我想让我的联系表格不太可能遭受攻击者的攻击。
这是公众可以看到的;
<script>
var checkobj
function agreesubmit(el){
checkobj=el
if (document.all||document.getElementById){
for (i=0;i<checkobj.form.length;i++){ //hunt down submit button
var tempobj=checkobj.form.elements[i]
if(tempobj.type.toLowerCase()=="submit")
tempobj.disabled=!checkobj.checked
}
}
}
function defaultagree(el){
if (!document.all&&!document.getElementById){
if (window.checkobj&&checkobj.checked)
return true
else{
alert("Please check the box confirming your details are correct.")
return false
}
}
}
function handleEnter (field, event) {
var keyCode = event.keyCode ? event.keyCode : event.which ? event.which : event.charCode;
if (keyCode == 13) {
var i;
for (i = 0; i < field.form.elements.length; i++)
if (field == field.form.elements[i])
break;
i = (i + 1) % field.form.elements.length;
field.form.elements[i].focus();
return false;
}
else
return true;
}
<!--
function formCheck(formobj){
// Enter name of mandatory fields
var fieldRequired = Array("name", "email", "message");
// Enter field description to appear in the dialog box
var fieldDescription = Array("Name", "Email Address", "Your Message");
// dialog message
var alertMsg = "Please complete the following fields:\n";
var l_Msg = alertMsg.length;
for (var i = 0; i < fieldRequired.length; i++){
var obj = formobj.elements[fieldRequired[i]];
if (obj){
switch(obj.type){
case "select-one":
if (obj.selectedIndex == -1 || obj.options[obj.selectedIndex].text == ""){
alertMsg += " - " + fieldDescription[i] + "\n";
}
break;
case "select-multiple":
if (obj.selectedIndex == -1){
alertMsg += " - " + fieldDescription[i] + "\n";
}
break;
case "text":
case "textarea":
case "password":
if (obj.value == "" || obj.value == null){
alertMsg += " - " + fieldDescription[i] + "\n";
}
break;
default:
}
if (obj.type == undefined){
var blnchecked = false;
for (var j = 0; j < obj.length; j++){
if (obj[j].checked){
blnchecked = true;
}
}
if (!blnchecked){
alertMsg += " - " + fieldDescription[i] + "\n";
}
}
}
}
if (alertMsg.length == l_Msg){
return true;
}else{
alert(alertMsg);
return false;
}
}
// -->
var emailfilter=/^\w+[\+\.\w-]*@([\w-]+\.)*\w+[\w-]*\.([a-z]{2,4}|\d+)$/i
function checkmail(e){
var returnval=emailfilter.test(e.value)
if (returnval==false){
alert("Please enter a valid email address.")
e.select()
}
return returnval
}
</script>
<div align="center">
<font color="#FF0000">
<?php
//If there is an error message...show it.
if(isset($_SESSION['ERRMSG'])) {
echo $_SESSION['ERRMSG'];
echo "<br>";
unset($_SESSION['ERRMSG']);
}
?>
</font>
</div>
<p class="greywritingsmall" style="text-align:center">Fields marked with a <span class="purplewriting">*</span> are required. </p>
<span style="text-align:center">
<form action="execs/contactus.php" method="post" name="register" class="greywriting" id="register" onsubmit="return formCheck(this)">
<table width="620" border="0" align="center" cellpadding="2" cellspacing="2" class="formgreywriting">
<tr align="left">
<td width="115">Full Name: <font color="#64195A">*</font></td>
<td width="193"><input name="name" type="text" id="name" onkeypress="return handleEnter(this, event)" value="<?php if(isset($_SESSION['SESS_FULL_NAME'])){echo $_SESSION['SESS_FULL_NAME'];}?>" /></td>
<td width="112">Email Address: <font color="#64195A">*</font></td>
<td width="174"><input name="email" type="text" id="email" onkeypress="return handleEnter(this, event)" value="<?php if(isset($_SESSION['SESS_EMAIL'])){echo $_SESSION['SESS_EMAIL'];}?>" /></td>
</tr>
<tr align="left">
<td width="115">Membership No: (If Applicable)</td>
<td width="193"><input name="member_id" type="text" id="member_id" onkeypress="return handleEnter(this, event)" value="<?php if(isset($_SESSION['SESS_MEMBER_ID'])){echo $_SESSION['SESS_MEMBER_ID'];}?>" /></td>
<td width="112">Department: <font color="#64195A">*</font></td>
<td width="174">
<select name="department" id="department">
<?php
$query = mysql_query("SELECT * FROM departments ORDER BY name ASC");
echo "<option value=\"\">Please select one...</option>";
while($result = mysql_fetch_array($query)){
echo "<option value=\"" . $result['code'] . "\">" . $result['name'] . "</option>";
