各位高手好。我正在寻求帮助以提高我正在使用的旧的告诉朋友 PHP 脚本的垃圾邮件安全性。上周,它成为垃圾邮件机器人的受害者,该机器人在不到一分钟的时间内使用了 60 次,使服务器超载。我的问题是,我如何以最简单或最简单的方式修改它,可能保存 IP 或使用 cookie,不确定,以便同一用户在不到一分钟的时间内不能使用超过 3 次,例如或如果您有更好的建议,那将是非常受欢迎的;]
这是加载脚本的 HTML 页面:(HTML 也已过时,我正在处理它)
<html>
<head>
<title>Tell a Friend</title>
<meta name="robots" content="noindex, nofollow" />
<script language="javascript">
function reset() {
document.tellafriend.name.value="";
document.tellafriend.email.value="";
document.tellafriend.fmail1.value="";
document.tellafriend.fmail2.value="";
document.tellafriend.fmail3.value="";
}
function validate() {
if (document.tellafriend.fmail1.value.length==0) {
alert("Oops! you'll need to enter a friend's email address");
return false;
}
if (document.tellafriend.email.value.length==0) {
alert("Oops! you forget to enter your email address");
return false;
}
if (document.tellafriend.name.value.length==0) {
alert("Oops! you forgot to enter your name");
return false;
}
document.tellafriend.submit()
return true;
}
</script>
</head>
<body onLoad="reset()">
<table>
<tr>
<td>
<span>Complete the details below to send this link to a friend:</span>
<? $refurl = $_SERVER['HTTP_REFERER']; ?>
<span><? print $refurl;?></span>
<form name="tellafriend" action="tellafriend.php" method="post" onSubmit="return checkfields()">
<table>
<tr>
<td> Your name*:</td>
<td>
<input name="name" size="30" maxlength="45">
</td>
</tr>
<tr>
<td>Your email*:</td>
<td>
<input name="email" size="30" maxlength="45">
</td>
</tr>
<tr>
<td colspan="2">
<p align="center">Enter your friend's email addresses:</p>
</td>
</tr>
<tr>
<td>Email 1*:</td>
<td>
<input name="fmail1" class="bordesolid1" size="30" maxlength="50">
</td>
</tr>
<tr>
<td>Email 2*:</td>
<td>
<input name="fmail2" size="30" maxlength="50">
</td>
</tr>
<tr>
<td>Email 3*:</td>
<td>
<input name="fmail3" size="30" maxlength="50">
</td>
</tr>
<tr>
<td colspan="2">
<p align="center">
<span>This message will contain your name & email address.</span><br>
<input onclick="validate();" type="button" value="click once to send">
<input type=hidden name=refurl value="<? print $refurl;?>">
</td>
</tr>
</table>
</form>
</td>
</tr>
</table>
</body>
</html>
这是 PHP 脚本 (tellafriend.php):
<?php
if(count($_POST)) {
foreach(array('fmail1','fmail2','fmail3','email','name') as $key) $_POST[$key] = strip_tags($_POST[$key]);
if(!is_secure($_POST)) {
die("Peace People! Stop Spamming!");
}
$emailto = "admin@domain.com";
$esubject = "Recommendation form submission";
$emailtext = "$_POST[name] has used your recommendation form using an email address of $_POST[email].
The people the recommendation has been submitted to are:
$_POST[fmail1]
$_POST[fmail2]
$_POST[fmail3]
The page recommended:
$_POST[refurl]";
@mail("$emailto", $esubject, $emailtext, "From: $_POST[email]");
$thankyoupage = "thankyou.htm";
$tsubject = "A web page recommendation from $_POST[name]";
$ttext = "Hi, $_POST[name], whose email address is $_POST[email] thought you may be interested in this web page.
$_POST[refurl];
@mail("$_POST[fmail1],$_POST[fmail2],$_POST[fmail3]", $tsubject, $ttext, "FROM: $_POST[email]");
header("Location: $thankyoupage");
exit;
}
function is_secure($ar) {
$reg = "/(Content-Type|Bcc|MIME-Version|Content-Transfer-Encoding)/i";
if(!is_array($ar)) {
return preg_match($reg,$ar);
}
$incoming = array_values_recursive($ar);
foreach($incoming as $k=>$v) if(preg_match($reg,$v)) return false;
return true;
}
function array_values_recursive($array) {
$arrayValues = array();
foreach ($array as $key=>$value) {
if (is_scalar($value) || is_resource($value)) {
$arrayValues[] = $value;
$arrayValues[] = $key;
}
elseif (is_array($value)) {
$arrayValues[] = $key;
$arrayValues = array_merge($arrayValues, array_values_recursive($value));
}
}
return $arrayValues;
}
?>
百万感谢您的帮助。如果有人可以向我推荐另一个(简单的)安全性更好的,那也很棒。