PHP形式的麻烦

时间:2014-12-31 07:26:36

标签: php forms

我正在为我的网站使用000webhost,他们一直暂停我的帐户,因为我显然发送了超过1000封电子邮件。这通过我的联系表单提交电子邮件大约30秒后发生。我只收到一封电子邮件,所有来自表单的电子邮件都发给我,他们也不是我的垃圾邮件。

我只是想知道这个表单是否实际上是循环并发送消息但是我没有得到它们或者这是000webhost错误。我有一个联系表格,因为我创建了这个网站,现在它只引起了问题。

下面是联系表格的代码:

<!doctype html>
<html>
<head>
<meta charset="utf-8">
<link rel="stylesheet" href="CSS/primary.css"> <!--Address Using URL to prevent no styling when slash is typed-->
<link rel="shortcut icon" href="Images/tabIcon.ico">
<title>Harry Felton | Welcome</title>
</head>
<script language="php">
    require_once'header.php';
</script>
<script src="https://ajax.googleapis.com/ajax/libs/jquery/1.11.1/jquery.min.js"></script>
<script>
    $('body').hide()
    $("#notify").hide()
</script>
<script>
    function toggleAbout(){
        if ($("#center").hasClass("up")) {
            $("#about").slideToggle(500);
            setTimeout(function() {
                $("#center").css({
                    msTransform: 'translateY(10px)',
                    webkitTransform: 'translateY(10px)',
                    transform: 'translateY(10px)',
                })
            }, 500);
        } else {
            $("#center").css({
                msTransform: 'translateY(-75px)',
                webkitTransform: 'translateY(-75px)',
                transform: 'translateY(-75px)',
            })      
            setTimeout(function() {
            $("#about").slideToggle(500);
        }, 1000);

        }
        $($("#center").toggleClass("up"))
    };
</script>
<body onunload="" class="pg-index">
    <div class="overwrap">
        <div id="center">
            <h1 id="title1">Welcome</h1>
            <h2 id="title2">Harry Felton</h2>
            <h2 id="subTitle">Auckland | New Zealand</h2>
            <br><br><br><br>
            <div id="about" style="display: none;">
                <p>Hi, My name is Harry and I am an amateur programmer, I just do it as a hobby until I can actually take it as a course, I have created many programs, and love doing it, I am also into ComputerCraft which is a mod for Minecraft that adds programmable computers.<br><br>This website domain was initially created around September 2014, It took about a week to create, It was awesome, As it was the first time I had ever used HTML, CSS or JavaScript. On the 20th November I chose to completely recreate the website, So I deleted all files, And now... Here we are.<br><br>My absolute favorite thing to do in this world is code, I enjoy making, distributing and using my programs, And the feedback is always awesome, If you feel like leaving feedback, then click HERE</p>
            </div>
        </div>
        </div>
        <script type="text/javascript" src="JavaScript/element.js"></script>
        <script type="text/javascript" src="JavaScript/pageNav.js"></script>
        <script src="http://ajax.googleapis.com/ajax/libs/jqueryui/1.10.4/jquery-ui.min.js"></script>
        <script src="https://ajax.aspnetcdn.com/ajax/jquery.validate/1.11.1/jquery.validate.js"></script>
        <div id="contactForm" class="hidden">
            <title>Contact Us</title>
            <div id="mainPageCont">
            <?php error_reporting(0); ?>
            <?php if(isset($_POST['Email'])): ?>
                <?php
                $to      = 'harryfelton12@gmail.com';
                $subject = 'ALERT! Website Form Submission';
                $message = 'Users Name: '.strip_tags($_POST['Name'])."\n"; 
                $message .= 'Users Email: '.strip_tags($_POST['Email'])."\n";
                $message .= 'Submitted Message: '.strip_tags($_POST['Comment'])."\n";
                $headers = 'From: noReply@harryfelton.com' . "\r\n" .
                    'Reply-To: '.strip_tags($_POST['Email']) . "\r\n";
                ?>
                <?php if(mail($to, $subject, $message, $headers)): ?>
                <script type="text/javascript">
                    console.log('Mail OK')
                    location.href="/"  
                </script>
                <?php endif ?>
            <?php  else: ?>
            <script>console.log('Loading Contact Script')</script>
            <form method="post" id="comments_form">
                <h2>Please Leave Some Feedback, It Helps!</h2>
                <div class="row">
                    <div class="label">
                        Your Name
                    </div>
                    <!--.label end-->
                    <div class="input">
                        <input type="text" id="fullname" class="detail" name="Name"
                            value="<?php echo isset($_POST['Name'])? $_POST['Name'] : ''; ?>" placeholder="e.g John Doe"/>
                    </div>
                    <!--.input end-->
                    <div class="context">
                        <span>We want to know who we are talking too</span>
                    </div>
                    <!--end .context-->
                </div>
                <!--.row end-->

