代码之家  ›  专栏  ›  技术社区  ›  Mario

虽然PHP mail()已被彻底检查,但我收到了空邮件

  •  1
  • Mario  · 技术社区  · 7 年前

    <form data-abide action="anfrage.php" method="post">
            	<fieldset>
            		<div class="row">
            			<div class="large-12 columns">
            				<label>Firma
            					<input type="text" name="firm" placeholder="Firma" />
            				</label>
            			</div>
            		</div>
            		<div class="row">
            				<div class="large-4 columns">
            					<label>Anrede
            						<select name="salutation">
            							<option value="-">-</option>
            							<option value="Herr">Herr</option>
            							<option value="Frau">Frau</option>
            						</select>
            					</label>
            				</div>
            			<div class="large-8 columns">
            				<label>Name <small>benötigt</small>
            					<input type="text" name="name" placeholder="Ansprechpartner" required pattern="[a-zA-Z]+">
            				</label>
            				<small class="error">Bitte geben Sie einen Ansprechpartner an!</small>
            			</div>
            		</div>
            		<div class="row">
            			<div class="large-4 columns">
            				<label>Adresse <small>benötigt</small> 
            					<input type="text" name="address" placeholder="Strasse, PLZ, Stadt" />
            				</label>
            				<small class="error">Bitte geben Sie eine Adresse an!</small>
            			</div>
            			<div class="large-4 columns">
            				<label>eMail <small>benötigt</small>
            					<input type="eMail" name="email" placeholder="eMail" required/>
            				</label>
            				<small class="error">Bitte geben Sie eine gültige eMail-Adresse an!</small>
            			</div>
            			<div class="large-4 columns">
            				<label>Telefon <small>benötigt</small>
            					<input type="text" name="phoneno" placeholder="0123 0815..." required/>
            				</label>
            				<small class="error">Bitte geben Sie eine gültige Telefonnummer an!</small>
            			</div>
            		</div>
            		<div class="row">
            			<div class="large-6 columns">
            				<label>Art der Anfrage</label>
            				<input type="radio" name="radio" id="dryhire" value="Vermietung"><label for="dryhire">Vermietung</label>
            				<input type="radio" name="radio" id="event" value="Veranstaltung"><label for="event">Veranstaltung</label>
            				<input type="radio" name="radio" id="consultation" value ="Beratung"><label for="consultation">Beratung</label>
            			</div>
            		</div>
            		<div class="row">
            			<div class="large-12 columns">
            				<label>Was können wir für Sie tun?<small>benötigt</small>
            					<textarea name="text" placeholder="Erläutern Sie uns kurz was Sie wann und wo benötigen." required pattern=""></textarea>
            				</label>
            				<small class="error">Bitte erläutern Sie kurz Ihr Anliegen!</small>
            			</div>
            		</div>
            		<div class="antispam">Wenn Sie kein Roboter sind lassen sie diesen Bereich einfach leer: <input type="text" name="url" /></div>
            		<button class="large-12 columns button" type="submit">ANFRAGEN</button>
            	</fieldset>
            </form>

    这个 anfrage.php 看起来像这样:

    <?php
    $to          = "anfrage@myhomepage.de";  
    $subject     = $_POST["radio"];  
    $email       = $_POST["email"];  
    $returnPage = 'http://myhomepage.de#success';  
    $returnErrorPage = 'http://myhomepage.de#error';  
    
    $dodgy_strings = array(  
                    "content-type:"  
                    ,"mime-version:"  
                    ,"multipart/mixed"  
                    ,"bcc:"  
    );  
    
    function is_valid_email($email) {  
        return preg_match('#^[a-z0-9.!\#$%&\'*+-/=?^_`{|}~]+@([0-9.]+|([^\s]+\.+  
    [a-z]{2,6}))$#si', $email);  
    }  
    
    function contains_bad_str($str_to_test) {  
        $bad_strings = array(  
            "content-type:"  
            ,"mime-version:"  
            ,"multipart/mixed"  
            ,"Content-Transfer-Encoding:"  
            ,"bcc:"  
            ,"cc:"  
            ,"to:"  
        );  
    
    foreach($bad_strings as $bad_string) {  
            if(eregi($bad_string, strtolower($str_to_test))) {  
                header("Location: " . $returnErrorPage);  
                exit;  
            }  
        }  
    }  
    
    function contains_newlines($str_to_test) {  
       if(preg_match("/(%0A|%0D|\\n+|\\r+)/i", $str_to_test) != 0) {  
            header("Location: " . $returnErrorPage);  
            exit;  
       }  
    }  
    
    function isEmpty($str_to_test){  
        return preg_match('/\S/', $str_to_test);  
    }  
    
    function checkFormCompletion($str_to_test){  
        contains_bad_str($str_to_test);  
        if(isEmpty($str_totest)){  
            header("Location: " . $returnErrorPage);  
            exit;  
        }  
        else  
            return $str_to_test;  
    }  
    
    if($_SERVER['REQUEST_METHOD'] != "POST"){  
        header("Location: " . $returnErrorPage);  
        exit;  
    }  
    
    if (!is_valid_email($email)) {  
        header("Location: " . $returnErrorPage);  
        exit;  
    }  
    
    $body .= "Firma: " .checkFormCompletion($_POST['firm']);  
    $body .= "\n";  
    $body .= "Ansprechpartner: " .checkFormCompletion($_POST['salutation']) ." "   
    .checkFormCompletion($_POST['name']);  
    $body .= "\n";  
    $body .= "Adresse: " .checkFormCompletion($_POST['address']);  
    $body .= "\n";  
    $body .= "Telefonnummer: " .checkFormCompletion($_POST['phoneno']);  
    $body .= "\n";  
    $body .= "\n";  
    $body .= "Anfrage: " .checkFormCompletion($_POST['text']);  
    
    contains_bad_str($email);  
    contains_bad_str($subject);  
    
    contains_newlines($email);  
    contains_newlines($subject);  
    
    checkFormCompletion($subject);  
    
    if(isset($_POST['url']) && $_POST['url'] == ''){  
        $mailSent = @mail($to, $subject, $body, "From: ".$email);  
    }  
    else {  
        header("Location: " . $returnErrorPage);  
    }  
    
    if($mailSent == TRUE) {  
       header("Location: " . $returnPage);  
    } else {  
       header("Location: " . $returnErrorPage);  
    }  
    
    exit();   
    ?>  
    

    虽然我没有收到空邮件,但我一直收到这样的邮件:

    To: anfrage@myhomepage.de  
    From: bflaccus@anyaddressyoucanimagine.com  
    Subject:  
    Body:  
    Firma:  
    Ansprechpartner: Herr 59d4f7714f4d7  
    Adresse:  
    Telefonnummer:  
    Anfrage:  
    

    有时一天只有一封电子邮件,有时是三十封以上。
    我不知道为什么我一直收到那些电子邮件。 你知道怎么避免吗? 或者你知道我的公寓里哪里有安全问题吗。php?

    提前感谢!

    1 回复  |  直到 7 年前
        1
  •  1
  •   miknik    7 年前

    您的checkFormCompletion函数中有一个输入错误,所以它总是将字段计算为空。

    function checkFormCompletion($str_to_test){  
        contains_bad_str($str_to_test);  
        if(isEmpty($str_totest)){   // $str_totest should be $str_to_test
    

    empty