1
我对PHP很陌生,我正在使用简单的表单在主页上发帖给我发送电子邮件。虽然PHP邮件()已被彻底检查,但我收到了空邮件
这是形式:
<form data-abide action="anfrage.php" method="post">
\t <fieldset>
\t \t <div class="row">
\t \t \t <div class="large-12 columns">
\t \t \t \t <label>Firma
\t \t \t \t \t <input type="text" name="firm" placeholder="Firma" />
\t \t \t \t </label>
\t \t \t </div>
\t \t </div>
\t \t <div class="row">
\t \t \t \t <div class="large-4 columns">
\t \t \t \t \t <label>Anrede
\t \t \t \t \t \t <select name="salutation">
\t \t \t \t \t \t \t <option value="-">-</option>
\t \t \t \t \t \t \t <option value="Herr">Herr</option>
\t \t \t \t \t \t \t <option value="Frau">Frau</option>
\t \t \t \t \t \t </select>
\t \t \t \t \t </label>
\t \t \t \t </div>
\t \t \t <div class="large-8 columns">
\t \t \t \t <label>Name <small>benötigt</small>
\t \t \t \t \t <input type="text" name="name" placeholder="Ansprechpartner" required pattern="[a-zA-Z]+">
\t \t \t \t </label>
\t \t \t \t <small class="error">Bitte geben Sie einen Ansprechpartner an!</small>
\t \t \t </div>
\t \t </div>
\t \t <div class="row">
\t \t \t <div class="large-4 columns">
\t \t \t \t <label>Adresse <small>benötigt</small>
\t \t \t \t \t <input type="text" name="address" placeholder="Strasse, PLZ, Stadt" />
\t \t \t \t </label>
\t \t \t \t <small class="error">Bitte geben Sie eine Adresse an!</small>
\t \t \t </div>
\t \t \t <div class="large-4 columns">
\t \t \t \t <label>eMail <small>benötigt</small>
\t \t \t \t \t <input type="eMail" name="email" placeholder="eMail" required/>
\t \t \t \t </label>
\t \t \t \t <small class="error">Bitte geben Sie eine gültige eMail-Adresse an!</small>
\t \t \t </div>
\t \t \t <div class="large-4 columns">
\t \t \t \t <label>Telefon <small>benötigt</small>
\t \t \t \t \t <input type="text" name="phoneno" placeholder="..." required/>
\t \t \t \t </label>
\t \t \t \t <small class="error">Bitte geben Sie eine gültige Telefonnummer an!</small>
\t \t \t </div>
\t \t </div>
\t \t <div class="row">
\t \t \t <div class="large-6 columns">
\t \t \t \t <label>Art der Anfrage</label>
\t \t \t \t <input type="radio" name="radio" id="dryhire" value="Vermietung"><label for="dryhire">Vermietung</label>
\t \t \t \t <input type="radio" name="radio" id="event" value="Veranstaltung"><label for="event">Veranstaltung</label>
\t \t \t \t <input type="radio" name="radio" id="consultation" value ="Beratung"><label for="consultation">Beratung</label>
\t \t \t </div>
\t \t </div>
\t \t <div class="row">
\t \t \t <div class="large-12 columns">
\t \t \t \t <label>Was können wir für Sie tun?<small>benötigt</small>
\t \t \t \t \t <textarea name="text" placeholder="Erläutern Sie uns kurz was Sie wann und wo benötigen." required pattern=""></textarea>
\t \t \t \t </label>
\t \t \t \t <small class="error">Bitte erläutern Sie kurz Ihr Anliegen!</small>
\t \t \t </div>
\t \t </div>
\t \t <div class="antispam">Wenn Sie kein Roboter sind lassen sie diesen Bereich einfach leer: <input type="text" name="url" /></div>
\t \t <button class="large-12 columns button" type="submit">ANFRAGEN</button>
\t </fieldset>
</form>的anfrage.php看起来是这样的:
<?php
$to = "[email protected]";
$subject = $_POST["radio"];
$email = $_POST["email"];
$returnPage = 'http://myhomepage.de#success';
$returnErrorPage = 'http://myhomepage.de#error';
$dodgy_strings = array(
"content-type:"
,"mime-version:"
,"multipart/mixed"
,"bcc:"
);
function is_valid_email($email) {
return preg_match('#^[a-z0-9.!\#$%&\'*+-/=?^_`{|}~][email protected]([0-9.]+|([^\s]+\.+
[a-z]{2,6}))$#si', $email);
}
function contains_bad_str($str_to_test) {
$bad_strings = array(
"content-type:"
,"mime-version:"
,"multipart/mixed"
,"Content-Transfer-Encoding:"
,"bcc:"
,"cc:"
,"to:"
);
foreach($bad_strings as $bad_string) {
if(eregi($bad_string, strtolower($str_to_test))) {
header("Location: " . $returnErrorPage);
exit;
}
}
}
function contains_newlines($str_to_test) {
if(preg_match("/(%0A|%0D|\\n+|\\r+)/i", $str_to_test) != 0) {
header("Location: " . $returnErrorPage);
exit;
}
}
function isEmpty($str_to_test){
return preg_match('/\S/', $str_to_test);
}
function checkFormCompletion($str_to_test){
contains_bad_str($str_to_test);
if(isEmpty($str_totest)){
header("Location: " . $returnErrorPage);
exit;
}
else
return $str_to_test;
}
if($_SERVER['REQUEST_METHOD'] != "POST"){
header("Location: " . $returnErrorPage);
exit;
}
if (!is_valid_email($email)) {
header("Location: " . $returnErrorPage);
exit;
}
$body .= "Firma: " .checkFormCompletion($_POST['firm']);
$body .= "\n";
$body .= "Ansprechpartner: " .checkFormCompletion($_POST['salutation']) ." "
.checkFormCompletion($_POST['name']);
$body .= "\n";
$body .= "Adresse: " .checkFormCompletion($_POST['address']);
$body .= "\n";
$body .= "Telefonnummer: " .checkFormCompletion($_POST['phoneno']);
$body .= "\n";
$body .= "\n";
$body .= "Anfrage: " .checkFormCompletion($_POST['text']);
contains_bad_str($email);
contains_bad_str($subject);
contains_newlines($email);
contains_newlines($subject);
checkFormCompletion($subject);
if(isset($_POST['url']) && $_POST['url'] == ''){
$mailSent = @mail($to, $subject, $body, "From: ".$email);
}
else {
header("Location: " . $returnErrorPage);
}
if($mailSent == TRUE) {
header("Location: " . $returnPage);
} else {
header("Location: " . $returnErrorPage);
}
exit();
?>
虽然恕我直言,没有空的电子邮件应打通了我,我不断获取像这样的EMails:
To: [email protected]
From: [email protected]
Subject:
Body:
Firma:
Ansprechpartner: Herr 59d4f7714f4d7
Adresse:
Telefonnummer:
Anfrage:
Someties它只是一个电子邮件一天,有时是三十+。
我不知道为什么我继续得到那些EMails。 你有什么想法如何避免它? 或者你知道我的anfrage.php中存在安全问题吗?
在此先感谢!
无论如何,看到它是垃圾邮件,你的第一个应该是一个验证码(不管是基本的)。 - 表单检查逻辑有点难以遵循;太多的地方变数。应该直接在'$ _POST'中工作,并使用一些散列运行函数/并生成最终模板。 - 其他:让它制作一个带有POST值的日志文件,以及最终的$ body结果。 – mario