The osCommerce 2.3 version of Tell A Friend added some measures to prevent people from using it to send spam. After we discovered that someone was using the Tell A Friend script on our RC2a based web site to send spam we added measures to prevent the spammer from using the file. Since we are in the process of updating our web site to version 2.3 I added these same measures to the 2.3 version of the file as added insurance against spammers. Since there are ways to bypass at least some of the security measures in the 2.3 version such as the session token I felt that adding even more anti-spam measures wouldn't hurt.
1) If a customer id is set it is checked. If it is not valid the file immediately redirects to Log Off. Otherwise the from name and email from the database are used.
2) The process checks the address from which the form is posted. If the form was posted from anywhere other than the current web site's Tell A Friend file it is an attempt to send spam. The web site owner will be emailed a notice of the attempt with details of what was to be sent and the IP address of the attempted sender and the file will terminate.
3) The message is checked for links. Any links found to another web site in the message will trigger an error message and no email will be sent.
Installation is as simple as replacing the two Tell A Friend files. WARNING: This version is for osCommerce 2.3 and later ONLY. Do NOT use it for earlier versions of osCommerce.