如何通过html和php安全地发送消息(发布)

时间:2012-08-06 10:31:14

标签: php post message

我在服务器上使用php代码向我的客户发送消息。我使用的编程工具(Game Maker)允许我通过执行shell来通过php发送消息,以便链接出现在浏览器中。

示例是here ...

添加了所有其他内容。所以实际上,我发送的消息和我发送的所有内容都可以在浏览器中看到。我使用php get方法。现在一切都很完美,除了它可能没有安全。有人建议使用php post方法,但是当我在我的服务器上用我的php cod替换get来发布,并在浏览器中粘贴相同的东西时,我的代码不起作用。这很难解释,但这是我服务器上的php代码:

<?php
// Some checks on $_SERVER['HTTP_X_REFERRER'] and similar headers
// might be in order

// The input form has an hidden field called email. Most spambot will
// fall for the trap and try filling it. And if ever their lord and master checks the bot logs,
// why not make him think we're morons that misspelled 'smtp'?
if (!isset($_GET['email']))
    die("Missing recipient address");
if ('' != $_GET['email'])
{
    // A bot, are you?
    sleep(2);
    die('DNS error: cannot resolve smpt.gmail.com');
    // Yes, this IS security through obscurity, but it's only an added layer which   comes almost for free.
}

$newline = $_GET['message'];

$newline = str_replace("[N]","\n","$newline");
$newline = str_replace("[n]","\n","$newline");

// Add some last-ditch info
$newline .= <<<DIAGNOSTIC_INFO

---
Mail sent from $_SERVER[REMOTE_ADDR]:$_SERVER[REMOTE_PORT]


DIAGNOSTIC_INFO;

mail('info@site.com','missing Password Report',$newline,"From: ".$_GET['from']);

header( 'Location: http://site.com/report.html' ) ;
?>

然后我在我的网站上调用这个PHP代码。所以最后,整个事情最终都在浏览器地址栏中。我希望这是有道理的。如何通过使用帖子使事情更安全,以便至少在用户历史记录中看不到所发送的信息。

1 个答案:

答案 0 :(得分:1)

如果您在表单中替换为POST,则还需要将请求替换为POST:

<?php
// Some checks on $_SERVER['HTTP_X_REFERRER'] and similar headers
// might be in order

// The input form has an hidden field called email. Most spambot will
// fall for the trap and try filling it. And if ever their lord and master checks the          bot logs,
   // why not make him think we're morons that misspelled 'smtp'?
   if (!isset($_POST['email']))
    die("Missing recipient address");
 if ('' != $_POST['email'])
 {  // A bot, are you?
       sleep(2);
     die('DNS error: cannot resolve smpt.gmail.com');
      // Yes, this IS security through obscurity, but it's only an added layer which   comes almost for free.
   }



 $newline = $_POST['message'];

$newline = str_replace("[N]","\n","$newline");
$newline = str_replace("[n]","\n","$newline");

// Add some last-ditch info
  $newline .= <<<DIAGNOSTIC_INFO

---
Mail sent from $_SERVER[REMOTE_ADDR]:$_SERVER[REMOTE_PORT]


DIAGNOSTIC_INFO;

mail('info@site.com','missing Password Report',$newline,"From: ".$_POST['from']);

header( 'Location: http://site.com/report.html' ) ;
?>

除非您使用http://www.mysite.com/send.php?email=etc之类的真实GET参数发送它;在这种情况下,您需要将其设置为GET以检索变量。

相关问题
最新问题