How to protect the use of a PHP script that runs emails?

Question

How to protect the use of a PHP script that runs emails?

I am creating a PHP script to send emails (based on Amazon ASES).

Therefore, I can make a GET or POST Ajax call for my PHP script:

envoi.php?nom=John&email=john@domain.com

launches an email sent to john@domain.com.

My website has a registration form, which on submit makes a jQuery ajax call to a PHP script (the website and the PHP script are on the same server). I also use a script for other events.

Now I'm worried that this script can obviously be abused if someone gets their url.

How can I protect access to this script?

+5

security php

tucson Jul 17 '12 at 14:57

source share

3 answers

captcha script .

+4

Darin Dimitrov 17 . '12 14:59

, . , :

, , (captcha?)
IP-.

+1

Explosion Pills 17 . '12 15:00

Anirudh Ramanathan · Accepted Answer · 2012-07-17T15:13:16+0000

1:. , captcha, $_SESSION.

$_SESSION["mail_allowed"] = true;

2: , ,

envoi.php?nom=John&email=john@domain.com

3: , script :

if($_SESSION["mail_allowed"]){
    $_SESSION["mail_allowed"] = false;
    //send mail  
}
else{
    die('File cannot be executed directly');
}

, , , script .

How to protect the use of a PHP script that runs emails?

More articles: