简单的PHP联系表单与垃圾邮件

8cdiaqws  于 2023-02-28  发布在  PHP
关注(0)|答案(1)|浏览(211)

我意识到这可能是个坏习惯,但是. I.. I.我使用了一个简单的php脚本,它是我在几年前读过的一本教程书的帮助下写的。我已经尽可能多地将它用于多个网站,但是在不同的网站上它基本上是一样的。我一直在尝试消除垃圾邮件类型的消息,但是我不知道我还能做些什么。我相信有人会提到,例如,Javascript会更好,但我没有时间或驱动器来学习它在这一点上,所以请坚持使用PHP。2具体代码如下,建议将不胜感激,如何在未来证明这一点的垃圾邮件消除。
联系页面:

<?php 

    session_start();
    $_SESSION['form_time'] = time();

    define ('SITE_KEY', '...');
    define ('SECRET_KEY', '...');

if (array_key_exists('send', $_POST)) {
    
    function getCaptcha($SecretKey) {
        $Response = file_get_contents("https://www.google.com/recaptcha/api/siteverify?secret=".SECRET_KEY."&response={$SecretKey}");
        $Return = json_decode($Response);
        return $Return;
    }
    $Return = getCaptcha($_POST['g-recaptcha-response']);
    //var_dump($Return);
    
    // mail processing script
    $to = 'email1';
    $me = 'email2';
    $subject = 'Feedback From Website';
    
    // list expected fields
    $expected = array('name', 'email', 'question');
    // set required fields
    $required = array('name', 'email', 'question');
    
    // set additional headers
    $headers = 'From: Megan Roth<feedback@meganroth.com>';

    // set the include
    $process = 'includes/process.inc.php';
    if (file_exists($process) && is_readable($process)) {
        include($process);
    }
    else {
        $mailSent = false;
        mail($me, 'Server Problem', "$process cannot be read", $headers);
    }
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
<meta property="og:title" content="Megan Roth, Mezzo-Soprano - Contact">
<meta property="og:type" content="website">
<meta property="og:image" content="http://www.meganroth.com/EditedImages/index.jpg">
<meta property="og:url" content="http://www.meganroth.com/contact.php">
<meta property="og:description" content="Mezzo-soprano Megan Roth enjoys a career as a soloist in opera and oratorio as well as with prestigious chamber ensembles around the country.">
<title>Megan Roth, Mezzo-Soprano - Contact</title>
<meta name="description" content="Mezzo-soprano Megan Roth enjoys a career as a soloist in opera and oratorio as well as with prestigious chamber ensembles around the country.">
<meta name="author" content="Nathan Roth" >
<link href="css/w3_parallax_template.css" type="text/css" rel="stylesheet">
<link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Crimson+Pro">
<link rel="stylesheet" href="https://fonts.googleapis.com/css?family=EB+Garamond">
<link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Domine">
<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css">
<link href="css/parallax12.css" type="text/css" rel="stylesheet">
<style>

/************* ABOVE THIS LINE GLOBAL ***************/

form { width: 100%; }
form p { margin: 0px 0px 25px 20px; }
textarea {
    width: 380px;
    height: 150px;
}
@media screen and (max-width: 400px) { textarea {
            width: 240px;
            height: 120px;
} }
.textInput { width: 300px; }
@media screen and (max-width: 400px) { .textInput { width: 125px; } }
.sendButton { border:1px solid #000000!important; color: #000; background-color: #FAC41E; }
.sendButton:hover { border:1px; color:#000000; background-color: #08748F; }
form .website{ display:none; } /* hide because is spam protection */
.conStudio {
    font-family: "EB Garamond", Times, "Times New Roman", serif;
    font-size: 1.4em;
    line-height: 1.68em;
    color: #FAC41E;
    font-weight: bold;
    margin: 0px 0px 0px 0px;
}
</style>
<script>
    <!--
    function MM_validateForm() { //v4.0
      if (document.getElementById){
        var i,p,q,nm,test,num,min,max,errors='',args=MM_validateForm.arguments;
        for (i=0; i<(args.length-2); i+=3) { test=args[i+2]; val=document.getElementById(args[i]);
          if (val) { nm=val.name; if ((val=val.value)!="") {
            if (test.indexOf('isEmail')!=-1) { p=val.indexOf('@');
              if (p<1 || p==(val.length-1)) errors+='- '+nm+' must contain an e-mail address.\n';
            } else if (test!='R') { num = parseFloat(val);
              if (isNaN(val)) errors+='- '+nm+' must contain a number.\n';
              if (test.indexOf('inRange') != -1) { p=test.indexOf(':');
                min=test.substring(8,p); max=test.substring(p+1);
                if (num<min || max<num) errors+='- '+nm+' must contain a number between '+min+' and '+max+'.\n';
        } } } else if (test.charAt(0) == 'R') errors += '- '+nm+' is required.\n'; }
        } if (errors) alert('The following error(s) occurred:\n'+errors);
        document.MM_returnValue = (errors == '');
    } }
    //-->
    </script>
    <script src="https://www.google.com/recaptcha/api.js?render=6LcEl-8UAAAAAMlzOfIDXmnooj34lkDNfKDTxN2m"></script>
    <!-- Global site tag (gtag.js) - Google Analytics -->
<script async src="https://www.googletagmanager.com/gtag/js?id=UA-34193066-1"></script>
<script>
  window.dataLayer = window.dataLayer || [];
  function gtag(){dataLayer.push(arguments);}
  gtag('js', new Date());

