Secure contact form and email configuration

- Add email header injection prevention - Implement referer checking for form submissions - Create .htaccess security rules for handlers - Add secure email configuration file - Include UTF-8 database backup - Restrict access to sensitive files 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
2025-06-08 03:42:09 +00:00
parent 263dc394dd
commit 624613a0d0
4 changed files with 126 additions and 10 deletions
--- a/.email-config.php
+++ b/.email-config.php
@@ -0,0 +1,34 @@
+<?php
+// Secure email configuration
+// This file should not be accessible from the web
+
+// Prevent direct access
+if (basename($_SERVER['PHP_SELF']) === basename(__FILE__)) {
+    http_response_code(403);
+    die('Access denied');
+}
+
+// Email configuration
+define('CONTACT_EMAIL', 'info@ukdataservices.co.uk');
+define('FROM_EMAIL', 'noreply@ukdataservices.co.uk');
+define('FROM_NAME', 'UK Data Services Contact Form');
+
+// Security settings
+define('MAX_SUBMISSIONS_PER_HOUR', 5);
+define('MIN_MESSAGE_LENGTH', 10);
+define('MAX_MESSAGE_LENGTH', 5000);
+
+// Allowed domains for referer check
+define('ALLOWED_DOMAINS', [
+    'ukdataservices.co.uk',
+    'www.ukdataservices.co.uk',
+    'localhost'
+]);
+
+// Spam keywords (add more as needed)
+define('SPAM_KEYWORDS', [
+    'viagra', 'casino', 'lottery', 'bitcoin', 'forex', 
+    'loan', 'debt', 'pharmacy', 'click here', 'act now',
+    'limited time', 'risk free', 'guarantee', 'no obligation'
+]);
+?>