GoFuckYourself.com - Adult Webmaster Forum - View Single Post

zijlstravideo · 12-01-2022, 03:26 PM

Instead of using POST through a form to insert the user's email, you'll just get it from the database instead.

Check if user is logged in. If so, get the user's email from the database and set the variable.

You don't have to submit the email address (HTTP POST) using the form page, but rather verify and add the user's email address on the sendemail.php page. This will also prevent anyone who isn't logged in to the website, from sending a POST request to that link directly.

If you do the email address validation part on the form page, someone can just bypass the whole form page by making a direct POST request to the sendemail.php file directly (and abuse it to send spam).

Also, the code for your sendemail.php page isn't secure... at all!

12-01-2022, 03:26 PM
zijlstravideo Confirmed User Industry Role: Join Date: Sep 2013 Location: The Netherlands Posts: 805	Instead of using POST through a form to insert the user's email, you'll just get it from the database instead. Check if user is logged in. If so, get the user's email from the database and set the variable. You don't have to submit the email address (HTTP POST) using the form page, but rather verify and add the user's email address on the sendemail.php page. This will also prevent anyone who isn't logged in to the website, from sending a POST request to that link directly. If you do the email address validation part on the form page, someone can just bypass the whole form page by making a direct POST request to the sendemail.php file directly (and abuse it to send spam). Also, the code for your sendemail.php page isn't secure... at all! __________________ Contact: email