时间戳

首页 > 解决方案 > 在 php 中编写自动回复脚本时,如何更改来自电子邮件的部分?

php - 在 php 中编写自动回复脚本时,如何更改来自电子邮件的部分?

问题描述

首先,我对 PHP 并不太了解。我将尝试解释我网站上的 PHP 是一个朋友在大学时为我编写的,所以我只了解它的一小部分。无论如何,一切都很好,我现在只是想知道当收到自动回复时它来自 nf.theamitybladecom@boscustweb2204.eigbox.net 哪一种让我烦恼。当然,theamitybladecom 是对我网站名称的引用。我希望我可以通过 noreply@theamityblade.com 或其他方式对其进行调整。无论如何,这是我到目前为止的代码,请原谅我删除了一些敏感条目。希望您了解我努力做的事情,并且对我的代码进行简单的更改。我基本上根本无法处理复杂的 PHP,所以请用新手术语解释一下。您能提供的任何帮助将不胜感激。谢谢,
Black_Lightning

    <?php
        /* Verify captcha from google */
        function verify_captcha($response) {
            $url = 'https://www.google.com/recaptcha/api/siteverify';
            $curl = curl_init();
            $captcha_verify_url = "https://www.google.com/recaptcha/api/siteverify";
            curl_setopt($curl, CURLOPT_URL,$captcha_verify_url);
            curl_setopt($curl, CURLOPT_POST, true);
            curl_setopt($curl, CURLOPT_POSTFIELDS, "secret=captchaSecretKey&response=".$response);
            curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
            $verify = curl_exec ($curl);
            curl_close ($curl);

            $captcha_success=json_decode($verify);
            if ($captcha_success->success==true) {
                return true;
            } else{
                return false;
            }
        }

    $action=$_REQUEST['action'];
    $show_form = true;
    if ($action!="")    /* display the contact form */
        {
            $name=$_POST['name'];
            $email=$_POST['email'];
            $message=$_POST['message'];
            $response = $_POST["g-recaptcha-response"];

            //check if the captcha is valid or not
            if (verify_captcha($response)) {
                $subject="New Message for me!";
                mail("example@mysite.com",$subject,$message,"From: $email \n");
                echo "Email sent!!";
                $show_form = false;
            } else if ($captcha_success->success==false) {
                $show_form = true;
            }
        }
    ?>
    <?php if($show_form) { ?>
        <form  id="form" class="contact-form" action="" onSubmit="return checkValid()"method="POST" enctype="multipart/form-data">
          <input type="hidden" name="action" value="submit" />
          <span id="blue-text">Your name:<br>
        <input id="name" name="name" type="text" value="" size="50"/>
        <br>
        Your email:<br>
        <input id="email" name="email" type="text" value="" size="50"/><br>
        Your message:<br>
        </span>
          <textarea id="message" name="message" wrap="hard" rows="10" cols="49" ></textarea>
          <br>
        <div class="g-recaptcha" data-sitekey="captchaSiteKey"></div>
        <input type="submit" value="Send"/>
        </form>
        <?php
        } 
        /* Prepare autoresponder subject */
    $respond_subject = "Thank you for contacting me!";

    /* Prepare autoresponder message */
    $respond_message = "Hello!

    Thank you for contacting me! I will get back to you
    as soon as possible!

    Yours sincerely,

   My Name
    www.mysite.com
    ";

    /* Send the message using mail() function */
    mail($email, $respond_subject, $respond_message);
    ?>
    <script>
        function checkValid()
        {
            var name = document.getElementById("name");
            var email = document.getElementById("email");
            var message = document.getElementById("message");
            var firstError = null;

            var errorMessage = "";
            if (name.value == "")
            {
                errorMessage += "Please enter your name! \n";
                if (firstError == null)
                {
                    firstError = name;
                }
            }
            if (email.value == "")
            {
                errorMessage += "Please enter your email! \n";
                if (firstError == null)
                {
                    firstError = email;
                }
            }
            if (message.value == "")
            {
                errorMessage += "Please enter your message! \n";
                if (firstError == null)
                {
                    firstError = message;
                }
            }

            if (errorMessage != "")
            {
                alert(errorMessage);
                firstError.focus();
                return false;
            }
            else
            {
                return true;
            }
        }
    </script>

标签: phpphpmailer

解决方案

它目前正在尝试使用提交者的电子邮件地址作为发件人地址:

mail("example@mysite.com",$subject,$message,"From: $email \n");

不要那样做;它是伪造的,要么完全无法正常工作,要么导致您的邮件被垃圾邮件过滤或退回。将其设置为回复标头:

mail("example@mysite.com", $subject, $message, "Reply-to: $email \n");

此代码易受标头注入攻击,因为$_POST['email']在用作消息标头之前未应用过滤。总体而言,完全避免使用邮件功能;它本质上是不安全的。使用 PHPMailer 之类的库(您使用它来标记此问题)并使用 SMTP 发送到 localhost,这样更快更安全。请参阅PHPMailer 的联系表格示例

推荐阅读