首先,我对PHP并不了解。我将尝试以一种理解来解释我站点上的PHP是由一个朋友在大学为我编写的,因此我只了解其中的一小部分。无论如何,一切工作都很好,我只是想知道现在何时收到来自nf.theamitybladecom@boscustweb2204.eigbox.net的自动回复,这给我带来了哪些错误。 theamitybladecom当然是对我的网站名称的引用。我希望可以通过noreply@theamityblade.com或其他方式进行调整。无论如何,这是我到目前为止的代码,请原谅我删除了一些敏感条目。希望您能理解我的工作,并且可以轻松地对我的代码进行更改。我根本无法处理复杂的PHP,因此请以新手的术语进行解释。您能提供的任何帮助将不胜感激。谢谢
黑色闪电
<?php
/* Verify captcha from google */
function verify_captcha($response) {
$url = 'https://www.google.com/recaptcha/api/siteverify';
$curl = curl_init();
$captcha_verify_url = "https://www.google.com/recaptcha/api/siteverify";
curl_setopt($curl, CURLOPT_URL,$captcha_verify_url);
curl_setopt($curl, CURLOPT_POST, true);
curl_setopt($curl, CURLOPT_POSTFIELDS, "secret=captchaSecretKey&response=".$response);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
$verify = curl_exec ($curl);
curl_close ($curl);
$captcha_success=json_decode($verify);
if ($captcha_success->success==true) {
return true;
} else{
return false;
}
}
$action=$_REQUEST['action'];
$show_form = true;
if ($action!="") /* display the contact form */
{
$name=$_POST['name'];
$email=$_POST['email'];
$message=$_POST['message'];
$response = $_POST["g-recaptcha-response"];
//check if the captcha is valid or not
if (verify_captcha($response)) {
$subject="New Message for me!";
mail("example@mysite.com",$subject,$message,"From: $email \n");
echo "Email sent!!";
$show_form = false;
} else if ($captcha_success->success==false) {
$show_form = true;
}
}
?>
<?php if($show_form) { ?>
<form id="form" class="contact-form" action="" onSubmit="return checkValid()"method="POST" enctype="multipart/form-data">
<input type="hidden" name="action" value="submit" />
<span id="blue-text">Your name:<br>
<input id="name" name="name" type="text" value="" size="50"/>
<br>
Your email:<br>
<input id="email" name="email" type="text" value="" size="50"/><br>
Your message:<br>
</span>
<textarea id="message" name="message" wrap="hard" rows="10" cols="49" ></textarea>
<br>
<div class="g-recaptcha" data-sitekey="captchaSiteKey"></div>
<input type="submit" value="Send"/>
</form>
<?php
}
/* Prepare autoresponder subject */
$respond_subject = "Thank you for contacting me!";
/* Prepare autoresponder message */
$respond_message = "Hello!
Thank you for contacting me! I will get back to you
as soon as possible!
Yours sincerely,
My Name
www.mysite.com
";
/* Send the message using mail() function */
mail($email, $respond_subject, $respond_message);
?>
<script>
function checkValid()
{
var name = document.getElementById("name");
var email = document.getElementById("email");
var message = document.getElementById("message");
var firstError = null;
var errorMessage = "";
if (name.value == "")
{
errorMessage += "Please enter your name! \n";
if (firstError == null)
{
firstError = name;
}
}
if (email.value == "")
{
errorMessage += "Please enter your email! \n";
if (firstError == null)
{
firstError = email;
}
}
if (message.value == "")
{
errorMessage += "Please enter your message! \n";
if (firstError == null)
{
firstError = message;
}
}
if (errorMessage != "")
{
alert(errorMessage);
firstError.focus();
return false;
}
else
{
return true;
}
}
</script>
答案 0 :(得分:1)
当前正在尝试使用提交者的电子邮件地址作为发件人地址:
mail("example@mysite.com",$subject,$message,"From: $email \n");
不要那样做;它是伪造的,将被阻止完全起作用,或者导致您的邮件被垃圾邮件过滤或退回。将其设置为回复标头:
mail("example@mysite.com", $subject, $message, "Reply-to: $email \n");
此代码易受标头注入攻击,因为在用作消息标头之前未对$_POST['email']进行过滤。总体而言,避免完全使用邮件功能;本质上是不安全的。使用PHPMailer之类的库(为该问题添加了标签),然后使用SMTP将其发送到本地主机,这既快捷又安全。参见PHPMailer's contact form example。