}
?>
</select>
</td>
</tr>
<tr align="center">
<td colspan="1" align="left">Message: <font color="#64195A">*</font></td>
<td colspan="3" align="left"><textarea name="message" rows="8" cols="60" id="message" value="<?php if(isset($_POST['message'])){echo $_POST['message'];}?>"></textarea></td>
</tr>
<tr>
<td colspan="4" align="center">
<img id="captcha" src="/securimage/securimage_show.php" alt="CAPTCHA Image" />
<input type="text" name="captcha_code" size="10" maxlength="6" />
<a href="#" onclick="document.getElementById('captcha').src = '/securimage/securimage_show.php?' + Math.random(); return false">[ Different Image ]</a>
</tr>
<tr>
<td colspan="4" align="center"><font color="#64195A">
<input type="checkbox" name="tc" id="tc" onclick="agreesubmit(this)"/>
I confirm that all my details are correct.</a></font></td>
</tr>
<tr>
<td colspan="4" align="center"><input name="submit" value="Send Message" type="submit" onclick="return checkmail(this.form.email)" disabled/></td>
</tr>
<tr>
<td colspan="4" align="center"> </td>
</tr>
</table>
</form>
<script>
document.forms.register.tc.checked=false
</script>
</span></div>
这是“幕后”文件。
<?php
//DB Connect
require_once('../config.php');
session_start();
// Connect to Database
$link = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD);
if(!$link) {
die('Failed to connect to server: ' . mysql_error());
}
$db = mysql_select_db(DB_DATABASE);
if(!$db) {
die("Unable to select database");
}
//Set error flag - flase
$errmsg_arr = array();
$errflag = false;
//Prevent SQL injection
function clean($str) {
$str = @trim($str);
if(get_magic_quotes_gpc()) {
$str = stripslashes($str);
}
return mysql_real_escape_string($str);
}
//Colect variables
$data = array();
$data['email'] = array();
//-
$data['name'] = $_POST['name'];
$data['email']['user'] = $_POST['email'];
$data['message'] = $_POST['message'];
$data['department'] = $_POST['department'];
//Pilot ID
if(isset($_POST['member_id'])){$data['member_id'] = $_POST['member_id'];} else {$data['member_id'] = '';}
//Checks
//x
//Get department email address
$query = mysql_query("SELECT * FROM departments WHERE code = '" . $_POST['department'] . "'");
$result = mysql_fetch_array($query);
$data['email']['department'] = $result['email'];
$data['department_name'] = $result['name'];
//Any errors
if($errflag) {
$_SESSION['ERRMSG_ARR'] = $errmsg_arr;
session_write_close();
header("location: ../index.php?p=whotocontact");
exit();
}
//Checks
include_once $_SERVER['DOCUMENT_ROOT'] . '/securimage/securimage.php';
$securimage = new Securimage();
//CAPTCHA
if ($securimage->check($_POST['captcha_code']) == false) {
// the code was incorrect
// you should handle the error so that the form processor doesn't continue
// or you can use the following code if there is no validation or you do not know how
echo "The security code entered was incorrect.<br /><br />";
echo "Please go <a href='javascript:history.go(-1)'>back</a> and try again.";
exit;
}
//Send mail
$messageunwrapped =
"Department: $data[department_name]
Name: $data[name]
Member ID: $data[member_id]
Message:
$data[message]";
$message = wordwrap($messageunwrapped,70);
if($data['member_id'] == ''){
$subject = 'Message from ' . $data['name'];
} else {
$subject = 'Message from ' . $data['name'] . ' - ' . $data['member_id'];
}
$to = $data['email']['department'];
$headers = 'From: '. $data['email']['user'] . "\r\n";
$sendmail = mail($to,$subject,$message,$headers);
//Done
$errmsg = 'Success! Email Sent.';
$_SESSION['ERRMSG'] = $errmsg;
session_write_close();
header("location: ../index.php?p=whotocontact");
exit();
?>
我真的很感谢你能给我的任何帮助。提前谢谢你。
答案 0 :(得分:0)
对于反垃圾邮件,您可以向用户询问一个问题,例如2 + 2和$_POST回答下一页的问题,并检查用户提供的答案是否等于由PHP。
$question1 = mt_rand(1,10);
$question2 = mt_rand(1,10);
$answer = $question1 + $question2;
在你的html表单中为答案和问题创建两个输入
*What is <?php echo $question1 ." + ". $question2;?>? (Anti-spam):
<input type="number" required name="Human" ><br>
<input name="answer" id="subject" type="hidden" value="<?php echo "$answer"; ?>">
在您的表单中,您可以检查答案是否正确
<?php
$answer = $_POST['answer'];
if(isset ($_POST['submit']) && $_POST['human'] == answer) {
your mail procesing here
}