限制访问sendmessage.php

时间:2016-07-22 16:31:21

标签: php apache server phpmailer contact-form

一旦表单字段通过bootstrapvalidator验证,我的联系表单中的消息将通过名为sendmessage.php(phpmailer)的文件发送。

<form action="sendmessage.php" class="well form-horizontal" id="contact_form" method="post" name="contact_form">

问题在于,如果某人直接在他们的网络浏览器中输入www.mydomain.com/sendmessage.php,则会发送一封空电子邮件(因此这意味着所有字段验证都被绕过)。

我该如何防止这种情况?

非常感谢

验证

$(document).ready(function() {

        $('#contact_form').bootstrapValidator({
            feedbackIcons: {
                valid: 'fa fa-check',
                invalid: 'fa fa-times',
                validating: 'fa fa-refresh'
            },
            fields: {
                first_name: {
                    validators: {
                            stringLength: {
                            min: 2,
                        },
                            notEmpty: {
                            message: 'Veuillez indiquer votre prénom'
                        }
                    }
                },
                 last_name: {
                    validators: {
                         stringLength: {
                            min: 2,
                        },
                        notEmpty: {
                            message: 'Veuillez indiquer votre nom'
                        }
                    }
                },
                email: {
                    validators: {
                        notEmpty: {
                            message: 'Veuillez indiquer votre adresse e-mail'
                        },
                        regexp: {
                        regexp: '^[^@\\s]+@([^@\\s]+\\.)+[^@\\s]+$',
                        message: 'Veuillez indiquer une adresse e-mail valide'
                                }
                    }
                },
                message: {
                    validators: {
                          stringLength: {
                            min: 10,
                            max: 1000,
                            message:'Votre message doit faire plus de 10 caractères et moins de 1000.'
                        },
                        notEmpty: {
                            message: 'Veuillez indiquer votre message'
                        }
                        }
                    }
                }}).on('success.form.bv', function (e) {
                e.preventDefault();
              $('button[name="submit"]').hide();

              var bv = $(this).data('bootstrapValidator');
              // Use Ajax to submit form data
              $.post($(this).attr('action'), $(this).serialize(), function (result) {
                  if (result.status == 1) {
                      $('#success_message').slideDown({
                          opacity: "show"
                      }, "slow")
                      $('#contact_form').data('bootstrapValidator').resetForm();
                  } else {
                        $('#error_message').slideDown({
                          opacity: "show"
                      }, "slow")              }
              }, 'json');
          }
            );

    });

SENDMESSAGE.PHP

<?php


require 'PHPMailer/PHPMailerAutoload.php';

$mail = new PHPMailer;
$mail->CharSet = 'utf-8';

$email_vars = array(
    'message' => str_replace("\r\n", '<br />', $_POST['message']),
    'first_name' => $_POST['first_name'],
    'last_name' => $_POST['last_name'],
    'phone' => $_POST['phone'],
    'email' => $_POST['email'],
    'organisation' => $_POST['organisation'],
    'server' => $_SERVER['HTTP_REFERER'],
    'agent' => $_SERVER ['HTTP_USER_AGENT'],

);


//Enable SMTP debugging. 
$mail->SMTPDebug = false;                               
//Set PHPMailer to use SMTP.
$mail->isSMTP();            
//Set SMTP host name                          
$mail->Host = "smtp.sendgrid.net";
//Set this to true if SMTP host requires authentication to send email
$mail->SMTPAuth = true;                          
//Provide username and password     
$mail->Username = "";                 
$mail->Password = "";                           
//If SMTP requires TLS encryption then set it
$mail->SMTPSecure = "tls";                           
//Set TCP port to connect to 
$mail->Port = 587;                                   

$mail->FromName = $_POST['first_name'] . " " . $_POST['last_name'];


$mail->From = ('mail@');
$mail->addReplyTo($_POST['email']);



$mail->addAddress("conta");
//CC and BCC
$mail->addCC("");

$mail->isHTML(true);

$mail->Subject = "Nouveau message depuis xyz";

$body = file_get_contents('emailtemplate.phtml');

if(isset($email_vars)){
    foreach($email_vars as $k=>$v){
        $body = str_replace('{'.strtoupper($k).'}', $v, $body);
    }
}
$mail->MsgHTML($body);

/* $mail->Body =  $_POST['message']."<br><br>Depuis la page: ". str_replace("http://", "", $_SERVER['HTTP_REFERER']) . "<br>" . $_SERVER ['HTTP_USER_AGENT'] ; */


$response = array();
if(!$mail->send()) {
  $response = array('message'=>"Mailer Error: " . $mail->ErrorInfo, 'status'=> 0);
} else {
  $response = array('message'=>"Message has been sent successfully", 'status'=> 1);
}

/* send content type header */
header('Content-Type: application/json');

/* send response as json */
echo json_encode($response);

?>

3 个答案:

答案 0 :(得分:1)

你需要将邮件功能放在一个回发语句中

if(isset($_POST["submit"])){

 // put mail function here

} 
 else
 { ?> <h1>Youve reached this page in error</h1> <?php } ?>

答案 1 :(得分:0)

试试这个

if(isset($_POST["submit"])){

 // put mail function here

} 
 else
 { 
echo '<script>history.go(-2);</script> ';
// you can also use php header function also
// header("Location:form.php"); 
}

答案 2 :(得分:-1)

当用户访问您的网站时,您拥有他的IP。如果IP ==&#39; your-server-ip&#39;然后执行