如何将PHPMailer集成到此表单以使其更安全?

时间:2017-08-31 20:31:38

标签: javascript ajax phpmailer

我想改进联系表单代码(来自我正在使用的主题),因为它看起来非常基本而且根本不安全(尽管我喜欢当前代码中的字段是一个很好和流畅的消息未正确填写,或表格成功发送时)。

因此,为了使其更安全,我想将PHPMailer整合到其中。

不幸的是,由于我对JS和PHP不太熟悉,我不确定应该从哪里开始?我假设我应该在下面的代码中//proceed with PHP email之后以某种方式调用PHPMailer?

PHP:

<?php
if($_POST) {

    $to_Email = "greg@dfsfsfsdfsfdsds.com"; //Replace with recipient email address

    //check if its an ajax request, exit if not
    if(!isset($_SERVER['HTTP_X_REQUESTED_WITH']) AND strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) != 'xmlhttprequest') {

        //exit script outputting json data
        $output = json_encode(
        array(
            'type'=> 'error',
            'text' => 'Request must come from Ajax'
        ));

        die($output);
    }

    //check $_POST vars are set, exit if any missing
    if(!isset($_POST["userName"]) || !isset($_POST["userEmail"]) || !isset($_POST["userSubject"]) || !isset($_POST["userMessage"])) {
        $output = json_encode(array('type'=>'error', 'text' => 'Input fields are empty!'));
        die($output);
    }

    //additional php validation
    if(empty($_POST["userName"])) {
        $output = json_encode(array('type'=>'error', 'text' => 'Name is too short or empty!'));
        die($output);
    }
    if(!filter_var($_POST["userEmail"], FILTER_VALIDATE_EMAIL)) {
        $output = json_encode(array('type'=>'error', 'text' => 'Please enter a valid email!'));
        die($output);
    }
    if(strlen($_POST["userMessage"])<5) {
        $output = json_encode(array('type'=>'error', 'text' => 'Too short message! Please enter something.'));
        die($output);
    }

    //proceed with PHP email.
    $headers = 'From: '.$_POST["userEmail"].'' . "\r\n" .
    'Reply-To: '.$_POST["userEmail"].'' . "\r\n" .
    'X-Mailer: PHP/' . phpversion();

        // send mail
    $sentMail = @mail($to_Email, $_POST["userSubject"], $_POST["userMessage"] .'  -'.$_POST["userName"], $headers);

    if(!$sentMail) {
        $output = json_encode(array('type'=>'error', 'text' => 'Could not send mail! Please check your PHP mail configuration.'));
        die($output);
    } else {
        $output = json_encode(array('type'=>'message', 'text' => 'Hi '.$_POST["userName"] .' Thank you for your email'));
        die($output);
    }
}
?>

JS:

/*******************
 * Contact Form JavaScript
********************/

$(document).on("ready",function() {

    $("#email-form [type='submit']").click(function(event) {
        event.preventDefault();
        //get input field values
        var user_name       = $('input[name=name]').val()
        var user_email      = $('input[name=email]').val()
        var user_subject    = $('input[name=subject]').val()
        var user_message    = $('textarea[name=message]').val()

        //data to be sent to server
        post_data = {'userName':user_name, 'userEmail':user_email, 'userSubject':user_subject, 'userMessage':user_message}

        //Ajax post data to server
        $.post('contact_me.php', post_data, function(response){  

            //load json data from server and output message    
            if(response.type == 'error') {

                output = '<div class="error-message"><p class="from">'+response.text+'</p></div>'

            } else {

                output = '<div class="success-message"><p class="seuccses">'+response.text+'</p></div>'

                //reset values in all input fields
                $('#email-form input').val('')
                $('#email-form textarea').val('')
            }

            $("#result").hide().html(output).slideDown()

        }, 'json')

    });

    //reset previously set border colors and hide all message on .keyup()
    $("#email-form input, #email-form textarea").keyup(function() {
        $("#result").slideUp()
    })

});

0 个答案:

没有答案
相关问题
最新问题