我知道这些都被贬低了,但我只是不明白我做错了什么。我有下面的php联系表单,我一直在注意,机器人正在我的服务器上传文件以发送垃圾邮件。
<?php
if ($_SERVER["REQUEST_METHOD"] == "POST") {
$name = trim($_POST["username"]);
$email = filter_var(trim($_POST["email"]), FILTER_SANITIZE_EMAIL);
$message = trim($_POST["message"]);
if(isset($_POST['g-recaptcha-response'])){
$captcha = $_POST['g-recaptcha-response'];
}
//Validate the data
if (empty($name) OR !filter_var($email, FILTER_VALIDATE_EMAIL) OR empty($message) OR empty($captcha)) {
http_response_code(400);
echo "<span class='glyphicon glyphicon-remove' aria-hidden='true'></span> <strong>Please fill all the form inputs and check the captcha to submit.</strong>";
exit;
}
//recipient email address.
$recipient = "mail@mail.com";
//email subject.
$subject = "New message from $name";
//email content.
$email_content = "Name: $name\n";
$email_content .= "Email: $email\n\n";
$email_content .= "Message:\n$message\n";
//email headers.
$email_headers = "From: $name <$email>";
$response=file_get_contents("https://www.google.com/recaptcha/api/siteverify?secret=6Lf7gjIUAAAAAOxxh1Y2oLGPB9T_iPm4VYOD2LhV&response=".$captcha."&remoteip=".$_SERVER['REMOTE_ADDR']);
$decoded_response = json_decode($response, true);
if($decoded_response['success'] == true) {
// Send the email.
if (mail($recipient, $subject, $email_content, $email_headers)) {
http_response_code(200);
echo "<span class='glyphicon glyphicon-ok' aria-hidden='true'></span> <strong>Thank You! Your message has been sent.</strong>";
} else {
http_response_code(500);
echo "Whoa! message could not be sent.";
}
} else {
http_response_code(400);
echo 'You are a spammer!';
}
}
?>
那我在这里做错了什么?