dsfds656545 2015-01-23 01:01
浏览 61
已采纳

使用PHPMailer从我的表单接收垃圾邮件

I am coming to stackoverflow for this because everything I search pretty much talks about email from a form using PHPMailer going to a users spam box. But, I need info on receiving spam from the form itself. I use it on a small, very light traffic real estate agents website. She gets spam from time to time and I don't know how to resolve it. PHPMailer seems to be the go to tool for sending email with PHP, so I figure spam/security is pretty well covered. I must be doing something wrong.... I am using class.phpmailer.php of course, and here is my code:

if ($_SERVER["REQUEST_METHOD"] == "POST") {
  $name = trim($_POST["name"]);
  $email = trim($_POST["email"]);
  $phone = trim($_POST["phone"]);
  $message = trim($_POST["message"]);


if ($name == "" OR $email == "" OR $phone == "" OR $message == "") {
    echo "You must specify a value for name, email address, phone, and message.";
    exit;
}

foreach( $_POST as $value ){
    if( stripos($value,'Content-Type:') !== FALSE ){
        echo "There was a problem with the information you entered.";    
        exit;
    }
}

if ($_POST["address"] != "") {
    echo "Your form submission has an error.";
    exit;
}

require_once("phpmailer/class.phpmailer.php");
$mail = new PHPMailer();

if (!$mail->ValidateAddress($email)){
    echo "You must specify a valid email address.";
    exit;
}

$email_body = "";
$email_body = $email_body . "Name: " . $name . "<br>";
$email_body = $email_body . "Email: " . $email . "<br>";
$email_body = $email_body . "Phone: " . $phone . "<br>";
$email_body = $email_body . "Message: " . $message;

$mail->SetFrom($email, $name);
$address = "email@domain.com";
$mail->AddAddress($address, "A Name Here");
$mail->Subject    = "Message from " . $name  . " on website contact form";
$mail->MsgHTML($email_body);

if(!$mail->Send()) {
  echo "There was a problem sending the email: " . $mail->ErrorInfo;
  exit;
}

header("Location: index.php?status=thanks");
exit;
}

The HTML is very simple:

<form id="form" name="form" method="post" action="contact-process.php">

    <?php if (isset($_GET["status"]) AND $_GET["status"] == "thanks") { ?>
      <p class="form-thanks">Thank you for contacting us. We'll be in touch with you very soon.</p>
    <?php } ?>

    <label>Name
    <span class="small">First and Last</span>
    </label>
    <input type="text" name="name" id="name" />

    <label>E-Mail
    <span class="small">name@email.com</span>
    </label>
    <input type="text" name="email" id="email" />

    <label>Phone Number
    <span class="small">With area code</span>
    </label>
    <input type="text" name="phone" id="phone" />

    <label>Message
    <span class="small">How can we help you?</span>
    </label>
    <textarea cols="40" rows="8" name="message"></textarea>

    <button type="submit">Submit</button>
    <div class="spacer"></div>

</form>
  • 写回答

1条回答 默认 最新

  • duan19913 2015-01-23 01:19
    关注

    A simple technique to avoid spam is to use something called a honey-pot, which is a text field which is not visible to normal users but a dumb spam-robot will probably enter something into that field.

    if ($_SERVER["REQUEST_METHOD"] == "POST") {

  // robot detection
  $honeypot = trim($_POST["email"]);     

  if(!empty($honeypot)) {
    echo "BAD ROBOT!"; 
    exit;
  }

  $name = trim($_POST["name"]);
  $email = trim($_POST["real_email"]);
  $phone = trim($_POST["phone"]);
  $message = trim($_POST["message"]);

  // rest stays as is

    In your HTML file you need to insert another "hidden" text field which is the honeypot:

    <label>E-Mail
<span class="small">name@email.com</span>
</label>
<input type="text" name="email" style="display: none;">
<input type="text" name="email_real" id="email" />

    Note how I changed the name of the actual, visible email text field to "email_real". It would be even better to avoid the word "email" completely in the real email field, since many robots are dumb.

    The invisible honeypot input field should be called "email" though. Why? Because most robots are scanning for some standard input fields like "email", "address" etc. - so it's important to give the honeypot a common form field name.

    Another neat trick is to swap some common field names, i.e swap the name for email and zip fields, so robots will fill in a numeric value for the email address and an email address for the zip code which will fail the validation.

    It's not a 100% guarantee to kill all spam but it worked quite well for me without forcing the user to solve an annoying captcha...

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥15 ads仿真结果在圆图上是怎么读数的
  • ¥20 Cotex M3的调试和程序执行方式是什么样的?
  • ¥20 java项目连接sqlserver时报ssl相关错误
  • ¥15 一道python难题3
  • ¥15 用matlab 设计一个不动点迭代法求解非线性方程组的代码
  • ¥15 牛顿斯科特系数表表示
  • ¥15 arduino 步进电机
  • ¥20 程序进入HardFault_Handler
  • ¥15 oracle集群安装出bug
  • ¥15 关于#python#的问题:自动化测试