起初-我不是专业编程人员。这只是我的爱好。我正在学习javascript / html / css的基础知识。
我已经在朋友的网站上建立了联系表格,并且一切正常,但是他得到了很多垃圾邮件,例如比特币/色情等。我尝试设置reCAPTCHA,但是没有用。
我正在使用PHPMailer(以前我使用google API进行邮件发送,但这种形式获得了更多的垃圾邮件提供,但是我找不到防止机器人攻击的方法。
我想知道-也许在按下提交按钮后邮件脚本在后台运行是问题吗?也许这就是它跳过reCAPTCHA的原因。
我尝试了所有操作-更改输入的最大长度,它们的名称...我的上一次尝试是此代码:
https://github.com/anhskohbo/no-captcha
我的代码:
index.php的顶部:
<?php
require_once "vendor/autoload.php";
$secret = '*****';
$sitekey = '*****';
$captcha = new \Anhskohbo\NoCaptcha\NoCaptcha($secret, $sitekey);
if ( isset($_POST['submit'])) {
if($captcha->verifyResponse($_POST['g-recaptcha-response'])) {
//proceed further
} else {
echo "Incorrect captcha";
}
}
?>
我的表单:
<form name="test" role="form" action="sendmail.php" method="POST" onSubmit="alert('Dziękujemy za kontakt :)'); window.location.reload();" >
<div class="row">
<div class="col span-1-of-3">
<label>Imię i nazwisko:</label>
</div>
<div class="col span-2-of-3">
<input maxlength="30" name="a1" required="required" type="text" placeholder="Imię i nazwisko" required/>
</div>
</div>
<div class="row">
<div class="col span-1-of-3">
<label>E-mail:</label>
</div>
<div class="col span-2-of-3">
<input maxlength="30" name="a2" required="required" type="email" placeholder="E-mail" required/>
</div>
</div>
<div class="row">
<div class="col span-1-of-3">
<label>Telefon:</label>
</div>
<div class="col span-2-of-3">
<input maxlength="30" name="a3" required="required" type="text" placeholder="Numer telefonu" required/>
</div>
</div>
<div class="row">
<div class="col span-1-of-3">
<label>Temat:</label>
</div>
<div class="col span-2-of-3">
<input maxlength="30" name="a4" required="required" type="text" placeholder="Temat wiadomości" required/>
</div>
</div>
<div class="row">
<div class="col span-1-of-3">
<label>Wiadomość:</label>
</div>
<div class="col span-2-of-3">
<textarea name="a5" placeholder="Wiadomość"></textarea>
</div>
</div>
<div class="row">
<div class="col span-1-of-3">
<label> </label>
</div>
<div class="col span-2-of-3">
<?php echo $captcha->display(); ?>
<input name="myFormSubmitted" type="submit" value="Wyślij" style="margin-top:10px;">
</div>
</div>
</form>
<?php echo $captcha->renderJs(); ?>
Sendmail.php:
<?php
/**
* This example shows settings to use when sending via Google's Gmail servers.
* This uses traditional id & password authentication - look at the gmail_xoauth.phps
* example to see how to use XOAUTH2.
* The IMAP section shows how to save this message to the 'Sent Mail' folder using IMAP commands.
*/
//Import PHPMailer classes into the global namespace
use PHPMailer\PHPMailer\PHPMailer;
use PHPMailer\PHPMailer\SMTP;
use FormGuide\Handlx\FormHandler;
require 'vendor/autoload.php';
//Create a new PHPMailer instance
$mail = new PHPMailer;
//Tell PHPMailer to use SMTP
$mail->isSMTP();
//Enable SMTP debugging
// SMTP::DEBUG_OFF = off (for production use)
// SMTP::DEBUG_CLIENT = client messages
// SMTP::DEBUG_SERVER = client and server messages
$mail->SMTPDebug = SMTP::DEBUG_SERVER;
//Set the hostname of the mail server
$mail->Host = 'smtp.gmail.com';
// use
// $mail->Host = gethostbyname('smtp.gmail.com');
// if your network does not support SMTP over IPv6
//Set the SMTP port number - 587 for authenticated TLS, a.k.a. RFC4409 SMTP submission
$mail->Port = 587;
$mail->CharSet = "UTF-8";
//Set the encryption mechanism to use - STARTTLS or SMTPS
$mail->SMTPSecure = PHPMailer::ENCRYPTION_STARTTLS;
//Whether to use SMTP authentication
$mail->SMTPAuth = true;
//Username to use for SMTP authentication - use full email address for gmail
$mail->Username = '*****';
//Password to use for SMTP authentication
$mail->Password = '*****';
//Set who the message is to be sent from
$mail->setFrom('[email protected]');
//Set an alternative reply-to address
$mail->addReplyTo( $_POST['mail']);
//Set who the message is to be sent to
$mail->addAddress('****');
$mail->IsHTML(true);
if ($mail->addReplyTo($_POST['a2'], $_POST['a1'])) {
$mail->Subject = 'Formularz kontaktowy - Cargo-trans.biz';
//Keep it simple - don't use HTML
//$mail->isHTML(false);
//Build a simple message body
$mail->Body = <<<EOT
<p style="margin-bottom:10px;"><b>Imię i naziwsko:</b> {$_POST['a1']} </p>
<br>
<p style="margin-bottom:10px;"><b>E-mail:</b> {$_POST['a2']} </p>
<br>
<p style="margin-bottom:10px;"><b>Telefon kontaktowy:</b> {$_POST['a3']} </p>
<br>
<p style="margin-bottom:10px;"><b>Temat:</b> {$_POST['a4']} </p>
<br>
<p style="margin-bottom:10px;"><b>Wiadomość:</b> {$_POST['a5']} </p>
<br>
<img src = "http://cargo-trans.biz/resources/img/napis.png" style="margin-top:10px;">
EOT;
//Send the message, check for errors
if (!$mail->send()) {
//The reason for failing to send will be in $mail->ErrorInfo
//but you shouldn't display errors to users - process the error, log it on your server.
$msg = 'Sorry, something went wrong. Please try again later.';
} else {
$msg = 'Message sent! Thanks for contacting us.';
}
} else {
$msg = 'Invalid email address, message ignored.';
}
?>
我将通过在发送之前添加编码检查来改进脚本-例如这样:
iconv("UTF-8", "UTF-8//IGNORE", $subject_or_message_or_any_string);
如果邮件发送失败,我也不会显示信息,我宁愿使用类似以下内容:
if (!$mail->Send())
{
LogErrorMessage("Mailer Error: %s", $mail->ErrorInfo);
die ("Sorry, mail could not be sent");
}
接下来,我将发送或记录发送电子邮件表格的用户的IP地址-如果他喜欢发送垃圾邮件,您可以轻松阻止他。