HTML Contactform安全性
[英]HTML Contactform Security
问题描述
我正在尝试通过HTML-Contactform发送电子邮件。
因此我创建了这个html:
<form id="contact_form" action="sendMail.php" method="post">
<input id="firstname" name="firstname" type="text" placeholder="Vorname" value="Firstname">
<input id="lastname" name="lastname" type="text" placeholder="Nachname" value="Lastname">
<input id="mail" name="mail" type="text" placeholder="E-Mail" value="firstname.lastname@web.de">
<textarea id="msg" name="msg" placeholder="Ihre Nachricht..." >Hallo</textarea>
<p id="error_print" class="hidden"></p>
<input id="contact_submit" type="submit" title="Senden">
</form>
我通过jQuery检查输入并通过Ajax将其发送到PHP-File并将我的错误打印到html。
$('#contact_submit').click(function(){
var that = $('#contact_form');
var first_name = $('#firstname').val();
var last_name = $('#lastname').val();
var mail = $('#mail').val();
var msg = $('msg').val();
if(first_name == "" || last_name == "" || mail == "" || msg == "")
{
$('#error_print').removeClass("hidden");
$('#error_print').text("Bitte füllen Sie alle Felder aus");
}
else
{
if( !isValidEmailAddress(mail) )
{
$('#error_print').removeClass("hidden");
$('#error_print').text("Keine korrekte Mail");
}
else
{
if( !$('#error_print').hasClass( "hidden" ) )
{
$('#error_print').addClass("hidden");
}
var url = that.attr('action'),
method = that.attr('method'),
data = {};
that.find('[name]').each(function(index, value)
{
var name = $(this).attr('name')
value = $(this).val();
data[name] = value;
});
//console.log(data);
$.ajax({
url: url,
type: method,
data: data,
success: function(response)
{
$('#error_print').removeClass("hidden");
$('#error_print').text("Mail wurde versendet");
},
error: function(error)
{
$('#error_print').removeClass("hidden");
$('#error_print').text("Fehler - Bitte erneut versuchen");
}
});
}
}
return false;
});
在我的PHP中,我发送的邮件是这样的:
<?php
if(isset($_POST['firstname'], $_POST['lastname'], $_POST['mail'], $_POST['msg']))
{
$mail = htmlentities($_POST['mail'], ENT_QUOTES);
$firstname = htmlentities($_POST['firstname'], ENT_QUOTES);
$lastname = htmlentities($_POST['lastname'], ENT_QUOTES);
$msg = htmlentities($_POST['msg'], ENT_QUOTES);
$empfaenger = "empf@mydomain.de";
$betreff = "Kontaktaufname";
$from = "From: $fistname $lastname <$mail>";
$text = $msg;
//print_r($_POST);
mail($empfaenger, $betreff, $text, $from)
}?>
我不知道这是否是最佳方式。 为此,我读了一篇关于邮件注入的内容。 但我不确定我的脚本是否足够安全。
1 个解决方案
解决方案1
0 2017-04-02 09:49:40
发送邮件你可以尝试下面这个
<?php
ini_set("SMTP", "smtp.your_internet_service_provider.com");
ini_set("smtp_port", 25 );
ini_set("sendmail_from", "your_mail@example.com");
ini_set("auth_username", "your_mail@example.com");
ini_set("auth_password", "pwd_of_your_mail");
// For the fields $sender / $copy / $receiver, comma separated if there are multiple addresses
$sender = 'your_mail@example.com';
$receiver = 'receiver_mail@example.com';
$object = 'test msg';
$headers = 'MIME-Version: 1.0' . "\n"; // Version MIME
$headers .= 'Content-type: text/html; charset=ISO-8859-1'."\n"; // the Content-type head for the HTML format
$headers .= 'Reply-To: '.$sender."\n"; // Mail reply
$headers .= 'From: "name_of_sender"<'.$sender.'>'."\n";
$headers .= 'Delivered-to: '.$receiver."\n";
$message = 'Hello from Aotoki !';
if (mail($receiver, $object, $message, $headers)) // Send message
{
echo 'Your message has been sent ';
}
else // error
{
echo "Your message could not be sent";
}
?>
PHP 联系表格
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.