首页 文章

如何防止垃圾邮件发送者从我的联系表单发送空白电子邮件

提问于
浏览
0

我的网站上有简单的联系表格,前几天我开始从网站上的联系表格收到半封空白的电子邮件 .

它们看起来与下面的示例相同,只填写名称和电子邮件字段,但电话和消息字段为空:

Name: 5906f36c9c72b E-mail: njhjlee@gmail.com(任何时候不同的电子邮件) Phone:
Message:

这是HTML代码:

<form id="contactform" action="assets/php/mail_submit.php" method="post">
                        <div class="row">
                            <div class="col-xs-12 col-md-4">
                                <input type="text" name="name" id="name" placeholder="Your Name" required/>
                            </div><!--column-->
                            <div class="col-xs-12 col-md-4">
                                <input type="text" name="email" id="email" placeholder="Your email" required/>
                            </div><!--column-->
                            <div class="col-xs-12 col-md-4">
                                <input type="text" name="phone" id="phone" placeholder="Ваш телефон" required/>
                            </div><!--column-->
                            <p class="antispam">Leave this empty: <input type="text" name="url" /></p>
                            <div class="col-xs-12 col-md-8">
                                <textarea placeholder="Message" name="message" id="message" required></textarea>
                            </div><!--column-->
                            <div class="col-xs-12 col-md-4">
                                <input class="btn btn-default" id="submit" type="submit" value="Send"/>
                            </div><!--column-->

                        </div><!--row-->
                    </form>

这是PHP脚本:

<?php

if (!isset($_REQUEST['name']) || !isset($_REQUEST['email']) || 
!isset($_REQUEST['message']) || !isset($_REQUEST['phone'])) {
die();
}

if (isset($_POST['name']) || isset($_POST['email']) || 
isset($_POST['message']) || isset($_POST['phone']) && !empty($_POST['name']) 
|| !empty($_POST['email']) || !empty($_POST['message']) | 
!empty($_POST['phone'])) {

$your_email="my@mail.com";



$name=$_POST['name'];
$email=$_POST['email'];
$message=$_POST['message'];
$phone=$_POST['phone'];

$to      = $your_email;
$subject = "My Website: New Message! \r\n";


$message = '
        <html>
        <head>
          <title>Message from '. $name .'</title>
        </head>
        <body>
          <table class="table">
            <tr>
              <th align="right">Name:</th>
              <td align="left">'. $name .'</td>
            </tr>
            <tr>
              <th align="right">E-mail:</th>
              <td align="left">'. $email .'</td>
            </tr>
            <tr>
              <th align="right">Phone:</th>
              <td align="left">'. $phone .'</td>
            </tr>
            <tr>
              <th align="right">Message:</th>
              <td align="left">'. $message .'</td>
            </tr>
          </table>
        </body>
        </html>';

        $headers .= "From: no-reply@website.com\r\n";
        $headers .= "Reply-To: $email \r\n";
        $headers .= "Return-Path: $email\r\n";
        $headers .= "X-Mailer: PHP \r\n";   
        $headers .= 'Content-type: text/html; charset=utf-8' . "\r\n";

   mail($to, $subject, $message, $headers);

} else {
die();
}
?>

这是AJAX脚本:

function IsEmail(email) {
    var regex = /^([a-zA-Z0-9_\.\-\+])+\@(([a-zA-Z0-9\-])+\.)+([a-zA-Z0-9]
{2,4})+$/;
    return regex.test(email);
}

if($("#contactform").length!=0){
    $("#contactform").submit(function (e) {
        e.preventDefault();
        var name = $("#name").val(),
        email = $("#email").val(),
        phone = $("#phone").val(),
        message = $("#message").val(),
        dataString = 'name=' + name + '&email=' + email+ '&phone=' + phone + 
'&message=' + message;

        if (name === '' || !IsEmail(email) || phone === '' || message === 
'') {
            $('#valid-issue').html('Not correct data').slideDown();
        } else {
            $.ajax({
                type: "POST",
                url: "/assets/php/mail_submit.php",
                data: dataString,
                success: function () {
                    $('#contactform').slideUp();
                    $('#valid-issue').html('Thank you. Message was sent successfully.').show();
                }
            });
        }
    });
}

我检查了日志,发现所有垃圾邮件机器人都是来自Thor网络和不同的IP . 我试过验证码,但它没有帮助 . 请帮忙建议...

javascript php email contact-form spam-prevention

1 回答

  • 0

    尝试加强你的javascript检查,也使用“修剪”:

    var name = $("#name").val().trim();

    使用PHP str_word_count来强化对空消息的检查 .

    例如 .

    $message= filter_input(INPUT_POST, 'message');

// check $message is not empty and that it contains more than 5 words
if($message != "" || str_word_count($message) < 5) {
     echo "Message is valid"

}else{
     echo "Invalid Message";
}

    我的PHP代码很少有其他错误:你永远不应该直接访问超全局POST / GET变量 . 使用PHP内置过滤器功能或自定义过滤器功能 .

    $name= filter_input(INPUT_POST, 'name');

    或者你可以使用

    function FilterData($value){

    $trimmed = trim($value);
    $notags = strip_tags($trimmed);
    return $notags;
}

    然后:

    $name = FilterData($_POST['name']);

    对于您可以使用的电子邮件

    $email = filter_var($email, FILTER_SANITIZE_EMAIL);

    更多信息herehere

    希望能帮助到你 ;)

    回复于

相关问题