PHP Mail:蜜罐方法的概念

时间:2019-03-22 18:42:06

标签: php forms email post recaptcha

我在想我(或我们)如何构建一个功能齐全的PHP表单,该表单可以做两件事:

  • 随机生成
  • 解析为电子邮件时保留原始格式

对于不熟悉蜜罐方法的任何人,我都会简要地解释一下。 honeypot方法使用视觉上不可见的字段(显示:无),发布时应保持空白。由于漫游器只会检查源代码,因此漫游器很可能会自动填写此字段,因此在发布表单时会被if / else检查阻止。

我写了一个概念,解释了必须执行的算法。我添加了一些示例数组,只是为了演示。

我很好奇是否有人可以帮助我加强方法。这样够安全吗?还是我想念的东西。 

$fields = [
    [
        "name" => "name",
        "type" => "text",
        "class" => "input--text",
        "required" => true
    ],
    [
        "name" => "email",
        "type" => "text",
        "class" => "input--text",
        "required" => true
    ],
    [
        "name" => "phone",
        "type" => "text",
        "class" => "input--text",
        "required" => true
    ],
];

$classes = [
    "input--town",
    "input--city",
    "input--country",
    "input--date",
    "input--subject",
    "input--town",
    "input--town",
];

$names = [
    "city",
    "birthday",
    "genre",
    "location",
    "agreement",
    "year",
    "month",
    "day",
    "strength",
];

$types = [
    "date",
    "email",
    "text",
    "time",
    "search",
    "checkbox",
    "radio",
    "week",
];

// $_POST
$_POST = [
    "birthday" => "",
    "name" => "Jim",
    "city" => "",
    "email" => "text@example.com",
    "phone" => "1234567890"
];

$fields = (count($fields) + rand(2, 6));

// Concept algorithm
/*

    === Goal
    Randomize both real and fake fields in order to prevent 
    AI / Spider(s) / Bot(s) to figure out our honeypot method

    === Parsing of field
    - For loop the amount of fields
    - Create new array with fields
    - Include the fields with index $i in new array (with encrypted CSS order slug, md5 into sha1 with substring)
    - If all included randomize the remaining (random: class, random: type, random: order)
    - Shuffle array
    - Loop and parse into <form></form>
    - Add ReCAPTCHA

    === Retrieving of $_POST and markup of e-mail
    - Check for ReCAPTCHA validity
    - Loop through $_POST
    - Check:
        - If "name" in $names => If so => check if empty. If empty, continue
            - Save all collected $_POST fields to new array
            - Loop through the original array of $fields
            - Use name attribute in fields to index $_POST fields
            - Escape, sanitize and parse to e-mail message
            ---------
            - DONE => Send 
            ---------
        - Else => It's a field that should be empty so it's filled by a bot... SPAM!

    === Featured
    - Random amount of fields (both fake and true)
    - Randomized order of fields in HTML
    - Structurized with CSS
    - Algorithmic check if fake or real field
    - Keep original field order in e-mail markup

0 个答案:

没有答案
相关问题
最新问题