新手来了 请多多包涵。所以我做了一个php邮件脚本。它对字段进行基本验证,返回错误,如果一切正常则提交。但它也有一个不需要填写的蜜罐字段(我假设通过使用 css 隐藏它,垃圾邮件机器人无论如何都会填写该字段)。如果该字段不为空,它会打开一个文本文件并在其上写入/附加尝试,并且还会发送有关尝试的电子邮件警报。
<?php
//print_r($_POST);
$error['name'] ="";
$error['company']="";
$error['email'] ="";
$error['subject'] ="";
$error['message'] ="";
$error['website'] ="";
$success = "";
$thistime = time();
$current_date = date('m/d/Y/T ==> H:i:s');
if(isset($_POST['_save'])) {
$name = stripslashes($_POST['name']);
$email = stripslashes($_POST['email']);
$company = stripslashes($_POST['company']);
$message = stripslashes($_POST['message']);
$subject = stripslashes($_POST['subject']);
$website = stripslashes($_POST['website']);
if (empty($name) || empty($email) || empty($subject) || empty($message) ||
!empty($website)) {
if (empty($name))
$error['name'] = "Please enter your Full Name";
if (empty($email))
$error['email'] = "Please enter a valid Email Address";
if (empty($company))
$error['company'] = "Please enter Your Company Name";
if (empty($subject))
$error['subject'] = "Please Write a Subject";
if (empty($message))
$error['message'] = "Please write a message, inquiries or
other concerns above";
if (!empty($website))
$error['subject'] = "Opps looks like you're a spambot. You
just filled in a not required field.;
$myFile = "botlog.txt";
$fh = fopen($myFile, 'a') or die("can't open file");
$stringData = "bot trapped" . " " . "-" . " " . $website . " " . "-
" . " " . $current_date . "\r\n";
fwrite($fh, $stringData);
fclose($fh);
$donot="donotreply@whatever.com";
$headers="From: {$email}\r\nReply-To: {$donot}"; //create headers
mail('opps@gmail.com',$headers,$stringData);
}
else { //if not empty
stripslashes($headers);
$headers="From: {$email}\r\nReply-To: {$email}"; //create headers
$content="Name: ".$name."\r\n\r\nCompany: "
.$company."\r\n\r\nSubject: ".$subject."\r\n\r\nMessage: ".$message;
mail('opps@gmail.com',$subject,$content,$headers); //mails it
$success = "Thank you! You're email has been sent.";
#done;
}
}
?>
我做得对吗?这会打开任何漏洞吗?我愿意接受任何建议和改进。谢谢。