我正在尝试在我的联系表单中创建一个隐藏的电子邮件字段,填写完成后,不会向我发送电子邮件(意味着垃圾邮件发送者填写隐藏的电子邮件字段),而只是将垃圾邮件发送者发送到确认页面说电子邮件已发送。
我无法让它正常工作。
测试网站 - http://www.webexplosive.com/s1/contact.html
这是我的联系表格的PHP脚本:
<?php
$firstname = $_POST['firstname'];
$lastname = $_POST['lastname'];
$email1 = $_POST ['email1'];
$phone = $_POST ['phone'];
$comments = $_POST ['comments'];
$testBot = $_POST ['email2'];
$headers = "MIME-Version: 1.0\r\n";
$headers = "From: $email1";
$to = 'beefjelly69@yahoo.com';
$subject = 'Contact Form Submitted - Virginia Subsite';
$message = "
First name: $firstname \n
Last name: $lastname \n
Email: $email1 \n
Phone: $phone \n
Comments: $comments \n";
mail($to, $subject, $message, $headers);
header("Location: thankyou.html");
if(email2 == "") { //If email2 form section is blank then...
$firstname = $_POST['firstname'];
$lastname = $_POST['lastname'];
$email1 = $_POST ['email1'];
$phone = $_POST ['phone'];
$comments = $_POST ['comments'];
$testBot = $_POST ['email2'];
$headers = "MIME-Version: 1.0\r\n";
$headers = "From: $email1";
$to = 'beefjelly69@yahoo.com';
$subject = 'Contact Form Submitted - Virginia Subsite';
$message = "
First name: $firstname \n
Last name: $lastname \n
Email: $email1 \n
Phone: $phone \n
Comments: $comments \n";
mail($to, $subject, $message, $headers);
header("Location: thankyou.html");
}
else {
header("Location: thankyou.html");
}
?>
答案 0 :(得分:1)
代码技术
最好的方法,我已经看到在没有验证码的情况下清除机器人和公共表单中的机器人和垃圾邮件发送者。是生成随机md5 hash(每次刷新,应该使之前的hash无用),将hash存储在cookie中(用于POST检索) 。然后将hash字符串附加到每个input[name=username_d109770c2788b022deb0fac1182c9e19](我还POST表单上的哈希值,并针对POST验证cookie。< / p>
hashing输入字段的好处是..它会增加机器人能够硬编码到特定输入的难度(加上被动服务器验证)。
完成此操作后,只需添加input验证,例如email正则表达式等等。
安全技术
将honeypot project安装到您的服务器,它有101,130,389个垃圾邮件服务器,标识为时间:8:48 PM,19/02/2014(UTC + 12:00)。
Project Honey Pot是一个基于网络的蜜罐网络,它使用嵌入在网站中的软件来收集有关收集垃圾邮件地址时使用的IP地址的信息
答案 1 :(得分:0)
这是因为您总是先打电话给邮件表格。您需要在调用之前对其进行验证。检查email2字段为空后调用邮件功能。
实际上,在点击if语句之前,它总是发送邮件。
建议:考虑实现验证码或类似的东西。
答案 2 :(得分:0)
以下是基本表单验证的代码修订版(但它只检查空字段,不检查电子邮件是否有效 - 您可以轻松添加它),更重要的是,{{3保护。
注意:我没有测试这段代码,它可能会失败 - 如果是这样的话,可以随意投票
// Form validation, display errors
// in case of empty fields
$fields = ["firstname", "lastname", "email1", "phone", "comments"]
foreach ($fields as $field) {
if (!isset($_POST[$field]) || empty($_POST[$field])) {
die("Error, ".$field." can't be empty, please retry."); // if validation fails we stop the script
}
}
if (isset($_POST["email2"]) && !empty($_POST["email2"])) {
die(); // hidden field isn't empty, so it's spam, so we stop there
}
// e-mail header injection protection
$email1 = filter_var($_POST["email1"], FILTER_SANITIZE_EMAIL);
$firstname = $_POST['firstname'];
$lastname = $_POST['lastname'];
$phone = $_POST ['phone'];
$comments = $_POST ['comments'];
$headers = "MIME-Version: 1.0\r\n";
$headers = "From: $email1";
$to = 'beefjelly69@yahoo.com';
$subject = 'Contact Form Submitted - Virginia Subsite';
$message = "
First name: $firstname \n
Last name: $lastname \n
Email: $email1 \n
Phone: $phone \n
Comments: $comments \n";
mail($to, $subject, $message, $headers);
header("Location: thankyou.html");
答案 3 :(得分:0)
(一个迟到的答案,但可能会证明在路上很有用)。
通常情况下,SPAMBOTS会查找名为email或contact的表单元素或任何可见的输入,他们可以放置他们的小垃圾邮件。
你可以做的是显示/标记一个输入,说明“如果你是人,不要填写这个”。
例如:
如果你是人,请不要填写:<input type="text" name="email">
然后检查该字段是否为not empty。如果它不是空的并且(最有可能)被SPAMBOT填充,则将其设为die();或重定向。
例如:并使用命名提交按钮中的if(isset...:
<input type="submit" name="soobmeet" value="Send">
旁注:我选择了“soobmeet”,因为将其命名为“提交”等通常不是一个好主意。
(最近我在这里通过BIG GUNS学到的东西)
<强> PHP
<?php
if(isset($_POST['soobmeet'])){
$firstname = $_POST['firstname'];
$lastname = $_POST['lastname'];
$email1 = $_POST ['email1'];
$phone = $_POST ['phone'];
$comments = $_POST ['comments'];
$email = $_POST ['email'];
if(!empty($_POST['email'])){
header("Location: get_lost.html");
// or make it die();
}
else{
$headers = "MIME-Version: 1.0\r\n";
$headers = "From: $email1";
$to = 'email@example.com';
$subject = 'Contact Form Submitted - Virginia Subsite';
$message = "
First name: $firstname \n
Last name: $lastname \n
Email: $email1 \n
Phone: $phone \n
Comments: $comments \n";
mail($to, $subject, $message, $headers);
header("Location: thankyou.html");
}
}
?>
答案 4 :(得分:0)
首先,我真的不建议将其作为垃圾邮件/僵尸程序的威慑力量 - 有许多经过良好测试的第三方库供您使用。话虽如此,我已经对您的代码进行了一些小的改进。希望这有所帮助。
<?php
// Note: It is your own responsibility to validate user input!
if(isset($_POST['email2']) && $_POST['email2'] != "") {
$strFirstName = $_REQUEST['firstname'];
$strLastName = $_REQUEST['lastname'];
$strEmail = $_REQUEST['email1'];
$strPhone = $_REQUEST['phone'];
$strComments = $_REQUEST['comments'];
$strTestBot = $_REQUEST['email2'];
$strBody = "First name: ".$strFirstName." \nLast name: ".$strLastName." \nEmail: ".$strEmail." \nPhone: ".$strComments." \n";
mail('beefjelly69@yahoo.com', 'Contact Form Submitted - Virginia Subsite', $strBody, 'From: '.$strEmail);
header("Location: thankyou.html");
} else {
header("Location: thankyou.html");
}
?>
这是你想要达到的目标吗?此外,您应该验证每个字段,例如检查它们是否为空,格式和长度等等。preg_match()是一种很棒的方法,而且你可以在客户端添加一些小的验证。