【发布时间】:2016-07-22 16:31:21
【问题描述】:
通过 bootstrapvalidator 验证表单字段后,我的联系表单中的消息将通过名为 sendmessage.php (phpmailer) 的文件发送。
<form action="sendmessage.php" class="well form-horizontal" id="contact_form" method="post" name="contact_form">
问题是,如果有人直接在他们的网络浏览器中键入www.mydomain.com/sendmessage.php,则会发送一封空电子邮件(因此这意味着所有字段验证都被绕过了)。
我怎样才能防止这种情况发生?
非常感谢
验证:
$(document).ready(function() {
$('#contact_form').bootstrapValidator({
feedbackIcons: {
valid: 'fa fa-check',
invalid: 'fa fa-times',
validating: 'fa fa-refresh'
},
fields: {
first_name: {
validators: {
stringLength: {
min: 2,
},
notEmpty: {
message: 'Veuillez indiquer votre prénom'
}
}
},
last_name: {
validators: {
stringLength: {
min: 2,
},
notEmpty: {
message: 'Veuillez indiquer votre nom'
}
}
},
email: {
validators: {
notEmpty: {
message: 'Veuillez indiquer votre adresse e-mail'
},
regexp: {
regexp: '^[^@\\s]+@([^@\\s]+\\.)+[^@\\s]+$',
message: 'Veuillez indiquer une adresse e-mail valide'
}
}
},
message: {
validators: {
stringLength: {
min: 10,
max: 1000,
message:'Votre message doit faire plus de 10 caractères et moins de 1000.'
},
notEmpty: {
message: 'Veuillez indiquer votre message'
}
}
}
}}).on('success.form.bv', function (e) {
e.preventDefault();
$('button[name="submit"]').hide();
var bv = $(this).data('bootstrapValidator');
// Use Ajax to submit form data
$.post($(this).attr('action'), $(this).serialize(), function (result) {
if (result.status == 1) {
$('#success_message').slideDown({
opacity: "show"
}, "slow")
$('#contact_form').data('bootstrapValidator').resetForm();
} else {
$('#error_message').slideDown({
opacity: "show"
}, "slow") }
}, 'json');
}
);
});
SENDMESSAGE.PHP
<?php
require 'PHPMailer/PHPMailerAutoload.php';
$mail = new PHPMailer;
$mail->CharSet = 'utf-8';
$email_vars = array(
'message' => str_replace("\r\n", '<br />', $_POST['message']),
'first_name' => $_POST['first_name'],
'last_name' => $_POST['last_name'],
'phone' => $_POST['phone'],
'email' => $_POST['email'],
'organisation' => $_POST['organisation'],
'server' => $_SERVER['HTTP_REFERER'],
'agent' => $_SERVER ['HTTP_USER_AGENT'],
);
//Enable SMTP debugging.
$mail->SMTPDebug = false;
//Set PHPMailer to use SMTP.
$mail->isSMTP();
//Set SMTP host name
$mail->Host = "smtp.sendgrid.net";
//Set this to true if SMTP host requires authentication to send email
$mail->SMTPAuth = true;
//Provide username and password
$mail->Username = "";
$mail->Password = "";
//If SMTP requires TLS encryption then set it
$mail->SMTPSecure = "tls";
//Set TCP port to connect to
$mail->Port = 587;
$mail->FromName = $_POST['first_name'] . " " . $_POST['last_name'];
$mail->From = ('mail@');
$mail->addReplyTo($_POST['email']);
$mail->addAddress("conta");
//CC and BCC
$mail->addCC("");
$mail->isHTML(true);
$mail->Subject = "Nouveau message depuis xyz";
$body = file_get_contents('emailtemplate.phtml');
if(isset($email_vars)){
foreach($email_vars as $k=>$v){
$body = str_replace('{'.strtoupper($k).'}', $v, $body);
}
}
$mail->MsgHTML($body);
/* $mail->Body = $_POST['message']."<br><br>Depuis la page: ". str_replace("http://", "", $_SERVER['HTTP_REFERER']) . "<br>" . $_SERVER ['HTTP_USER_AGENT'] ; */
$response = array();
if(!$mail->send()) {
$response = array('message'=>"Mailer Error: " . $mail->ErrorInfo, 'status'=> 0);
} else {
$response = array('message'=>"Message has been sent successfully", 'status'=> 1);
}
/* send content type header */
header('Content-Type: application/json');
/* send response as json */
echo json_encode($response);
?>
【问题讨论】:
-
检查您的
sendmessage.php中设置的提交按钮。if (isset($_POST['submit'])) { /* send email */ } -
添加某种验证码技术,这里有一个:google.com/recaptcha/intro/index.html
-
不要只依赖客户端验证。您必须在服务器端也进行所有相同的验证,否则您的表单可能会被利用。
-
感谢同步。由于我使用的是github.com/PHPMailer/PHPMailer,所以phpmailer在服务器端所做的检查不都是一样的吗?
标签: php apache server phpmailer contact-form