                <div class="row">
                    <div class="label">
                        Your Email
                    </div>
                    <!--.label end-->
                    <div class="input">
                        <input type="text" id="email" class="detail" name="Email" placeholder="e.g test@example.com" value="<?php echo isset($_POST['Email'])? $_POST['Email'] : ''; ?>" />
                    </div>
                    <!--.input end-->
                    <div class="context">
                        <span>We will send an email to this address containing a confirmation and any further replies</span>
                    </div>
                    <!--end .context-->
                </div>
                <!--.row end-->
                <div class="row">
                    <div class="label">
                        Your Message
                    </div>
                    <!--.label end-->
                    <div class="input2">
                        <textarea id="Comment" name="Comment" class="mess"><?php echo isset($_POST['Comment'])? $_POST['Comment'] : ''; ?></textarea>
                    </div>
                    <!--.input end-->
                </div>
                <!--.row end-->

                <div class="submit">
                    <input type="submit" id="submit" name="Submit" value="Send Message" />
                </div>
            </form>
            <?php endif; ?>
            <script>
            function CheckVal() {
                var SetMess = $('#option').val();
                $('#feedback').html(SetMess);

                if (SetMess !== '')  {
                        $('#submit').prop('disabled', false);
                    }
                else {
                        $('#submit').prop('disabled', true);
                    }
            }
            // As one types, check that the message is not empty
            $('#option').keyup(function () {
                CheckVal();
            });
            // As one clicks into the field, see if it has content
            $('#option').click(function () {
                CheckVal();
            });

                    $(document).ready(function() {
                        // validate form
                        $("#comments_form").validate({
                            // This will allow you to extend the validator functions
                            invalidHandler: 
                                    function(form, validator) {
                                      //  $("#get_online").val("CHECK");
                                },
                            rules: {
                                // For every named input that you want to validate,
                                // you create a little set of prefs
                                Name: {
                                    required: true,
                                },
                                Email: {
                                            required: true,
                                            email: true
                                        },
                                Comment: { required: true },
                                },
                            messages: {
                                    // Here are just the custom messages you can modify per field
                                    Name: {
                                            required: 'Please Enter Your Name', 
                                        },
                                    Email: {
                                            required: 'Please Enter An Email',
                                            email: 'Email address not valid',
                                        },
                                    Comment: { required: 'Please Enter A Message'},
                                },
                        });
                    });
            </script>
            </div>
        </div>
    </div>
    <script>
        $(document).ready(function() {  
            fadeIn("body");
            setTimeout(function() {
                notification();
            }, 500)
        });
    </script>
<script>changeWelcome("#title1");</script>

    <div id="notify">Disabled JavaScript Is Now Supported, Contact Form Is Being Worked On Again!<a onclick="notification();" id="notifyClose">x</a></div>    
    <script>
        function notification() {
            isNotify = true
            notifyID = "#notify"
            if (isNotify) {
                if ($(notifyID).hasClass("vis")) {
                    console.log("Notification Bar Enabled, Hiding: "+notifyID);
                    $(notifyID).slideUp(500);               
                } else {
                    $(notifyID).slideDown(500);
                    console.log("Notification Bar Enabled, Showing: "+notifyID);
                }
                $(notifyID).toggleClass("vis");
            }
        }
    </script>
</body>
</html>

如果你们想访问网站,那么就会看到链接:http://www.harryfelton.host56.com/虽然由于帐户被暂停而可能处于离线状态。

那么......您怎么看?这个循环发送1000封电子邮件?我一直在做一些控制台和警报测试,它似乎永远不会发送一个消息,但我想也许暂停时间有效。

1 个答案:

答案 0 :(得分:0)

我认为如果有人要在他们的浏览器中禁用javascript,他们可以绕过你的jQuery验证并发送1000封电子邮件,因为你没有验证你的Reply-To电子邮件服务器端。

尝试将服务器端验证更改为:

$to      = 'harryfelton12@gmail.com';
$subject = 'ALERT! Website Form Submission';
$message = 'Users Name: '.strip_tags($_POST['Name'])."\n"; 
$message .= 'Users Email: '.strip_tags($_POST['Email'])."\n";
$message .= 'Submitted Message: '.strip_tags($_POST['Comment'])."\n";
$headers = 'From: noReply@harryfelton.com' . "\r\n" .
                'Reply-To: '.strip_tags($_POST['Email']) . "\r\n";

// User the filter_var() function to check that there is no manipulation
// of the $headers
if(filter_var($_POST['Email'], FILTER_VALIDATE_EMAIL)) {
        if(mail($to, $subject, $message, $headers)) { ?>
            <script type="text/javascript">
                console.log('Mail OK')
                location.href="/"  
            </script>
<?php   } 
   } ?>

我没有看到任何循环以及你发布的内容。除了服务器端验证之外,我还没有看到为什么它应该发送1000封电子邮件。