1. 首頁
  2. 問答
  3. 如何通過html和php安全地發送郵件(帖子)

如何通過html和php安全地發送郵件(帖子)

2012-08-06 78 views
0

我在我的服務器上使用php代碼將消息發送給我的客戶。我使用的編程工具(Game Maker)允許我通過執行一個shell來通過php發送消息,以便鏈接顯示在瀏覽器中。如何通過html和php安全地發送郵件(帖子)

例子是here ...

與所有其他的東西添加。所以實際上,我發送的消息和我發送的所有內容都可以在瀏覽器中看到。我使用php get方法。現在一切正常,除非它可能不安全。有人建議使用php post方法,但是當我更換了我的服務器上的php cod以發佈並在瀏覽器中粘貼相同的內容時,我的代碼無法工作。這很難解釋,但這裏是我的服務器上的php代碼:

<?php 
// Some checks on $_SERVER['HTTP_X_REFERRER'] and similar headers 
// might be in order 

// The input form has an hidden field called email. Most spambot will 
// fall for the trap and try filling it. And if ever their lord and master checks the bot logs, 
// why not make him think we're morons that misspelled 'smtp'? 
if (!isset($_GET['email'])) 
    die("Missing recipient address"); 
if ('' != $_GET['email']) 
{ 
    // A bot, are you? 
    sleep(2); 
    die('DNS error: cannot resolve smpt.gmail.com'); 
    // Yes, this IS security through obscurity, but it's only an added layer which comes almost for free. 
} 

$newline = $_GET['message']; 

$newline = str_replace("[N]","\n","$newline"); 
$newline = str_replace("[n]","\n","$newline"); 

// Add some last-ditch info 
$newline .= <<<DIAGNOSTIC_INFO 

--- 
Mail sent from $_SERVER[REMOTE_ADDR]:$_SERVER[REMOTE_PORT] 


DIAGNOSTIC_INFO; 

mail('[email protected]','missing Password Report',$newline,"From: ".$_GET['from']); 

header('Location: http://site.com/report.html') ; 
?>

然後我在我的網站上調用這個php代碼。所以最終,整個事情在瀏覽器地址欄中結束。我希望這是有道理的。如何通過使用信息讓事情更安全,以便至少所發送的信息不會在用戶歷史記錄中看到。

來源

2012-08-06 Yaw Ansong

+4

請注意,從GET切換到POST時沒有什麼安全的。通過POST,你只需將它隱藏一點(如果使用隱藏字段)。但大家仍然可以輕鬆找到它。如果您需要安全通信,請切換到HTTPS。 – 2012-08-06 10:36:59

回答

1

如果更換你的表來發表您需要更換請求POST太:

<?php 
// Some checks on $_SERVER['HTTP_X_REFERRER'] and similar headers 
// might be in order 

// The input form has an hidden field called email. Most spambot will 
// fall for the trap and try filling it. And if ever their lord and master checks the   bot logs, 
    // why not make him think we're morons that misspelled 'smtp'? 
    if (!isset($_POST['email'])) 
    die("Missing recipient address"); 
if ('' != $_POST['email']) 
{ // A bot, are you? 
     sleep(2); 
    die('DNS error: cannot resolve smpt.gmail.com'); 
     // Yes, this IS security through obscurity, but it's only an added layer which comes almost for free. 
    } 



$newline = $_POST['message']; 

$newline = str_replace("[N]","\n","$newline"); 
$newline = str_replace("[n]","\n","$newline"); 

// Add some last-ditch info 
    $newline .= <<<DIAGNOSTIC_INFO 

--- 
Mail sent from $_SERVER[REMOTE_ADDR]:$_SERVER[REMOTE_PORT] 


DIAGNOSTIC_INFO; 

mail('[email protected]','missing Password Report',$newline,"From: ".$_POST['from']); 

header('Location: http://site.com/report.html') ; 
?>

除非你與真正的GET參數,如http://www.mysite.com/send.php?email=etc在發送;在這種情況下,您需要將其設置爲GET來檢索變量。

來源

2012-08-06 10:35:08 Peon

+0

的確,這就是問題所在。 HTTP://www.mysite.com/send.php電子郵件=等等 這是我送我的消息 – 2012-08-06 10:39:13

+0

你的意思改變形式的方法,「後」 – Waygood 2012-08-06 10:40:30

+0

@YawAnsong發送?郵件的表單設置爲POST。請勿直接輸入網址。 – Peon 2012-08-06 10:41:06

相關問題

 相關問題