1

我正在使用 PHP 在我的网站上使用一个简单的联系表格,我即将在我的网站上安装 SSL,我需要对 PHP 代码进行任何更改吗,我对 SSL 完全陌生,这是我的第一次 SSL 安装。

<?php
$errors = array();
$missing = array();
if (isset($_POST['send'])) {
$to = 'john@example.com';
$subject = 'Feedback from contact form';
$expected = array('name', 'email', 'comments');
$required = array('name', 'email', 'comments');
$headers = "From: webmaster@example.com\r\n";
$headers .= "Content-type: text/plain; charset=utf-8";
require './includes/mail_process.php';
    if ($mailSent) {
    header('Location: thanks.php');
    exit;
}
}
?>
<!DOCTYPE HTML>
<html>
<head>
<meta charset="utf-8">
<title>Contact Us</title>
<link href="./styles.css" rel="stylesheet" type="text/css">
</head>

<body>
<h1>Contact Us</h1>
<?php if ($_POST && $suspect) { ?>
<p class="warning">Sorry your mail could not be be sent.</p>
<?php } elseif ($errors || $missing) { ?>
<p class="warning">Please fix the item(s) indicated.</p>
<?php }?>
<form name="contact" method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>">
<p>
    <label for="name">Name:
    <?php if ($missing && in_array('name', $missing)) { ?>
    <span class="warning">Please enter your name</span>
    <?php } ?>
    </label>
    <input type="text" name="name" id="name"
    <?php
    if ($errors || $missing) {
        echo 'value="' . htmlentities($name, ENT_COMPAT, 'utf-8') . '"';
    }
    ?>
    >
</p>
<p>
    <label for="email">Email:
    <?php if ($missing && in_array('email', $missing)) { ?>
    <span class="warning">Please enter your email address</span>
    <?php } elseif (isset($errors['email'])) { ?>
    <span class="warning">Invalid email address</span>
    <?php } ?>
    </label>
    <input type="text" name="email" id="email"
    <?php
    if ($errors || $missing) {
        echo 'value="' . htmlentities($email, ENT_COMPAT, 'utf-8') . '"';
    }
    ?>
    >
</p>
<p>
    <label for="comments">Comments:
    <?php if ($missing && in_array('comments', $missing)) { ?>
    <span class="warning">You forgot to add your comments</span>
    <?php } ?>
    </label>
    <textarea name="comments" id="comments"><?php 
    if ($errors || $missing) {
        echo htmlentities($comments, ENT_COMPAT, 'utf-8');
    }
    ?></textarea>
</p>
<p>
    <input type="submit" name="send" id="send" value="Send Comments">
</p>
</form>
<pre>
</body>
</html>

mail_process.php 是这样的

<?php
$suspect = false;
$pattern = '/Content-Type:|Bcc:|Cc:/i';

function isSuspect($val, $pattern, &$suspect) {
if (is_array($val)) {
    foreach ($val as $item) {
        isSuspect($item, $pattern, $suspect);
    }
} else {
    if (preg_match($pattern, $val)) {
        $suspect = true;
    }
}
}

isSuspect($_POST, $pattern, $suspect);

if (!$suspect) {
foreach ($_POST as $key => $value) {
    $temp = is_array($value) ? $value : trim($value);
    if (empty($temp) && in_array($key, $required)) {
        $missing[] = $key;
        $$key = '';
    } elseif(in_array($key, $expected)) {
        $$key = $temp;
    }
}
}

if (!$suspect && !empty($email)) {
$validemail = filter_input(INPUT_POST, 'email', FILTER_VALIDATE_EMAIL);
if ($validemail) {
    $headers .= "\r\nReply-to: $validemail";
} else {
    $errors['email'] = true;
}
}

if (!$suspect && !$missing && !$errors) {
$message = '';
foreach ($expected as $item) {
    if (isset($$item) && !empty($$item)) {
        $val = $$item;
    } else {
        $val = 'Not selected';
    }
    if (is_array($val)) {
        $val = implode(', ', $val);
    }
    $item = str_replace(array('_', '-'), ' ', $item);
    $message .= ucfirst($item) . ": $val\r\n\r\n";
}
$message = wordwrap($message, 70);

$mailSent = mail($to, $subject, $message, $headers, $authenticate); 
if (!$mailSent) {
    $errors['mailfail'] = true;
}
}
4

2 回答 2

0

由于您没有任何绝对 URL 引用,因此不会有问题。我建议您将其放在您的标题中(或所有 PHP 文件的顶部)以强制它们使用 https,这样如果您的网站确实需要绝对 URL,您可以像每个人一样将它们全部设为 HTTPS无论如何都被迫在那里。

if($_SERVER['HTTPS'] != 'on' || !stristr($_SERVER['HTTP_HOST'], 'www.')) {
    $redirect= "https://www.".str_replace('www.','',$_SERVER['HTTP_HOST']).$_SERVER['REQUEST_URI'];
    header("Location:$redirect");
}
于 2013-06-07T19:02:20.927 回答
0

您必须将绝对 URL 更改为“https://....”。如果您没有使用绝对 URL,那么如果您的表单和处理脚本都在 https 上,则没有什么可改变的。

于 2013-06-07T19:06:00.713 回答