从php联系表单的日期是错误的

时间:2013-04-07 13:15:24

标签: php html-email

我网站上的所有突然联系表格都是从1970年1月1日起进入我的收件箱???

他们最终在我的收件箱底部,我错过了几个线索......

任何想法如何突然发生?

我在联系页面上使用的代码是: -

<?php
if(isset($_POST['email'])) {

// EDIT THE 2 LINES BELOW AS REQUIRED
$email_to = "my email address";
$email_subject = "Website Contact Enquiry";


function died($error) {
    // your error code can go here
    echo "We are very sorry, but there were error(s) found with the form you submitted.     ";
    echo "These errors appear below.<br /><br />";
    echo $error."<br /><br />";
    echo "Please go back and fix these errors.<br /><br />";
    die();
}

// validation expected data exists
if(!isset($_POST['name']) ||
    !isset($_POST['email']) ||
    !isset($_POST['tel']) ||
    !isset($_POST['message'])||
    !isset($_POST['formtype'])
    ) {
    died('We are sorry, but there appears to be a problem with the form you  submitted.');       
}

$name = $_POST['name']; // required
$email_from = $_POST['email']; // required
$tel = $_POST['tel']; // required
$message = $_POST['message']; // required
$formtype = $_POST['formtype'];


$email_message = "Form details below.\n\n";

function clean_string($string) {
  $bad = array("content-type","bcc:","to:","cc:","href");
  return str_replace($bad,"",$string);
}

$email_message .= "Name: ".clean_string($name)."\n";
$email_message .= "Email: ".clean_string($email_from)."\n";
$email_message .= "Tel: ".clean_string($tel)."\n";
$email_message .= "Message: ".clean_string($message)."\n";
$email_message .= "formtype: ".clean_string($formtype)."\n"; 

// create email headers
$headers = 'From: '.$email_from."\r\n".
'Reply-To: '.$email_from."\r\n" .
'X-Mailer: PHP/' . phpversion().date();
@mail($email_to, $email_subject, $email_message, $headers);  
?>

1 个答案:

答案 0 :(得分:1)

将此添加到标题中:

'Date: ' . date('r'),

另外,请务必清理$email_from。现在,您允许垃圾邮件发送者向其他收件人发送电子邮件并更改标题。在此处阅读更多内容:http://www.securephpwiki.com/index.php/Email_Injection