Mike’s Technology Blog

In this short post, I will try to show you how to use PHP Sessions. It’s simple and easy to do. I believe that the best way to explain this is to show an example. What we’ll try to do is register a session variable on one page (phpscript1.php) and echo the same variable on another page (phpscript2.php).

So, let’s start by first creating a session variable named ‘var’ on phpscript1.php.

Filename: phpscript1.php

session_start ();  // < - start the session
$_SESSION['var'] = 'value';  // <- register a variable

Then, we echo our session variable on another page…

Filename: phpscript2.php

session_start (); // < - start the session
echo $_SESSION['var'];  // <- echo the session variable

Summary:

As you can see, using PHP Sessions is easy and straightforward. Just always remember the following:

1. When using sessions, always begin your PHP script with ’session_start()’
2. Use the $_SESSION pre-defined array to register your sessions in the following manner: $_SESSION['varname'] = ‘value’;

If you have questions, feel free to post them below.

Related links:

• PHP Sessions @ PHP.NET

Looking for cheap web hosting? Did you try searching google for the phrase ‘web hosting’ and ended up with a web hosting company that doesn’t provide cheap web hosting? In fact, if you search google for web hosting, you will find this not so cheap web hosting company at the #1 position. Imagine, they sell 75MB of webspace for $4.95! Whew! I know a site that can give you 1GB of web space for only $5.95. Now that’s cheap web hosting.

Spammers are among the most innovative people in the net. Like virus programmers, they seem to be able to find new means to send their spam and bypass existing protection. What most webmasters do nowadays to prevent spammers from harvesting email addresses from their website is to put an email contact form instead of posting their actual email address on their website. So instead of seeing user@domain.com in their ‘Contact Us’ page, you will see a contact form instead. This worked well in the beginning but now, the spammers found another way and they made it worst! Instead of just harvesting emails from our websites, they now use our resources to send their spam. This can result to a slowing down of the server to blacklisting of the server’s IP which is very very bad!

This problem was brought to my attention by Benj Arriola who he himself has posted an article on how to prevent email contact form spamming.

So how do they do it? First, let’s look at how most contact forms look like. Most contact forms will have these:

• Name of Sender
• Email of Sender
• Message Subject
• Email Message

What the spammers do is simply include email headers in these fields in the correct format and let your code do the rest. How? Like this:

1. They put the name of sender that they want.
2. They put the email of sender that they want
3. Then in message subject, they first type the following in some plain text editor such as notepad:
   Subject that they want
   Bcc: recipient1@domain.com,recipient2@domain.com,…
   They can enter as many Bcc recipients as they want
4. They type their spam message
5. They click submit and poof! The email gets sent to all the Bcc recipients using your server’s resources and identity.

Bad? you bet! So how do we solve this? Here are few tips. Assuming we have the following form:

Name of Sender :

Email of Sender :

Subject :

Message : 

In sendmail.php, you do this:

// anti-spam code
list ($sender_name) = explode ("\\n", $_POST['sender_name']);
list ($sender_email) = explode (”\\n”, $_POST['sender_email']);
list ($subject) = explode (”\\n”, $_POST['subject']);
$message = “\\n\\n” . $_POST['message'];

// email sending code goes here…

So what exactly did we do?

The first three lines of the anti-spam code simply gets only the first line of whatever was placed in our sender_name, sender_email, and subject fields. This effectively removes extra header fields that the spammers could have placed in them.

On the other hand, the fourth line adds two extra spaces before the the start of message effectively disabling possible headers that the spammers may have placed in the message body.

This code is tested and seems to work for now… We can never tell when these spammers will find a new workaround.

Lastly, I’m sorry if I wasn’t able to explain this much clearer. I’m typing this in a short span of time only. If you need clarifications, please feel free to post them as comments below and I will try to answer your queries.