='off' style='width:100px' />";
 }
 echo "</td>\n</tr>";
 }

 echo "<tr>\n";
 echo "<td align='center' colspan='2' class='tbl'>\n";
 echo "<input type='submit' name='sendmessage' value='".$locale['406']."' class='button' /></td>\n";
 echo "</tr>\n</table>\n</form>\n";
 closetable();
}

require_once THEMES."templates/footer.php";

I do not see viruses. Everything is in order with the contents. Try changing the password for FTP and, as I have already advised, protect access to the administrator part using the .htaccess file
Thread Information
Author
Posted In
Replies
6 posts
Views
106 times
Last Post
Last updated on 5 days ago
You can view all discussion threads in this forum.
You can start a new discussion thread in this forum.
You cannot reply in this discussion thread.
You cannot start on a poll in this forum.
You cannot upload attachments in this forum.
You can download attachments in this forum.
Users who participated in discussion: afoster, Oleg