我是一个业余的网页设计师,我已经在stackoverflow.com和其他网站上搜索,并已找到这个问题我有很多修复,但他们都没有工作(可能是因为我实施他们不正确)。我希望有更多知识的人可以通过简单的修复帮助我,或者告诉我如何实现我找到的修复之一。防止php web联系表格垃圾邮件
问题:我的业务网站上有一个非常简单的php联系表单。它工作了很多年,但在上周遭到黑客入侵。我现在每天收到数百份联系表单提交,没有评论,他们只有(显然是有效的)电子邮件地址和名称字段中的一串字符(如“58ee8b52eef46”)。
我已经尝试了几种技术来防止这种垃圾邮件,他们要么打破我的PHP形式,要么他们不阻止垃圾邮件。 如果可能的话,我想要一个不需要验证码失真文本测试的解决方案,并且不需要填写表单的所有字段。
这里是我的全部的PHP代码:
<?php
if(isset($_POST['email'])) {
$email_to = "[email protected]";
$email_subject = "website form submission";
function died($error) {
echo "We are very sorry, but there were error(s) found with the form you submitted. ";
echo "These errors appear below.<br /><br />";
echo $error."<br /><br />";
echo "Please go back and fix these errors.<br /><br />";
die();
}
if(!isset($_POST['name']) ||
!isset($_POST['email']) ||
!isset($_POST['telephone']) ||
!isset($_POST['comments'])) {
died('We are sorry, but there appears to be a problem with the form you submitted.');
}
$name = $_POST['name'];
$email_from = $_POST['email'];
$telephone = $_POST['telephone'];
$comments = $_POST['comments'];
$error_message = "";
if(strlen($error_message) > 0) {
died($error_message);
}
$email_message = "Form details below.\n\n";
function clean_string($string) {
$bad = array("content-type","bcc:","to:","cc:","href");
return str_replace($bad,"",$string);
}
$email_message .= "Name: ".clean_string($name)."\n";
$email_message .= "Email: ".clean_string($email_from)."\n";
$email_message .= "Telephone: ".clean_string($telephone)."\n";
$email_message .= "Comments: ".clean_string($comments)."\n";
$headers = 'From: '.$email_from."\r\n".
'Reply-To: '.$email_from."\r\n" .
'X-Mailer: PHP/' . phpversion();
@mail($email_to, $email_subject, $email_message, $headers);
?>
Thank you for contacting us. We will be in touch with you soon. You will now be redirected back to example.com.
<META http-equiv="refresh" content="2;URL=http://www.example.com">
<?php
}
die();
?>
你有看'captcha' – RiggsFolly
林我确定我有提及d此之前,但谷歌recaptcha现在是绝大多数合法访问者无法访问。 – Steve
我已考虑使用验证码。但我更喜欢一个不使用captcha的修补程序,以便在我的网站上保持整洁。 – user7858610