如何添加$ bad =数组条件到die函数?

时间:2019-02-10 13:53:23

标签: php

当用户在注释字段中键入某些单词时,我希望sendmail PHP发出错误消息。我试图将$bad = array条件添加到function died($error),但是无法正确执行。我也不希望这些单词的大写字母影响我的数组。你会指导我怎么做吗?谢谢你。

    <?php
if(isset($_POST['email'])) {
$email_to = "example@example.com";
$email_subject = "From example.com";

function died($error) {
    echo "We are very sorry, but there were error(s) found with the form you submitted. ";
    echo "These errors appear below.<br /><br />";
    echo $error."<br /><br />";
    echo "Please go back and fix these errors.<br /><br />";
    die();  
}

if(!isset($_POST['name']) ||
    !isset($_POST['email']) ||
    !isset($_POST['comments'])) {
    died('We are sorry, but there appears to be a problem with the form you submitted.');   
}

//in your php ignore any submissions that inlcude this field
if(!empty($_POST['website'])) die();

$name = $_POST['name'];
$email_from = $_POST['email'];
$comments = $_POST['comments'];

$error_message = "";
if(strlen($error_message) > 0) {
died($error_message);
}
$email_message = "Form details below.\n\n";

function clean_string($string) {
    $bad = array("content-type","bcc:","to:","cc:","href","sex","sexy","girl","girls","www.","money","http","web","site","website","$");
    return str_replace($bad,"",$string);   
}

$email_message .= "Name: ".clean_string($name)."\n";
$email_message .= "Email: ".clean_string($email_from)."\n";
$email_message .= "Comments: ".clean_string($comments)."\n";

$headers = 'From: '.$email_from."\r\n".
'Reply-To: '.$email_from."\r\n" .
'X-Mailer: PHP/' . phpversion();
@mail($email_to, $email_subject, $email_message, $headers); 

?>

Thank you for contacting us. We will be in touch with you soon. You will now be redirected back to example.com.
<META http-equiv="refresh" content="2;URL=http://www.example.com/example.html">

<?php
}

die();

1 个答案:

答案 0 :(得分:0)

对于不区分大小写的用户,只需在注释字符串上调用strtolower(),然后再检查所有列入黑名单的字符串的小写字母即可。但老实说,我会完全重写此脚本。我不赞成使用die(),并且此脚本中的许多任务都可以完善/重构/重新定位。祝你好运。

代码:(Demo

function died($error) {
    echo "We are very sorry, but there were error(s) found with the form you submitted. ";
    echo "These errors appear below.<br /><br />";
    echo $error."<br /><br />";
    echo "Please go back and fix these errors.<br /><br />";
    die();  
}

function is_naughty($string) {
    $lower = strtolower($string);
    $blacklist = array("content-type","bcc:","to:","cc:","href","sex","sexy","girl","girls","www.","money","http","web","site","website","$");
    foreach ($blacklist as $value) {
        if (strpos($lower, $value) !== false) {
            // $value is the found blacklisted value
            died('We are sorry, but a blacklisted string was found in your comment.');
            // if not using die() in died(), then use break here
        }
    }
}

is_naughty("This is a comment about a girl's website");

输出:

We are very sorry, but there were error(s) found with the form you submitted. These errors appear below.<br /><br />We are sorry, but a blacklisted string was found in your comment.<br /><br />Please go back and fix these errors.<br /><br />

未经测试的三心二意的重写看起来像这样。

<?php
// in php7+, you can define array values as constants e.g.-> define("REQUIRED_FIELDS", [...]);
$required_fields  = ['email', 'name', 'comments'];
$string_blacklist = ['content-type', 'bcc:', 'to:', 'cc:', 'href', 'sex', 'sexy', 'girl', 'girls', 'www.', 'money', 'http', 'web', 'site', 'website', '$'];
// I foresee issues with this blacklist.  ...imagine if my name was "John Webster".  This validation design needs to mature.

// iterated validations
foreach ($fields_whitelist as $field) {
    if (empty($_POST[$field])) {
        $errors[] = "The $field field is required.";
    } else (
        $lower = strtolower($_POST[$field]);
        foreach ($string_blacklist as $value) {
            if (strpos($lower, $value) !== false) {
                $errors[] = "Blacklisted string <b>{$value}</b> found in {$field} field value.";
            }
        }
    }
}

// one-off validation
if (!empty($_POST['website'])) {
    $errors[] = "Submission disqualified.";  // specially handled occurrence
}

if (!empty($errors)) {
    echo "<div>";
        echo "<p>We are very sorry, but there were error(s) found with the form you submitted.</p>";
        echo "<ul><li>" , implode("</li><li>", $errors) , "</li></ul>";
        echo "<p>Please go back and fix these errors.</p>";
    echo "</div>";
} else {
    // For the record I do not endorse the use of mail(); PHPMailer is a more robust weapon for mailing
    // Further validation/sanitization should be implemented on the submitted values before constructing mail.
    // I'll avoid going down a rabbit hole and will not overhaul your mailing process from this point.
    $email_to = "example@example.com";
    $email_subject = "From example.com";

    $email_message  = "Form details below.\n\n";
    $email_message .= "Name: {$_POST['name']}\n";
    $email_message .= "Email: {$_POST['email']}\n";
    $email_message .= "Comments: {$_POST['comments']}\n";

    $headers = "From: {$_POST['email']}\r\n"
               . "Reply-To: {$_POST['email']}\r\n"
               . "X-Mailer: PHP/" . phpversion();

    // Don't use the stfu operator "@", handle errors appropriately.
    if (!mail($email_to, $email_subject, $email_message, $headers)) {
        echo "<div>";
            echo "<p>We are very sorry, but something went wrong while emailing your message.</p>";
            echo "<p>Please contact the site developer</p>";
        echo "</div>";
    } else {
        echo "<div>Thank you for contacting us. We will be in touch with you soon. You will now be redirected back to example.com.</div>";
        echo "<META http-equiv=\"refresh\" content=\"2;URL=http://www.example.com/example.html\">";
    }
}
?>
相关问题
最新问题