  gtag('config', 'UA-34193066-1');
</script>
</head>
<body>

<?php include("includes/new_navigation12.inc.php"); ?>

<!-- Container  -->
<div class="w3-content w3-container w3-padding-64">
  <div class="w3-row">
            <div class="hdquote">
                &quot;…(her) soaring mezzo-soprano is clean and clear and her vocal glissandos precise and near perfect.&quot;<br>
                - <em>Asheville Citizen-Times</em><br>
                <strong>The Barber of Seville</strong>, Brevard Music Center.
                    <div class="decLine"></div>
            </div>
     </div>
            
        <div class="w3-row">
                    
         <div class="w3-col m9 w3-padding-large">  
            <?php 
            if ($_POST && isset($missing) && !empty($missing)) {
            ?>
            <p class="warning">Please complete the missing item(s) indicated.</p>
            <?php
            }
            elseif ($_POST && $linkOne) {
            ?>
            <p class="warning">Sorry, Messages that contain inappropriate data will not be sent.</p>
            <?php
            }
            elseif ($_POST && $linkTwo) {
            ?>
            <p class="warning">Sorry, Messages that contain inappropriate data will not be sent.</p>
            <?php
            }
            elseif ($_POST && $linkThree) {
            ?>
            <p class="warning">Sorry, Messages that contain inappropriate data will not be sent.</p>
            <?php
            }
            elseif ($_POST && !$mailSent) {
            ?>
            <p class="warning">Sorry, there was a problem sending your message. Please try again later.</p>
            <?php
            }
            elseif ($_POST && $Return->success == true && $Return->score > 0.5 && $mailSent) {
            ?>
            <p class="success">Your message has been sent. Thank you for your comments/questions!</p>
            <?php } ?>           
            <form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post" name="contact" id="contact" class="w3-container w3-card-4" onSubmit="MM_validateForm('name','','R','email','','RisEmail','comments','','R');return document.MM_returnValue">
            <p><input name="website" type="text" class="website"></p>
              <p>
                <label for="name">Name: <?php
                if (isset($missing) && in_array('name', $missing)) { ?>
                <span class="warning">Please enter your name</span><?php } ?>
                </label>
                <input name="name" type="text" class="textInput" id="name" 
                <?php if (isset($missing)) {
                    echo 'value="'.htmlentities($_POST['name'], ENT_QUOTES).'"';
                    } ?>
                >
              </p>
              <p>
                <label for="email">Email: <?php
                if (isset($missing) && in_array('email', $missing)) { ?>
                <span class="warning">Please enter your email address</span><?php } ?>
                </label>
                <input name="email" type="text" class="textInput" id="email"
                <?php if (isset($missing)) {
                    echo 'value="'.htmlentities($_POST['email'], ENT_QUOTES).'"';
                    } ?>
                >
              </p>
              <p>
                <label for="question">Comments:<?php
                if (isset($missing) && in_array('question', $missing)) { ?>
                <span class="warning">Please enter your comments</span><?php } ?>
                </label>
                <textarea name="question" id="question" cols="25" rows="5"><?php 
                    if (isset($missing)) {
                        echo htmlentities($_POST['question'], ENT_QUOTES);
                    } ?></textarea>
              </p>
              <p>
                        <input type="hidden" id="g-recaptcha-response" name="g-recaptcha-response">              
              </p>
              <p>
                <input class="sendButton" type="submit" name="send" id="send" value="Click to Submit Comments">
              </p>
            </form>
            <script>
                    grecaptcha.ready(function() {
                        grecaptcha.execute('<?php echo SITE_KEY; ?>', {action: 'homepage'}).then(function(token) {
                           //console.log(token);
                           document.getElementById('g-recaptcha-response').value=token;
                        });
                    });
            </script>
            <p class="welcome">Please take this time to send comments and your email address so we can stay in touch with you!</p><br><br>
    </div>
    <div class="w3-col m3 w3-padding-large">
      <img class="border" src="EditedImages/Contact.jpg" alt="Headshot for Megan Roth's Contact Webpage">
   </div>
   </div>
        
