DavidT Posted February 5, 2010 Share Posted February 5, 2010 Hi there! I have two different hosting services: on the first one I can regularly use the function mail(), but the second does not allow me to send mails (it will block the account for mass mailing). I need to use mail to notify things to user who requested it, so I need to be able to send mail from this second server too. I thought that I will create a mailer script on the firs server, so that the second will simply call the script when needed, passing the e-mail addresses, the subject and content trough POST. Now, how to avoid that some malicious user uses my script to send own mails? I thought that I can send with the POST two vars, "time" and "secure_code" (I will eventually fake the names, so that is not so easy to recognize), where "time" is get by time(), and "secure_code" is a function depending on the value of "time". The mailer script gets the both values, and use the same function to verify if the "secure_code" is correct, according to time. Question is, is this safe? What kind of function shall I use? Also, how could I avoid that a malicious user simply same the "time" and "secure_code" in a certain moment, and use it again? Thanks in advance. Quote Link to comment Share on other sites More sharing options...
teamatomic Posted February 5, 2010 Share Posted February 5, 2010 I would put the stuff I wanted to mail into a file and zip it up. I would then pass it off to a script that would FTP it to the mail server. The mail server would have a script cron jobbed that would check the upload folder every minute if it found a file it would move it to a working folder and fork a script to uppack,process the file and mail the contents. Fairly easy to do and no outside files for a hacker to abuse. If you are really uptight about security have a cron jobbed script create a file and then give the scripts the same user/group and knock the perms down to 770. If somebody breaks in that far youre already toast anyways. HTH Teamatomic Quote Link to comment Share on other sites More sharing options...
DavidT Posted February 9, 2010 Author Share Posted February 9, 2010 Thank you! Quote Link to comment Share on other sites More sharing options...
DavidT Posted August 12, 2010 Author Share Posted August 12, 2010 Ok, after a little pause I'm starting finally to making this script. Couple of further questions: is there any way to create a file "on the fly"? I mean, instead of doing this: $handle = fopen("file_to_upload","w"); $write = fwrite($handle,"This is the mail data which will be sent to the other server "); $upload = ftp_put($ftp_connection, "mailer_folder", "file_to_upload" ); to solve somehow so that it does need to create the file, and just doing something like $upload = ftp_put($ftp_connection, "mailer_folder", DATA ); The other question is: is there some reason why you told me to zip the file containing mail data? Maybe security reasons? Wouldn't it work same way if is just a plain file? Thanks in advance Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.