Some improvements you might be interested in

php/commentsubmit.php

@@ -25,7 +25,7 @@
 // the From: address.  Whilst you could, in theory, change this to take the
 // address out of the form, it's *incredibly* highly recommended you don't,
 // because that turns you into an open relay, and that's not cool.
-$EMAIL_ADDRESS = "blogger@example.com";
+$EMAIL_ADDRESS = "root";
 
 // The contents of the following file (relative to this PHP file) will be
 // displayed after the comment is received.  Customise it to your heart's
@@ -35,24 +35,18 @@
 // The contents of the following file (relative to this PHP file) will be
 // displayed if the comment contains spam.  Customise it to your heart's
 // content.
-$COMMENT_CONTAINS_SPAM = "comment_contains_spam.html";
+//$COMMENT_CONTAINS_SPAM = "comment_contains_spam.html";
 
 // If the emails arrive in your client "garbled", you may need to change this
 // line to "\n" instead.
-$HEADER_LINE_ENDING = "\r\n";
+$HEADER_LINE_ENDING = "\n";
 
 
 /****************************************************************************
  * HERE BE CODE
  ****************************************************************************/
 
 require_once 'mail.php';
-require_once 'spamfilter.php';
-
-function get_post_field($key, $defaultValue = "")
-{
-	return (isset($_POST[$key]) && !empty($_POST[$key])) ? $_POST[$key] : $defaultValue;
-}
 
 function get_post_data_as_yaml()
 {
@@ -75,32 +69,65 @@ function get_post_data_as_yaml()
 	return $yaml_data;
 }
 
-$COMMENTER_NAME = get_post_field('name', "Anonymous");
-$COMMENTER_EMAIL_ADDRESS = get_post_field('email', $EMAIL_ADDRESS);
-$COMMENTER_WEBSITE = get_post_field('link');
-$COMMENT_BODY = get_post_field('comment', "");
-$COMMENT_DATE = date($DATE_FORMAT);
-
-$POST_TITLE = get_post_field('post_title', "Unknown post");
-$POST_ID = get_post_field('post_id', "");
-unset($_POST['post_id']);
-
-
-$SPAM = spam_check_text($COMMENT_BODY);
-if (!empty($SPAM))
+/* NOTE the checkdnsrr function seems to be unreliable */
+function get_warnings_for($name, $email, $url)
 {
-	include $COMMENT_CONTAINS_SPAM;
-	die();
+	$warnings = '';
+
+	// http://php.net/manual/en/filter.filters.validate.php
+	$name_is_a_url =			filter_var($name,   FILTER_VALIDATE_URL);
+	$name_is_an_email_address =	filter_var($name,   FILTER_VALIDATE_EMAIL);
+	$email_is_invalid =		!filter_var($email, FILTER_VALIDATE_EMAIL);
+	$url_is_invalid =		!filter_var($url,   FILTER_VALIDATE_URL);
+	$url_a_record_invalid =		false;
+	$email_a_record_invalid =		false;
+	$email_mx_record_invalid =	false;
+
+	if (!$email_is_invalid) {
+		// TODO only retrieve $domain
+		list($user, $domain) =		explode('@', $email, 2);
+		$email_a_record_invalid =		!checkdnsrr($domain, 'A');
+		$email_mx_record_invalid =	!checkdnsrr($domain, 'MX');
+	}
+
+	if (!$url_is_invalid) {
+		list($protocol, $domain) =	explode('/', str_replace('//', '/', $url));
+		$url_a_record_invalid =		!checkdnsrr($domain, 'A');
+	}
+
+	$name_is_a_url ? 		$warnings .= "* Name:    Is a URL\n" : '';
+	$name_is_an_email_address ?	$warnings .= "* Name:    Is an email address\n" : '';
+	$email_is_invalid ?		$warnings .= "* Email:   Invalid address\n" : '';
+	$email_a_record_invalid ?		$warnings .= "* Email:   Invalid Domain A record\n" : '';
+	$email_mx_record_invalid ?	$warnings .= "* Email:   Invalid Domain MX record\n" : '';
+	!empty($url) && $url_is_invalid ?	$warnings .= "* Website: Invalid URL\n" : '';
+	$url_a_record_invalid ?		$warnings .= "* Website: Invalid Domain A record\n" : '';
+
+	// This is of minor elegance and error prone, I know.
+	$warnings_count =		substr_count($warnings, "\n");
+	return strlen($warnings) > 0 ?	"\n$warnings_count WARNING/S:\n$warnings" : '';
 }
 
+$COMMENT_DATE =			date($DATE_FORMAT);
 
-$subject = "Comment from $COMMENTER_NAME on '$POST_TITLE'";
+$COMMENTER_NAME =		filter_input(INPUT_POST, 'name');
+$COMMENTER_EMAIL_ADDRESS =	filter_input(INPUT_POST, 'email');
+$COMMENTER_WEBSITE =		filter_input(INPUT_POST, 'link');
+$COMMENT_BODY =			filter_input(INPUT_POST, 'comment');
+
+$POST_TITLE =			filter_input(INPUT_POST, 'post_title');
+$POST_ID =			filter_input(INPUT_POST, 'post_id');
+unset($_POST['post_id']);
+
+$subject = "$COMMENTER_NAME on '$POST_TITLE'";
 
 $message = "$COMMENT_BODY\n\n";
 $message .= "----------------------\n";
 $message .= "$COMMENTER_NAME\n";
 $message .= "$COMMENTER_WEBSITE\n";
 
+$message .= get_warnings_for($COMMENTER_NAME, $COMMENTER_EMAIL_ADDRESS, $COMMENTER_WEBSITE);
+
 $mail = new Mail($subject, $message);
 $mail->set_from($EMAIL_ADDRESS, $COMMENTER_NAME);
 $mail->set_reply_to($COMMENTER_EMAIL_ADDRESS, $COMMENTER_NAME);

php/mail.php

@@ -106,6 +106,7 @@ public function send($recipient_email, $recipient_name = "")
 		if (!empty($reply_to))	$headers []= "Reply-To: $reply_to";
 
 		$headers []= "X-Mailer: PHP/" . phpversion();
+		$headers []= "Message-ID: <" . sha1(microtime()) . "@" . $_SERVER['SERVER_NAME'] . ">";
 		$headers []= "MIME-Version: 1.0";
 		$headers []= "Content-Type: multipart/mixed; boundary=\"$uid\"";
 		$headers []= "";