Version imprimable du sujet

<?php

// First, make sure the form was posted from a browser.
// For basic web-forms, we don't care about anything
// other than requests from a browser:  
if(!isset($_SERVER['HTTP_USER_AGENT']))
{
  die ("Forbidden - You are not authorized to view this page");
  exit;
}

// Make sure the form was indeed POST'ed:
//  (requires your html form to use: action="post")
if(!$_SERVER['REQUEST_METHOD'] == "POST")
{
  die ("Forbidden - You are not authorized to view this page");
  exit;  
}

// Host names from where the form is authorized
// to be posted from:
$authHosts = array ("webserviteur.com");

// Where have we been posted from?
$fromArray = parse_url(strtolower($_SERVER['HTTP_REFERER']));

// Test to see if the $fromArray used www to get here.
$wwwUsed = strpos ($fromArray['host'], "www.");

// Make sure the form was posted from an approved host name.
if(!in_array(($wwwUsed === false ? $fromArray['host'] : substr(stristr($fromArray['host'], '.'), 1)), $authHosts))
{  
  //logBadRequest();
  header("HTTP/1.0 403 Forbidden");
   exit;  
}

// Attempt to defend against header injections:
$badStrings = array("Content-Type:",
     "Content-Type: text/plain;",
     "MIME-Version:",
     "Content-Transfer-Encoding:",
     "Content-Transfer-Encoding: 7Bit",
     "bcc:",
     "cc:");

// Loop through each POST'ed value and test if it contains
// one of the $badStrings:
foreach($_POST as $k => $v)
{
  foreach($badStrings as $v2)
  {
   if(strpos($v, $v2) !== false)
   {
    //logBadRequest();
    header("HTTP/1.0 403 Forbidden");
     exit;
   }
  }
}  

// Made it past spammer test, free up some memory
// and continue rest of script:  
unset($k, $v, $v2, $badStrings, $authHosts, $fromArray, $wwwUsed);

// Puis ici ta fonction mail avec tes traitements éventuels !
?>