我是一個業餘的網頁設計師,我已經在stackoverflow.com和其他網站上搜索,並已找到這個問題我有很多修復,但他們都沒有工作(可能是因爲我實施他們不正確)。我希望有更多知識的人可以通過簡單的修復幫助我,或者告訴我如何實現我找到的修復之一。防止php web聯繫表格垃圾郵件
問題:我的業務網站上有一個非常簡單的php聯繫表單。它工作了很多年,但在上週遭到黑客入侵。我現在每天收到數百份聯繫表單提交,沒有評論,他們只有(顯然是有效的)電子郵件地址和名稱字段中的一串字符(如「58ee8b52eef46」)。
我已經嘗試了幾種技術來防止這種垃圾郵件,他們要麼打破我的PHP形式,要麼他們不阻止垃圾郵件。 如果可能的話,我想要一個不需要驗證碼失真文本測試的解決方案,並且不需要填寫表單的所有字段。
這裏是我的全部的PHP代碼:
<?php
if(isset($_POST['email'])) {
$email_to = "[email protected]";
$email_subject = "website form submission";
function died($error) {
echo "We are very sorry, but there were error(s) found with the form you submitted. ";
echo "These errors appear below.<br /><br />";
echo $error."<br /><br />";
echo "Please go back and fix these errors.<br /><br />";
die();
}
if(!isset($_POST['name']) ||
!isset($_POST['email']) ||
!isset($_POST['telephone']) ||
!isset($_POST['comments'])) {
died('We are sorry, but there appears to be a problem with the form you submitted.');
}
$name = $_POST['name'];
$email_from = $_POST['email'];
$telephone = $_POST['telephone'];
$comments = $_POST['comments'];
$error_message = "";
if(strlen($error_message) > 0) {
died($error_message);
}
$email_message = "Form details below.\n\n";
function clean_string($string) {
$bad = array("content-type","bcc:","to:","cc:","href");
return str_replace($bad,"",$string);
}
$email_message .= "Name: ".clean_string($name)."\n";
$email_message .= "Email: ".clean_string($email_from)."\n";
$email_message .= "Telephone: ".clean_string($telephone)."\n";
$email_message .= "Comments: ".clean_string($comments)."\n";
$headers = 'From: '.$email_from."\r\n".
'Reply-To: '.$email_from."\r\n" .
'X-Mailer: PHP/' . phpversion();
@mail($email_to, $email_subject, $email_message, $headers);
?>
Thank you for contacting us. We will be in touch with you soon. You will now be redirected back to example.com.
<META http-equiv="refresh" content="2;URL=http://www.example.com">
<?php
}
die();
?>
你有看'captcha' – RiggsFolly
林我確定我有提及d此之前,但谷歌recaptcha現在是絕大多數合法訪問者無法訪問。 – Steve
我已考慮使用驗證碼。但我更喜歡一個不使用captcha的修補程序,以便在我的網站上保持整潔。 – user7858610