0

从 1970 年 1 月 1 日起,我网站上填写的所有联系表格突然进入我的收件箱???

他们最终出现在我的收件箱底部,我错过了一些线索......

任何想法如何突然开始发生?

我在联系页面上使用的代码是:-

<?php
if(isset($_POST['email'])) {

// EDIT THE 2 LINES BELOW AS REQUIRED
$email_to = "my email address";
$email_subject = "Website Contact Enquiry";


function died($error) {
    // your error code can go here
    echo "We are very sorry, but there were error(s) found with the form you submitted.     ";
    echo "These errors appear below.<br /><br />";
    echo $error."<br /><br />";
    echo "Please go back and fix these errors.<br /><br />";
    die();
}

// validation expected data exists
if(!isset($_POST['name']) ||
    !isset($_POST['email']) ||
    !isset($_POST['tel']) ||
    !isset($_POST['message'])||
    !isset($_POST['formtype'])
    ) {
    died('We are sorry, but there appears to be a problem with the form you  submitted.');       
}

$name = $_POST['name']; // required
$email_from = $_POST['email']; // required
$tel = $_POST['tel']; // required
$message = $_POST['message']; // required
$formtype = $_POST['formtype'];


$email_message = "Form details below.\n\n";

function clean_string($string) {
  $bad = array("content-type","bcc:","to:","cc:","href");
  return str_replace($bad,"",$string);
}

$email_message .= "Name: ".clean_string($name)."\n";
$email_message .= "Email: ".clean_string($email_from)."\n";
$email_message .= "Tel: ".clean_string($tel)."\n";
$email_message .= "Message: ".clean_string($message)."\n";
$email_message .= "formtype: ".clean_string($formtype)."\n"; 

// create email headers
$headers = 'From: '.$email_from."\r\n".
'Reply-To: '.$email_from."\r\n" .
'X-Mailer: PHP/' . phpversion().date();
@mail($email_to, $email_subject, $email_message, $headers);  
?>
4

1 回答 1

1

将此添加到您的标题中:

'Date: ' . date('r'),

另外,一定要消毒$email_from。现在,您允许垃圾邮件发送者向其他收件人发送电子邮件并更改标题。在此处阅读更多信息:http ://www.securephpwiki.com/index.php/Email_Injection

于 2013-04-07T13:19:33.663 回答