【问题标题】:Anti Spam php issues反垃圾邮件 php 问题
【发布时间】:2019-01-23 14:35:47
【问题描述】:

因此,我遇到了阻止发送垃圾邮件的自定义 PHP 联系表单的问题。我添加了 Google ReCaptcha,还添加了一个功能来检查是否已填写隐藏字段,然后不要发送消息。但是我的客户仍然收到垃圾邮件。客户最近还从 HubSpot 迁移了代码,我想知道我缺少的小部件中是否有内置的东西。我是 PHP 新手,所以请原谅任何新手错误:)。提前感谢您的帮助!

HTML 表格:

<div class="contact-form">
<form id="contact-form" method="post" action="contact-form-handler.php">
<input name="companyname" type="text" id="companyName" placeholder="  Company Name" required>

<input name="name" type="text" id="contactName" placeholder="  Contact Person" required>

<input name="email" type="email" id="Email" placeholder="  Your Email" required>

<p class="antispam">Leave this empty: <input type="text" name="url" /></p>

<input type="tel" id="Phone" name="Phone" placeholder="  Phone Number" required>

<textarea name="message" class='form-control' placeholder="  Write your message here..." style="white-space:pre-wrap; height:200px;width:500px;" row="4" required></textarea>

<div class="g-recaptcha" data-sitekey="6LcqLWkUA2AAADEMnsD4sZEj4BqmqGhx8CN5Hhqf" data-callback="recaptcha_callback"></div>

<input type="submit" id="submit_btn" name="submit_form" value="SEND MESSAGE" onclick="myFunction()" disabled>

</form>
</div>

PHP 处理程序

   if (isset($_POST['submit_form'])) {
        $name = $_POST['name'];
        $secretKey = "6LcqLWkUAAAAAOG_Z9lpScLz0nftfFoYgpENfwDp";
        $responseKey = $_POST['g-recaptcha-response'];
        $userIP = $_SERVER['REMOTE_ADDR'];

        $url = "https://www.google.com/recaptcha/api/siteverify?secret=$secretKey&response=$responseKey&remoteip=$userIP";
        $response = file_get_contents($url);
        $response = json_decode($response);

        if ($response->success)
            echo "Verification success. Your name is $name";
        else 
            echo "Verification Failed";
    }

    $public_key = "6LcpmGgUAAAAAI6O2SQv1TdYu9z9yzmXclU2-rzu";
    $private_key = "6LclmGgUAA2AALd9pZTaOzOV4tThdZNLeJ56WNno";
    $reCaptchaUrl = "https://www.google.com/recaptcha/api/siteverify?secret=$secretKey&response=$responseKey&remoteip=$userIP";

    $companyname = $_POST['companyname'];
    $name = $_POST['name'];
    $url = $_POST['url'];
    $email = $_POST['email'];
    $phone = $_POST['Phone'];
    $message = $_POST['message'];

    /* Check if the form has been submitted */
    if(array_key_exists('submit_form',$_POST))
    {
        /* The response given by the form being submitted */
        $response_key = $_POST['g-recaptcha-response'];
        /* Send the data to the API for a response */
        $response = file_get_contents($url.'?secret='.$private_key.'&response='.$response_key.'&remoteip='.$_SERVER['REMOTE_ADDR']);
        /* json decode the response to an object */
        $response = json_decode($response);

        /* if success */
        if($response->success == 1)
        {
            echo "You passed validation!";
        }
        else
        {
            echo "You are a robot and we don't like robots.";
        }

        // if the url field is empty 
        if(isset($_POST['url']) && $_POST['url'] == ''){
        // then send the form to your email
         mail( 'danmeier513@gmail.com', 'danielstevenmeier@gmail.com', 'Contact Form', print_r($_POST,true) ); 
        } 
        // otherwise, let the spammer think that they got their message through
    }

【问题讨论】:

  • 您如何确定垃圾邮件是通过此表单发送的?
  • OT - 至少删除私钥,它应该是秘密的

标签: php recaptcha form-submit contact-form spam-prevention


【解决方案1】:

嗯,简单检查一下:你有一行内容如下:

echo "You are a robot and we don't like robots.";

...在该行之后,您发送邮件,不管 ReCaptcha 检查。

如果验证码检查失败,您应该立即通过exitdie 之类的方式停止脚本。这可能是第一步 - 如果仍有垃圾邮件通过您的客户,您可能应该在代码中添加更多日志记录以进一步调试。

【讨论】:

  • 好的,谢谢。另外,我假设我可以将相同的逻辑应用于隐藏字段检查... // 如果 url 字段为空 if(isset($_POST['url']) && $_POST['url'] == '' ){ // 然后将表单发送到您的电子邮件 mail( 'email@gmail.com', 'email2@gmail.com', 'Contact Form', print_r($_POST,true) ); } else { // 否则,让垃圾邮件发送者认为他们是通过 exit() 收到消息的; }
猜你喜欢
  • 1970-01-01
  • 2015-05-18
  • 1970-01-01
  • 2011-01-22
  • 1970-01-01
  • 2011-12-10
  • 1970-01-01
  • 1970-01-01
  • 1970-01-01
相关资源
最近更新 更多