Ver original
<?
if(!isset($_SERVER['HTTP_USER_AGENT'])){
   die("Forbidden - You are not authorized to view this page");
   exit;
} 
if(!$_SERVER['REQUEST_METHOD'] == "POST"){
   die("Forbidden - You are not authorized to view this page");
   exit;    
} 
$httprefe = getenv ("HTTP_REFERER");
$httpagente = getenv ("HTTP_USER_AGENT");
$datee = date("d/m/Y H:i:s");
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" 
 
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="es" >
<head>
<meta http-equiv="Content-Type" content="application/xhtml+xml; charset=iso-8859-1" />
<meta name="keywords" content="formulario web contacto seguro" />
<meta name="description" content="Formulario web de contacto seguro antispam con captcha de Quinti.net" />
<title>Quinti.net - Formulario web seguro anti spam con captcha</title>
<?
    $antispam= 'http://www.quinti.net';
    $antispamt= 'Quinti.net secure form script';
    $antispam2= 'http://www.maismedia.com';
    $antispamt2= 'MaisMedia Optimizacion Web';
    echo "<script type=\"text/javascript\">\n";
    echo "<!--\n";
    echo "function validar(form1) {\n";
    echo "if (form1.name.value.length < 2) {\n";
    echo "alert('";
    echo "Inserte el nombre";;
    echo "')\n";
echo "form1.name.focus();\n";
  echo "return (false);}\n";
echo "var checkOK = \"ABCDEFGHIJKLMNÑOPQRSTUVWXYZÁÉÍÓÚ \" + \"abcdefghijklmnñopqrstuvwxyzáéíóú\";\n";
  echo "var checkStr = form1.name.value;\n";
  echo "var allValid = true;\n";
  echo "var uword = hex_md5(document.getElementById('uword').value)\n";
  echo "for (i = 0; i < checkStr.length; i++) {";
  echo "ch = checkStr.charAt(i);\n";
  echo "for (j = 0; j < checkOK.length; j++)\n";
  echo "if (ch == checkOK.charAt(j))\n";
  echo "break;\n";
  echo "if (j == checkOK.length) {\n";
  echo "allValid = false;\n";
  echo "break;";
  echo "}}\n";
  echo "if (!allValid) {\n";
  echo "alert('";
  echo "inserte el nombre";
  echo "');\n";
  echo "form1.name.focus();\n";
  echo "return (false);}\n";
echo "if ((form1.email.value.indexOf ('@', 0) == -1)||(form1.email.value.length < 9) || 
 
form1.email.value.indexOf ('.', 0)== -1 ){\n";
  echo "alert('";
  echo "inserte el email";
  echo "');\n";
  echo "form1.email.focus();";
  echo "return (false);}\n";
echo "if (form1.message.value.length < 7) {\n";
  echo "alert('";
  echo "inserte el mensaje";
  echo "');\n";
  echo "form1.message.focus();";
  echo "return (false);}\n";
 
echo "if (uword==cword[anum-1]) {\n";
  echo "return true;}\n";
  echo "else {\n";
  echo "alert('";
  echo "inserte el código de la imagen";
  echo "');\n";
  echo "document.getElementById('uword').focus();\n";
  echo "return false;}\n";
  echo "return (true);}\n";
  echo "-->\n";
  echo "</script>\n";
  ?>
<script type="text/javascript" src="js/md5.js"></script>
<script type="text/javascript" src="js/jcap.js"></script>
<style type="text/css">
<!--
img {
    border:0;
}
-->
</style>
</head>
<body>
<form method="post" onsubmit="return validar(this)" id="form1" action="gracias.php">
  <p>
    <input type="hidden" name="token" value="<?=$token?>" />
  </p>
  <p>
    <input type="hidden" name="ip" value="<?=$_SERVER['REMOTE_ADDR']?>" />
  </p>
  <p>
    <input type="hidden" name="httpref" value="<?=$httprefe?>" />
  </p>
  <p>
    <input type="hidden" name="httpagent" value="<?=$httpagente?>" />
  </p>
  <p>
    <input type="hidden" name="date" value="<?=$datee?>" />
  </p>
  <p>
    <label for="name">Nombre:*</label>
    <input name="name" id="name" type="text" value="" />
  </p>
  <p>
    <label for="email">E-mail:*</label>
    <input name="email" id="email" type="text" value="" />
  </p>
  <p>
    <label for="phone">Asunto:</label>
    <input name="phone" id="phone" type="text" value="" />
  </p>
  <p>
    <label for="message">Mensaje:*</label>
    <br />
    <textarea id="message" name="message" cols="30" rows="5"></textarea>
  </p>
  <p>
    <label for="uword">Inserte el código de la imagen siguiente* (para evitar el Spam)</label>
  </p>
  <p>
    <input type="text" name="uword" id="uword" value="" />
  </p>
  <p>
    <script type="text/javascript">cimg()</script>
  </p>
  <p>
    <input type="submit" value="enviar"  />
  </p>
</form>
<p>campos con * son obligatorios.
  <!-- START COPYRIGHT IMPORTANT NOTE: these line can't be delete 
 2006, 2010 MaisMedia.com & Quinti.net solutions, Gran Vía 1, 4º C, Sarria, 27600 Lugo, Galicia, Spain.
to remove the creator link, and/or for commercial use, the form costs (price is) 30E, 
Otherwise you cannot use this script and you was damaging Copyright's laws (C) 2006, 2010 MaisMedia.com & Quinti.net
-->
  <?php
echo "<a href=\"$antispam\">$antispamt</a> &amp; <a href=\"$antispam2\">$antispamt2</a>";
?>
</p>
<!-- END COPYRIGHT IMPORTANT NOTE, DON'T REMOVE PLEASE -->
<p> <a href="http://validator.w3.org/check?uri=referer"><img
        src="http://www.w3.org/Icons/valid-xhtml11"
        alt="Valid XHTML 1.1" height="31" width="88" /></a> </p>
</body>
</html>
 