   <div class="w3-row w3-center">
            <span class="conStudio">Interested in private lessons? Please visit my <a href="http://studio.meganroth.com/" onclick="window.open(this.href, '_blank');return false;">studio site!</a></span>
   </div>
  
</div>

<!-- Footer -->
<?php include("includes/new_footer12.inc.php"); ?>

<script>
// Change style of navbar on scroll
window.onscroll = function() {myFunction()};
function myFunction() {
    var navbar = document.getElementById("myNavbar");
    if (document.body.scrollTop > 100 || document.documentElement.scrollTop > 100) {
        navbar.className = "w3-bar" + " w3-card" + " w3-animate-top" + " w3-white";
    } else {
        navbar.className = navbar.className.replace(" w3-card w3-animate-top w3-white", "");
    }
}

// Used to toggle the menu on small screens when clicking on the menu button
function toggleFunction() {
    var x = document.getElementById("navDemo");
    if (x.className.indexOf("w3-show") == -1) {
        x.className += " w3-show";
    } else {
        x.className = x.className.replace(" w3-show", "");
    }
}

// Toggle between showing and hiding the sidebar, and add overlay effect
function w3_open() {
  if (mySidebar.style.display === 'block') {
    mySidebar.style.display = 'none';
    overlayBg.style.display = "none";
  } else {
    mySidebar.style.display = 'block';
    overlayBg.style.display = "block";
  }
}

// Close the sidebar with the close button
function w3_close() {
  mySidebar.style.display = "none";
  overlayBg.style.display = "none";
}

/* When the user clicks on the button, 
toggle between hiding and showing the dropdown content */
function myFunction() {
  document.getElementById("myDropdown").classList.toggle("w3-show");
}

// Close the dropdown if the user clicks outside of it
window.onclick = function(e) {
  if (!e.target.matches('.dropbtn')) {
  var myDropdown = document.getElementById("myDropdown");
    if (myDropdown.classList.contains('w3-show')) {
      myDropdown.classList.remove('w3-show');
    }
  }
}
</script>

</body>
</html>

下面是实际的邮件处理脚本:

<?php

        // 30 second minimum
        session_start();
        $time_limit = 30; 
        $suspect = false;

        if (isset($_SESSION['form_time']) && is_numeric($_SESSION['form_time'])) {
            $seconds_passed = time() - $_SESSION['form_time'];
            if ($seconds_passed < $time_limit) {
               $suspect = true;
            } 
        } else {
            $suspect = true;
        }

        # spam protection
        if (isset($_POST["website"]) && $_POST["website"] == "") {      
        
        if (isset($_SERVER['SCRIPT_NAME']) && strpos($_SERVER['SCRIPT_NAME'], 'inc.php')) exit;
    
        // remove escape characters from POST array
        if (get_magic_quotes_gpc()) {
            function stripslashes_deep($value) {
                $value = is_array($value) ? array_map('stripslashes_deep', $value) : stripslashes($value);
                return $value;
            }
          $_POST = array_map('stripslashes_deep', $_POST);
        }
    
        // create empty array for any missing fields
        $missing = array();
        
        // assume that there is nothing suspect
        $suspect = false;
        // create a pattern to locate suspect phrases
        $pattern = '/Content-Type:|Bcc:|CC:/i';
        // function to check for suspect phrases
        function isSuspect($val, $pattern, &$suspect) {
        // if the variable is an array, loop through each element
        // and pass it recursively back to the same function
        if (is_array($val)) {
            foreach ($val as $item) {
               isSuspect($item, $pattern, $suspect);
               if ($suspect)
                   break;
            }
        }
        else {
          // if one of the suspect phrases is found, set Boolean to true
          if (preg_match($pattern, $val)) {
            $suspect = true;
            }
          }
        }
        
