phpmailer安全方法,将凭据放在INI文件中的Web根目录中

时间:2014-05-15 20:03:44

标签: php phpmailer

首先感谢您的时间并帮助我。 我有一个简单的联系表格,我使用phpmailer。

我想将凭据存储在webroot的INI文件中,然后将其包含在我的mail.php文件中,该文件是邮件发送脚本。

如何编写INI内容以及如何在mail.php文件中调用它们?

这是我的HTML文件,它与我们联系:

<h3><font style="line-height:170%" size="4"> <a id="contactus">Contact us form</a>  </font></h3>
            <form method="post" action="email.php" accept-charset="UTF-8">          
            <p>         
            <label>your name</label>
            <input name="dname" type="text" size="30" />
            <label>your email</label>
            <input name="demail" type="text" size="30" />


            <label>your domain name</label>
            <input name="ddomain" type="text" size="30" />


            <label>Message</label>
            <textarea name="dmessage" id="dmessage" rows="5" cols="5"></textarea>
            <br />  
            <input class="button" type="submit" value="submit"/>        
            </p>        
            </form>             
            <br />

这是email.php文件:

   <?php
header('Content-type: text/plain; charset=utf-8');
$email = $_REQUEST['demail'] ;
$message = $_REQUEST['dmessage'] ;
$ddomain = $_REQUEST['ddomain'] ;
require("PHPMailer_v5.1/class.phpmailer.php");

$mail = new PHPMailer();
$mail->CharSet = 'UTF-8';
$mail->IsSMTP();


$mail->Host = "localhost";

$mail->SMTPAuth = true; 

$mail->Username = "info@example.com"; // SMTP username
$mail->Password = "this is the password"; // SMTP password


$mail->From = $email;

$mail->AddAddress("info@example.com");

$mail->WordWrap = 50;

$mail->IsHTML(true);

$mail->Subject = $ddomain;

$mail->Body    = $message;
$mail->AltBody = $ddomain;

if(!$mail->Send())
{
   echo "Error <p>";
   echo "Mailer Error: " . $mail->ErrorInfo;
   exit;
}

echo "we have received your email";
?>

我想将凭证存放在安全的地方。

另一个问题是,每当有人在浏览器中打开email.php文件(example.com/email.php)时,都会向我发送一封空邮件,如何防止它? 我希望email.php文件只能通过填写表单而不是直接打开email.php文件来执行客户联系的结果

谢谢大家

2 个答案:

答案 0 :(得分:2)

<?php

if (empty($_REQUEST['demail']) || empty($_REQUEST['dmessage'])) {
    die();
}

$constants = parse_ini_file("/outside/web/sample.ini");

header('Content-type: text/plain; charset=utf-8');
$email = $_REQUEST['demail'] ;
$message = $_REQUEST['dmessage'] ;
$ddomain = $_REQUEST['ddomain'] ;
require("PHPMailer_v5.1/class.phpmailer.php");

$mail = new PHPMailer();
$mail->CharSet = 'UTF-8';
$mail->IsSMTP();


$mail->Host = "localhost";

$mail->SMTPAuth = true; 

$mail->Username = $constants['username']; // SMTP username
$mail->Password = $constants['password']; // SMTP password


$mail->From = $email;

$mail->AddAddress("info@example.com");

$mail->WordWrap = 50;

$mail->IsHTML(true);

$mail->Subject = $ddomain;

$mail->Body    = $message;
$mail->AltBody = $ddomain;

if(!$mail->Send())
{
echo "Error <p>";
echo "Mailer Error: " . $mail->ErrorInfo;
exit;
}

echo "we have received your email";
?>

INI文件(sample.ini)如下所示:

username = "info@example.com"
password = "PASSW0RD"

答案 1 :(得分:0)

感谢您的帮助。 我对你的代码做了一些改变,但是它非常令人满意。 而不是说:

if (empty($_REQUEST['demail']) || empty($_REQUEST['dmessage'])) {
    die();
}

我用过这个:

    if (empty($_REQUEST['demail']) || empty($_REQUEST['dmessage'])) {
   echo "Please fill-in Email and Message sections completely!";
   exit;
}

感谢您的帮助

相关问题
最新问题