Ver original
<?
  @import_request_variables("gpc");
    $youremail = "[email protected]"; //YOUR MAIL HERE 
    $subject = "el título del tema "; // TITLE OF DE SUBJECT IN MAIL
    $redirect = "contacto.php";//URL TO BE REDIRECTED IN 5 SECONDS
    $secs = "10";// TIME TO BE REDIRECTED
 
if(eregi("MIME-Version:",$postVars)) {
mail("[email protected]"/*YOUR MAIL HERE*/, "Form Hijack Attempt", "A spam relay was attempted from the Web site and was blocked.", "From:SpamMonitor");
die();
} //BLOCKING spam
 
 
 $secret = 'ssshhitsasecret';  
    $token = md5(rand(1, 1000).$secret);
    $_SESSION['token'] = $token;
    ?> 
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="es" >
<head>
<meta http-equiv="Content-Type" content="application/xhtml+xml; charset=iso-8859-1" />
<title>ejemplo de procesador de formulario web seguro antispam con captcha quinti.net</title>  
<meta http-equiv="refresh" content="<?=$secs;?>;URL=<?=$redirect;?>" />
 </head>
        <body> 
<?
  //a partir de aquí hay una serie de variables que impiden que los spammers usen nuestro formulario como lanzadera de su spam 
  $name = stripslashes($name);
  $message = stripslashes($message);
  $headers .= "From: " . $email . "\r\n\r\n"; 
    //This is where the email is sent using your values from above. Be sure to update this if you change any fields in contact.php
    mail("$youremail", "$subject","
    Name: $name
    Email: $email
    Subject: $phone
    Message: $message 
    IP: $ip
    Browser Info: $httpagent
    Referral : $httpref
    Date : $date
",$headers);
   // Strip \r and \n from the email address
   $_POST['email'] = str_replace("\r", "", $_POST['email']);
   $_POST['email'] = str_replace("\n", "", $_POST['email']);
 
//*****COMMENT: if you have problems with the lines 40/41, replace these for:
//$_POST['email'] = str_replace("\r", "", $_POST['email']);
//$_POST['email'] = str_replace("\n", "", $_POST['email']);//*****
 
//MARTINFERRA dice: EN MI CASO LAS TUVE QUE CAMBIAR, LAS ORIGINALES ERAN:
//$_POST['email'] = preg_replace("\r", "", $_POST['email']);
//$_POST['email'] = preg_replace("\n", "", $_POST['email']);//*****
//...Y DABAN UN PROBLEMA EN LAS LINEAS 40/41
 
   $_SESSION['token'] = $token; 
   $token = md5(rand(1, 1000).$secret);
   $secret = 'ssshhitsasecret';
   $field = preg_replace( "/[\n\r]+/", " ", $field );
    // Remove injected headers
    $find = array("/bcc\:/i","/Content\-Type\:/i","/cc\:/i","/to\:/i");
    $_POST['email'] = preg_replace($find, "", $_POST['email']);
    $message = preg_replace($find, "", message); 
    $email=str_replace("\r","\n",$email);
    $name=str_replace("\r","\n",$name);
    $message=str_replace("\r","\n",$message);
    $phone=str_replace("\r","\n",$phone);
   
   
if(!eregi("^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$", $email)) {
ob_clean();
mail("$youremail", "Message Killed", "$message", "From: $name <$email>");
exit("Message killed.");
}
 if (eregi('^(bcc$|content-type|mime-version|--)',$key))
print_error("Field names indicate exploit.");  //BLOCKING SPAM
 
?>
 <p>Gracias, el formulario se ha enviado con éxito, le contestaremos en menos de 24 h. En 5 segundos será redirigido a la página principal.</p>
 
 
        </body>
        </html>