dougan1884 2014-03-01 03:14
浏览 47
已采纳

阻止直接访问php脚本,但允许从index.html

I have a simple contact form where users input their data and the form sends it to 'mail.php' to be passed onto the email account there. The 'mail.php' file is in my root directory alongside 'index.html' and the problem I'm having is that I don't want users to be able to access http://mydomain.com/mail.php directly through their browser as this will just send a blank form and could be used to spam me. I'm getting really stressed trying to figure out a way that will only allow 'mail.php' to be accessed by the form. This is how I have the form set up:

<form method="post" action="mail.php">
    <div class="row half">
        <div class="6u"><input type="text" required autocomplete="off" name="name" placeholder="Name" /></div>
        <div class="6u"><input type="email" required autocomplete="off" name="email" placeholder="Email" /></div>
    </div>
    <div class="row half">
        <div class="12u"><textarea name="message" required placeholder="Message" rows="6"></textarea></div>
    </div>
    <div class="row">
        <div class="12u">
            <ul class="actions">
                <li><input type="submit" class="button" value="Send Message" /></li>
            </ul>
        </div>
    </div>
</form>

Then my 'mail.php' file is set up like so, and the success header is an html page with a few lines of text that lets the user know their email has sent, then redirects them back to http://mydomain.com after 5 seconds.

<?php
$name = $_POST['name'];
$email = $_POST['email'];
$message = $_POST['message'];
$formcontent=" From: $name 
 Message: $message";
$recipient = "me@email.com";
$subject = "Contact Form";
$mailheader = "From: $email 
";
mail($recipient, $subject, $formcontent, $mailheader) or die("Error!");
header("Location: success");
exit;
?>

I've fiddled around with .htaccess and countless other things but nothing I do seems to work - it will either block the page completely (so that the form can't access it either) or not block it at all. I've also had a look at this https://stackoverflow.com/a/409515/3366954 but couldn't figure out how to get that to work either. I'm quite new to html and php but everything else until now I've managed to figure out. What am I missing this time?

  • 写回答

3条回答 默认 最新

  • doujiu4643 2014-03-01 03:18
    关注

    Just add some validation to your PHP script. For example:

    <?php
if(isset($_POST['name'], $_POST['email'], $_POST['message'])) {
    $name = $_POST['name'];
    $email = $_POST['email'];
    $message = $_POST['message'];
    $formcontent=" From: $name 
 Message: $message";
    $recipient = "me@email.com";
    $subject = "Contact Form";
    $mailheader = "From: $email 
";
    mail($recipient, $subject, $formcontent, $mailheader) or die("Error!");
    header("Location: success");
    exit;
}
?>

    This will prevent any blank submissions, without requiring you to filter by the referring page. As a general rule, you should always validate user input, anyway, because it is a source of all sorts of trouble (hacking, errors, generally unexpectedly behavior).

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(2条)

报告相同问题?

悬赏问题

  • ¥15 如何让企业微信机器人实现消息汇总整合
  • ¥50 关于#ui#的问题:做yolov8的ui界面出现的问题
  • ¥15 如何用Python爬取各高校教师公开的教育和工作经历
  • ¥15 TLE9879QXA40 电机驱动
  • ¥20 对于工程问题的非线性数学模型进行线性化
  • ¥15 Mirare PLUS 进行密钥认证?(详解)
  • ¥15 物体双站RCS和其组成阵列后的双站RCS关系验证
  • ¥20 想用ollama做一个自己的AI数据库
  • ¥15 关于qualoth编辑及缝合服装领子的问题解决方案探寻
  • ¥15 请问怎么才能复现这样的图呀