        // check the $_POST array and any subarrays for suspect content
        isSuspect($_POST, $pattern, $suspect);
        
        if ($suspect ) {
            $mailSent = false;
            unset($missing);
        }
        else {
        // process the $_POST variables
            foreach ($_POST as $key => $value) {
                // assign to temporary variable and strip whitespace if not an array
                $temp = is_array($value) ? $value : trim($value);
                // if empty and required, add to $missing array
                if (empty($temp) && in_array($key, $required)) {
                    array_push($missing, $key);
                }
                // otherwise, assign to a variable of the same name as $key
                elseif (in_array($key, $expected)) {
                    ${$key} = $temp;
                }
            }
        }
        
        // validate the email address
        if (!empty($email)) {
            // regex to identify illegal characters in email address
            $checkEmail = '/^[^@]+@[^\s\r\n\'";,@%]+$/';
            // reject the email address if it doesn't match
            if (!preg_match($checkEmail, $email)) {
                $suspect = true;
                $mailSent = false;
                unset($missing);
            }
        }
        
        // validate the comments
        // regex to identify html links
        $linkOne = false;
        $checkCommentsLinks = '/\b(?:(?:https?|ftp):\/\/|www\.)[-a-z0-9+&@#\/%?=~_|!:,.;]*[-a-z0-9+&@#\/%=~_|]/i'; // '/(http:\/\/|www)/';
        if(preg_match($checkCommentsLinks, stripcslashes($question))){
            $linkOne = true;
            $suspect = true;            
            $mailSent = false;
            unset($missing);
        }
        
        //validate comments against email addresses
        $linkTwo = false;
        $checkCommentsEmail = '/^([a-z0-9_\.-]+)@([\da-z\.-]+)\.([a-z\.]{2,6})$/';
        if(preg_match($checkCommentsEmail, stripcslashes($question))){
            $linkTwo = true;
            $suspect = true;            
            $mailSent = false;
            unset($missing);
        }
        
        //look for links in comments
        $linkThree = false;
        if(preg_match('/http|www/i',$question)) {
            $linkThree = true;
            $suspect = true;            
            $mailSent = false;
            unset($missing);
        }
        
        // go ahead only if not suspect and all required fields OK
        if (!$suspect && empty($missing)) {
            // initialize the $message variable
            $message = '';
            // loop through the $expected array
            foreach($expected as $item) {
                // assign the value of the current item to $val
                if (isset(${$item})) {
                    $val = ${$item};
                }
                // if it has no value, assign 'Not Selected'
                else {
                    $val = 'Not selected';
                }
                // if an array, expand as comma-separated string
                if (is_array($val)) {
                    $val = implode(', ', $val);
                }
                // add label and value to the message body
                $message .= ucfirst($item).": $val\n\n";
                }
        
            // limit line length
            $message = wordwrap($message, 70);
            
            // create Reply-To header
            if (!empty($email)) {
                $headers .= "\r\nReply-To: $email";
            }
        
            // send it
            $mailSent = mail($to, $subject, $message, $headers);
            if ($mailSent) {
                // $missing is no longer needed if the email is sent, so unset it
                unset($missing);
            }
        }
        } 
        else {
            http_response_code(400);
            exit;
        }
?>

最近我真的撞到了我的头,最新的垃圾邮件实际上是发送一封主题行(不知道主题从哪里来)以“垃圾邮件"开头的电子邮件。任何帮助都将不胜感激!!感谢阅读!

hgb9j2n6

hgb9j2n61#

没有未来的证据来防止垃圾邮件,你已经使用三种方法来防止它
1.验证码
1.在发送的数据中匹配某些垃圾单词,您可以添加更多spammy words
1.蜜罐
您可以添加

  1. CSRF token
    1.测量发送表单所需的时间,例如,如果表单在不到30秒的时间内发送,则可疑
    1.生成动态输入名称
    1.使用javascript在客户端验证数据
    isSuspect函数中,当$suspect为true时应该中断,这样就不必检查所有其他值
//...
foreach ($val as $item) {
   isSuspect($item, $pattern, $suspect);
   if ($suspect)
       break;
}
//...

测量时间示例

生成表格时,将时间保存在session中:

session_start();
$_SESSION['form_time'] = time();

提交表格时检查时间:

session_start();
$time_limit = 30; 
$suspect = false;

if (isset($_SESSION['form_time']) && is_numeric($_SESSION['form_time'])) {
    $seconds_passed = time() - $_SESSION['form_time'];
    if ($seconds_passed < $time_limit) {
       $suspect = true;
    } 
} else {
    $suspect = true;
}

**注意:**如果用户打开多个表单,则值将被覆盖,将使用最后一个值,并且之前打开的表单将失效

这只是基本的方法,有很多方法可以实现,30秒只是我选择的一个任意值

相关问题