1. 首页
  2. 问答
  3. 如何通过html和php安全地发送邮件(帖子)

如何通过html和php安全地发送邮件(帖子)

2012-08-06 53 views
0

我在我的服务器上使用php代码将消息发送给我的客户。我使用的编程工具(Game Maker)允许我通过执行一个shell来通过php发送消息,以便链接显示在浏览器中。如何通过html和php安全地发送邮件(帖子)

例子是here ...

与所有其他的东西添加。所以实际上,我发送的消息和我发送的所有内容都可以在浏览器中看到。我使用php get方法。现在一切正常,除非它可能不安全。有人建议使用php post方法,但是当我更换了我的服务器上的php cod以发布并在浏览器中粘贴相同的内容时,我的代码无法工作。这很难解释,但这里是我的服务器上的php代码:

<?php 
// Some checks on $_SERVER['HTTP_X_REFERRER'] and similar headers 
// might be in order 

// The input form has an hidden field called email. Most spambot will 
// fall for the trap and try filling it. And if ever their lord and master checks the bot logs, 
// why not make him think we're morons that misspelled 'smtp'? 
if (!isset($_GET['email'])) 
    die("Missing recipient address"); 
if ('' != $_GET['email']) 
{ 
    // A bot, are you? 
    sleep(2); 
    die('DNS error: cannot resolve smpt.gmail.com'); 
    // Yes, this IS security through obscurity, but it's only an added layer which comes almost for free. 
} 

$newline = $_GET['message']; 

$newline = str_replace("[N]","\n","$newline"); 
$newline = str_replace("[n]","\n","$newline"); 

// Add some last-ditch info 
$newline .= <<<DIAGNOSTIC_INFO 

--- 
Mail sent from $_SERVER[REMOTE_ADDR]:$_SERVER[REMOTE_PORT] 


DIAGNOSTIC_INFO; 

mail('[email protected]','missing Password Report',$newline,"From: ".$_GET['from']); 

header('Location: http://site.com/report.html') ; 
?>

然后我在我的网站上调用这个php代码。所以最终,整个事情在浏览器地址栏中结束。我希望这是有道理的。如何通过使用信息让事情更安全,以便至少所发送的信息不会在用户历史记录中看到。

来源

2012-08-06 Yaw Ansong

+4

请注意,从GET切换到POST时没有什么安全的。通过POST,你只需将它隐藏一点(如果使用隐藏字段)。但大家仍然可以轻松找到它。如果您需要安全通信,请切换到HTTPS。 – 2012-08-06 10:36:59

回答

1

如果更换你的表来发表您需要更换请求POST太:

<?php 
// Some checks on $_SERVER['HTTP_X_REFERRER'] and similar headers 
// might be in order 

// The input form has an hidden field called email. Most spambot will 
// fall for the trap and try filling it. And if ever their lord and master checks the   bot logs, 
    // why not make him think we're morons that misspelled 'smtp'? 
    if (!isset($_POST['email'])) 
    die("Missing recipient address"); 
if ('' != $_POST['email']) 
{ // A bot, are you? 
     sleep(2); 
    die('DNS error: cannot resolve smpt.gmail.com'); 
     // Yes, this IS security through obscurity, but it's only an added layer which comes almost for free. 
    } 



$newline = $_POST['message']; 

$newline = str_replace("[N]","\n","$newline"); 
$newline = str_replace("[n]","\n","$newline"); 

// Add some last-ditch info 
    $newline .= <<<DIAGNOSTIC_INFO 

--- 
Mail sent from $_SERVER[REMOTE_ADDR]:$_SERVER[REMOTE_PORT] 


DIAGNOSTIC_INFO; 

mail('[email protected]','missing Password Report',$newline,"From: ".$_POST['from']); 

header('Location: http://site.com/report.html') ; 
?>

除非你与真正的GET参数,如http://www.mysite.com/send.php?email=etc在发送;在这种情况下,您需要将其设置为GET来检索变量。

来源

2012-08-06 10:35:08 Peon

+0

的确,这就是问题所在。 HTTP://www.mysite.com/send.php电子邮件=等等 这是我送我的消息 – 2012-08-06 10:39:13

+0

你的意思改变形式的方法,“后” – Waygood 2012-08-06 10:40:30

+0

@YawAnsong发送?邮件的表单设置为POST。请勿直接输入网址。 – Peon 2012-08-06 10:41:06

相关问题

 相关问题