0

我在我的服务器上使用 php 代码向我的客户发送消息。我使用的编程工具(Game Maker)允许我通过执行 shell 来通过 php 发送消息,以便链接出现在浏览器中。

例子在这里...

添加了所有其他的东西。所以实际上,我发送的消息和我发送的所有内容都可以在浏览器中看到。我使用 php get 方法。现在一切正常,除了它可能不安全。有人建议使用 php post 方法,但是当我在我的服务器上替换 get in my php cod 进行发布,并在浏览器中粘贴相同的内容时,我的代码不起作用。很难解释,但这是我服务器上的 php 代码:

<?php
// Some checks on $_SERVER['HTTP_X_REFERRER'] and similar headers
// might be in order

// The input form has an hidden field called email. Most spambot will
// fall for the trap and try filling it. And if ever their lord and master checks the bot logs,
// why not make him think we're morons that misspelled 'smtp'?
if (!isset($_GET['email']))
    die("Missing recipient address");
if ('' != $_GET['email'])
{
    // A bot, are you?
    sleep(2);
    die('DNS error: cannot resolve smpt.gmail.com');
    // Yes, this IS security through obscurity, but it's only an added layer which   comes almost for free.
}

$newline = $_GET['message'];

$newline = str_replace("[N]","\n","$newline");
$newline = str_replace("[n]","\n","$newline");

// Add some last-ditch info
$newline .= <<<DIAGNOSTIC_INFO

---
Mail sent from $_SERVER[REMOTE_ADDR]:$_SERVER[REMOTE_PORT]


DIAGNOSTIC_INFO;

mail('info@site.com','missing Password Report',$newline,"From: ".$_GET['from']);

header( 'Location: http://site.com/report.html' ) ;
?>

然后我在我的网站上调用这个 php 代码。所以最后,整个事情都在浏览器地址栏中结束。我希望这是有道理的。如何通过使用 post 使事情更加安全,以便至少在用户历史记录中无法看到发送的信息等等。

4

1 回答 1

1

如果您在表单中替换为 POST,您也需要将请求替换为 POST:

<?php
// Some checks on $_SERVER['HTTP_X_REFERRER'] and similar headers
// might be in order

// The input form has an hidden field called email. Most spambot will
// fall for the trap and try filling it. And if ever their lord and master checks the          bot logs,
   // why not make him think we're morons that misspelled 'smtp'?
   if (!isset($_POST['email']))
    die("Missing recipient address");
 if ('' != $_POST['email'])
 {  // A bot, are you?
       sleep(2);
     die('DNS error: cannot resolve smpt.gmail.com');
      // Yes, this IS security through obscurity, but it's only an added layer which   comes almost for free.
   }



 $newline = $_POST['message'];

$newline = str_replace("[N]","\n","$newline");
$newline = str_replace("[n]","\n","$newline");

// Add some last-ditch info
  $newline .= <<<DIAGNOSTIC_INFO

---
Mail sent from $_SERVER[REMOTE_ADDR]:$_SERVER[REMOTE_PORT]


DIAGNOSTIC_INFO;

mail('info@site.com','missing Password Report',$newline,"From: ".$_POST['from']);

header( 'Location: http://site.com/report.html' ) ;
?>

除非您使用真正的 GET 参数发送它,例如http://www.mysite.com/send.php?email=etc; 在这种情况下,您确实需要将其设置为 GET 以检索变量。

于 2012-08-06T10:35:08.010 回答