[英]PHP from field when sending mail()
I'm using PHP's mail() function and noticing that my mail is being shown from being sent by 'My Website' in my inbox, but when I click on the actual email it shows it being sent from mywebsite@sitename.localdomain. 我正在使用PHP的mail()函数,并注意到我的邮件是从收件箱中的“我的网站”发送来的,但是当我单击实际的电子邮件时,它表明它是从mywebsite@sitename.localdomain发送的。
Ideally I'd like to have it say being sent from 'My Website', but the reply email being 'no-reply@mywebsite.com', and not to have it say anything about @sitename.localdomain. 理想情况下,我想说它是从“我的网站”发送的,但回复电子邮件是“ no-reply@mywebsite.com”,而不要说任何有关@ sitename.localdomain的信息。
$to = trim(strtolower($_POST['to']));
$from = trim($_POST['from']);
$message = trim($_POST['message']);
$subject = $from . ' has shared a link with you';
$headers = 'From: My Website' . "\r\n" .
'Reply-To:' . $to . "\r\n" .
'X-Mailer: PHP/';
mail($to, $subject, $message, $headers);
Is this an issue that I need to fix in Apache, or can I modify the headers within PHP? 这是我需要在Apache中解决的问题,还是可以在PHP中修改标头?
Try this: 尝试这个:
$to = trim(strtolower($_POST['to']));
$from = trim($_POST['from']);
$message = trim($_POST['message']);
$subject = $from . ' has shared a link with you';
$headers = 'From: My Website <no-reply@mywebsite.com>' . "\r\n" . // <- change your email here
'Reply-To:' . $to . "\r\n" .
'X-Mailer: PHP/';
mail($to, $subject, $message, $headers);
The Question and Answer #1 contains a serious security vulnerability - 问题与解答#1包含一个严重的安全漏洞-
$to = trim(strtolower($_POST['to']));
Will allow an attacker to use your website to email arbitrary spam and your site will be blocked from most search engines. 允许攻击者使用您的网站通过电子邮件发送垃圾邮件,并且您的网站将被大多数搜索引擎阻止。 See https://www.owasp.org/index.php/Top_10_2010-A1
参见https://www.owasp.org/index.php/Top_10_2010-A1
My recommendation is to 我的建议是
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.