dsfds656545 2015-01-23 01:01
浏览 61
已采纳

使用PHPMailer从我的表单接收垃圾邮件

I am coming to stackoverflow for this because everything I search pretty much talks about email from a form using PHPMailer going to a users spam box. But, I need info on receiving spam from the form itself. I use it on a small, very light traffic real estate agents website. She gets spam from time to time and I don't know how to resolve it. PHPMailer seems to be the go to tool for sending email with PHP, so I figure spam/security is pretty well covered. I must be doing something wrong.... I am using class.phpmailer.php of course, and here is my code:

if ($_SERVER["REQUEST_METHOD"] == "POST") {
  $name = trim($_POST["name"]);
  $email = trim($_POST["email"]);
  $phone = trim($_POST["phone"]);
  $message = trim($_POST["message"]);


if ($name == "" OR $email == "" OR $phone == "" OR $message == "") {
    echo "You must specify a value for name, email address, phone, and message.";
    exit;
}

foreach( $_POST as $value ){
    if( stripos($value,'Content-Type:') !== FALSE ){
        echo "There was a problem with the information you entered.";    
        exit;
    }
}

if ($_POST["address"] != "") {
    echo "Your form submission has an error.";
    exit;
}

require_once("phpmailer/class.phpmailer.php");
$mail = new PHPMailer();

if (!$mail->ValidateAddress($email)){
    echo "You must specify a valid email address.";
    exit;
}

$email_body = "";
$email_body = $email_body . "Name: " . $name . "<br>";
$email_body = $email_body . "Email: " . $email . "<br>";
$email_body = $email_body . "Phone: " . $phone . "<br>";
$email_body = $email_body . "Message: " . $message;

$mail->SetFrom($email, $name);
$address = "email@domain.com";
$mail->AddAddress($address, "A Name Here");
$mail->Subject    = "Message from " . $name  . " on website contact form";
$mail->MsgHTML($email_body);

if(!$mail->Send()) {
  echo "There was a problem sending the email: " . $mail->ErrorInfo;
  exit;
}

header("Location: index.php?status=thanks");
exit;
}

The HTML is very simple:

<form id="form" name="form" method="post" action="contact-process.php">

    <?php if (isset($_GET["status"]) AND $_GET["status"] == "thanks") { ?>
      <p class="form-thanks">Thank you for contacting us. We'll be in touch with you very soon.</p>
    <?php } ?>

    <label>Name
    <span class="small">First and Last</span>
    </label>
    <input type="text" name="name" id="name" />

    <label>E-Mail
    <span class="small">name@email.com</span>
    </label>
    <input type="text" name="email" id="email" />

    <label>Phone Number
    <span class="small">With area code</span>
    </label>
    <input type="text" name="phone" id="phone" />

    <label>Message
    <span class="small">How can we help you?</span>
    </label>
    <textarea cols="40" rows="8" name="message"></textarea>

    <button type="submit">Submit</button>
    <div class="spacer"></div>

</form>
  • 写回答

1条回答 默认 最新

  • duan19913 2015-01-23 01:19
    关注

    A simple technique to avoid spam is to use something called a honey-pot, which is a text field which is not visible to normal users but a dumb spam-robot will probably enter something into that field.

    if ($_SERVER["REQUEST_METHOD"] == "POST") {

  // robot detection
  $honeypot = trim($_POST["email"]);     

  if(!empty($honeypot)) {
    echo "BAD ROBOT!"; 
    exit;
  }

  $name = trim($_POST["name"]);
  $email = trim($_POST["real_email"]);
  $phone = trim($_POST["phone"]);
  $message = trim($_POST["message"]);

  // rest stays as is

    In your HTML file you need to insert another "hidden" text field which is the honeypot:

    <label>E-Mail
<span class="small">name@email.com</span>
</label>
<input type="text" name="email" style="display: none;">
<input type="text" name="email_real" id="email" />

    Note how I changed the name of the actual, visible email text field to "email_real". It would be even better to avoid the word "email" completely in the real email field, since many robots are dumb.

    The invisible honeypot input field should be called "email" though. Why? Because most robots are scanning for some standard input fields like "email", "address" etc. - so it's important to give the honeypot a common form field name.

    Another neat trick is to swap some common field names, i.e swap the name for email and zip fields, so robots will fill in a numeric value for the email address and an email address for the zip code which will fail the validation.

    It's not a 100% guarantee to kill all spam but it worked quite well for me without forcing the user to solve an annoying captcha...

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥50 求解vmware的网络模式问题 别拿AI回答
  • ¥24 EFS加密后,在同一台电脑解密出错,证书界面找不到对应指纹的证书,未备份证书,求在原电脑解密的方法,可行即采纳
  • ¥15 springboot 3.0 实现Security 6.x版本集成
  • ¥15 PHP-8.1 镜像无法用dockerfile里的CMD命令启动 只能进入容器启动,如何解决?(操作系统-ubuntu)
  • ¥30 请帮我解决一下下面六个代码
  • ¥15 关于资源监视工具的e-care有知道的嘛
  • ¥35 MIMO天线稀疏阵列排布问题
  • ¥60 用visual studio编写程序,利用间接平差求解水准网
  • ¥15 Llama如何调用shell或者Python
  • ¥20 谁能帮我挨个解读这个php语言编的代码什么意思?