我在网站上有简单的联系表格,几天前,我开始在网站上收到一半空白电子邮件。
他们看起来与下面的示例相同,填写了名字和电子邮件字段,但是电话和消息字段是空的:
名称: 5906F36C9C72B电子邮件: njhjlee@gmail.com(任何时间不同的电子邮件(电话:
消息:
这是HTML代码:
<form id="contactform" action="assets/php/mail_submit.php" method="post">
<div class="row">
<div class="col-xs-12 col-md-4">
<input type="text" name="name" id="name" placeholder="Your Name" required/>
</div><!--column-->
<div class="col-xs-12 col-md-4">
<input type="text" name="email" id="email" placeholder="Your email" required/>
</div><!--column-->
<div class="col-xs-12 col-md-4">
<input type="text" name="phone" id="phone" placeholder="Ваш телефон" required/>
</div><!--column-->
<p class="antispam">Leave this empty: <input type="text" name="url" /></p>
<div class="col-xs-12 col-md-8">
<textarea placeholder="Message" name="message" id="message" required></textarea>
</div><!--column-->
<div class="col-xs-12 col-md-4">
<input class="btn btn-default" id="submit" type="submit" value="Send"/>
</div><!--column-->
</div><!--row-->
</form>
这是PHP脚本:
<?php
if (!isset($_REQUEST['name']) || !isset($_REQUEST['email']) ||
!isset($_REQUEST['message']) || !isset($_REQUEST['phone'])) {
die();
}
if (isset($_POST['name']) || isset($_POST['email']) ||
isset($_POST['message']) || isset($_POST['phone']) && !empty($_POST['name'])
|| !empty($_POST['email']) || !empty($_POST['message']) |
!empty($_POST['phone'])) {
$your_email="my@mail.com";
$name=$_POST['name'];
$email=$_POST['email'];
$message=$_POST['message'];
$phone=$_POST['phone'];
$to = $your_email;
$subject = "My Website: New Message! rn";
$message = '
<html>
<head>
<title>Message from '. $name .'</title>
</head>
<body>
<table class="table">
<tr>
<th align="right">Name:</th>
<td align="left">'. $name .'</td>
</tr>
<tr>
<th align="right">E-mail:</th>
<td align="left">'. $email .'</td>
</tr>
<tr>
<th align="right">Phone:</th>
<td align="left">'. $phone .'</td>
</tr>
<tr>
<th align="right">Message:</th>
<td align="left">'. $message .'</td>
</tr>
</table>
</body>
</html>';
$headers .= "From: no-reply@website.comrn";
$headers .= "Reply-To: $email rn";
$headers .= "Return-Path: $emailrn";
$headers .= "X-Mailer: PHP rn";
$headers .= 'Content-type: text/html; charset=utf-8' . "rn";
mail($to, $subject, $message, $headers);
} else {
die();
}
?>
这是Ajax脚本:
function IsEmail(email) {
var regex = /^([a-zA-Z0-9_.-+])+@(([a-zA-Z0-9-])+.)+([a-zA-Z0-9]
{2,4})+$/;
return regex.test(email);
}
if($("#contactform").length!=0){
$("#contactform").submit(function (e) {
e.preventDefault();
var name = $("#name").val(),
email = $("#email").val(),
phone = $("#phone").val(),
message = $("#message").val(),
dataString = 'name=' + name + '&email=' + email+ '&phone=' + phone +
'&message=' + message;
if (name === '' || !IsEmail(email) || phone === '' || message ===
'') {
$('#valid-issue').html('Not correct data').slideDown();
} else {
$.ajax({
type: "POST",
url: "/assets/php/mail_submit.php",
data: dataString,
success: function () {
$('#contactform').slideUp();
$('#valid-issue').html('Thank you. Message was sent successfully.').show();
}
});
}
});
}
我已经检查了日志,发现所有垃圾邮件机器人都来自Thor网络和不同的IP。我尝试了验证码,但这无济于事。请提供建议,请...
尝试加强您的JavaScript检查,也使用" Trim":
var name = $("#name").val().trim();
使用php str_word_count来加强检查空消息的检查。
例如。
$message= filter_input(INPUT_POST, 'message');
// check $message is not empty and that it contains more than 5 words
if($message != "" || str_word_count($message) < 5) {
echo "Message is valid"
}else{
echo "Invalid Message";
}
我使用您的PHP代码其他一些错误的事情:您切勿直接访问超级全局帖子/获取变量。使用php Innolielt Filter功能或自定义的功能。
$name= filter_input(INPUT_POST, 'name');
或者您可以使用
function FilterData($value){
$trimmed = trim($value);
$notags = strip_tags($trimmed);
return $notags;
}
然后:
$name = FilterData($_POST['name']);
对于电子邮件,您可以使用
$email = filter_var($email, FILTER_SANITIZE_EMAIL);
更多信息在这里和此处
希望它有帮助;(