我为我的网站使用 000webhost,他们不断暂停我的帐户,因为我显然发送了超过 1000 封电子邮件。这发生在通过我的联系表提交电子邮件后大约 30 秒。我只收到一封电子邮件,表单中出站的所有电子邮件都发送给我,它们也不在我的垃圾邮件中。
我只是想了解此表单是否实际上正在循环并发送消息,但我没有得到它们,或者这是 000webhost 错误。自从我制作这个网站以来,我有一个联系表格,它现在只会导致问题。
以下是联系表格的代码:
<!doctype html>
<html>
<head>
<meta charset="utf-8">
<link rel="stylesheet" href="CSS/primary.css"> <!--Address Using URL to prevent no styling when slash is typed-->
<link rel="shortcut icon" href="Images/tabIcon.ico">
<title>Harry Felton | Welcome</title>
</head>
<script language="php">
require_once'header.php';
</script>
<script src="https://ajax.googleapis.com/ajax/libs/jquery/1.11.1/jquery.min.js"></script>
<script>
$('body').hide()
$("#notify").hide()
</script>
<script>
function toggleAbout(){
if ($("#center").hasClass("up")) {
$("#about").slideToggle(500);
setTimeout(function() {
$("#center").css({
msTransform: 'translateY(10px)',
webkitTransform: 'translateY(10px)',
transform: 'translateY(10px)',
})
}, 500);
} else {
$("#center").css({
msTransform: 'translateY(-75px)',
webkitTransform: 'translateY(-75px)',
transform: 'translateY(-75px)',
})
setTimeout(function() {
$("#about").slideToggle(500);
}, 1000);
}
$($("#center").toggleClass("up"))
};
</script>
<body onunload="" class="pg-index">
<div class="overwrap">
<div id="center">
<h1 id="title1">Welcome</h1>
<h2 id="title2">Harry Felton</h2>
<h2 id="subTitle">Auckland | New Zealand</h2>
<br><br><br><br>
<div id="about" style="display: none;">
<p>Hi, My name is Harry and I am an amateur programmer, I just do it as a hobby until I can actually take it as a course, I have created many programs, and love doing it, I am also into ComputerCraft which is a mod for Minecraft that adds programmable computers.<br><br>This website domain was initially created around September 2014, It took about a week to create, It was awesome, As it was the first time I had ever used HTML, CSS or JavaScript. On the 20th November I chose to completely recreate the website, So I deleted all files, And now... Here we are.<br><br>My absolute favorite thing to do in this world is code, I enjoy making, distributing and using my programs, And the feedback is always awesome, If you feel like leaving feedback, then click HERE</p>
</div>
</div>
</div>
<script type="text/javascript" src="JavaScript/element.js"></script>
<script type="text/javascript" src="JavaScript/pageNav.js"></script>
<script src="http://ajax.googleapis.com/ajax/libs/jqueryui/1.10.4/jquery-ui.min.js"></script>
<script src="https://ajax.aspnetcdn.com/ajax/jquery.validate/1.11.1/jquery.validate.js"></script>
<div id="contactForm" class="hidden">
<title>Contact Us</title>
<div id="mainPageCont">
<?php error_reporting(0); ?>
<?php if(isset($_POST['Email'])): ?>
<?php
$to = 'harryfelton12@gmail.com';
$subject = 'ALERT! Website Form Submission';
$message = 'Users Name: '.strip_tags($_POST['Name'])."'n";
$message .= 'Users Email: '.strip_tags($_POST['Email'])."'n";
$message .= 'Submitted Message: '.strip_tags($_POST['Comment'])."'n";
$headers = 'From: noReply@harryfelton.com' . "'r'n" .
'Reply-To: '.strip_tags($_POST['Email']) . "'r'n";
?>
<?php if(mail($to, $subject, $message, $headers)): ?>
<script type="text/javascript">
console.log('Mail OK')
location.href="/"
</script>
<?php endif ?>
<?php else: ?>
<script>console.log('Loading Contact Script')</script>
<form method="post" id="comments_form">
<h2>Please Leave Some Feedback, It Helps!</h2>
<div class="row">
<div class="label">
Your Name
</div>
<!--.label end-->
<div class="input">
<input type="text" id="fullname" class="detail" name="Name"
value="<?php echo isset($_POST['Name'])? $_POST['Name'] : ''; ?>" placeholder="e.g John Doe"/>
</div>
<!--.input end-->
<div class="context">
<span>We want to know who we are talking too</span>
</div>
<!--end .context-->
</div>
<!--.row end-->
<div class="row">
<div class="label">
Your Email
</div>
<!--.label end-->
<div class="input">
<input type="text" id="email" class="detail" name="Email" placeholder="e.g test@example.com" value="<?php echo isset($_POST['Email'])? $_POST['Email'] : ''; ?>" />
</div>
<!--.input end-->
<div class="context">
<span>We will send an email to this address containing a confirmation and any further replies</span>
</div>
<!--end .context-->
</div>
<!--.row end-->
<div class="row">
<div class="label">
Your Message
</div>
<!--.label end-->
<div class="input2">
<textarea id="Comment" name="Comment" class="mess"><?php echo isset($_POST['Comment'])? $_POST['Comment'] : ''; ?></textarea>
</div>
<!--.input end-->
</div>
<!--.row end-->
<div class="submit">
<input type="submit" id="submit" name="Submit" value="Send Message" />
</div>
</form>
<?php endif; ?>
<script>
function CheckVal() {
var SetMess = $('#option').val();
$('#feedback').html(SetMess);
if (SetMess !== '') {
$('#submit').prop('disabled', false);
}
else {
$('#submit').prop('disabled', true);
}
}
// As one types, check that the message is not empty
$('#option').keyup(function () {
CheckVal();
});
// As one clicks into the field, see if it has content
$('#option').click(function () {
CheckVal();
});
$(document).ready(function() {
// validate form
$("#comments_form").validate({
// This will allow you to extend the validator functions
invalidHandler:
function(form, validator) {
// $("#get_online").val("CHECK");
},
rules: {
// For every named input that you want to validate,
// you create a little set of prefs
Name: {
required: true,
},
Email: {
required: true,
email: true
},
Comment: { required: true },
},
messages: {
// Here are just the custom messages you can modify per field
Name: {
required: 'Please Enter Your Name',
},
Email: {
required: 'Please Enter An Email',
email: 'Email address not valid',
},
Comment: { required: 'Please Enter A Message'},
},
});
});
</script>
</div>
</div>
</div>
<script>
$(document).ready(function() {
fadeIn("body");
setTimeout(function() {
notification();
}, 500)
});
</script>
<script>changeWelcome("#title1");</script>
<div id="notify">Disabled JavaScript Is Now Supported, Contact Form Is Being Worked On Again!<a onclick="notification();" id="notifyClose">x</a></div>
<script>
function notification() {
isNotify = true
notifyID = "#notify"
if (isNotify) {
if ($(notifyID).hasClass("vis")) {
console.log("Notification Bar Enabled, Hiding: "+notifyID);
$(notifyID).slideUp(500);
} else {
$(notifyID).slideDown(500);
console.log("Notification Bar Enabled, Showing: "+notifyID);
}
$(notifyID).toggleClass("vis");
}
}
</script>
</body>
</html>
如果你们想访问网站,那么这里是链接: http://www.harryfelton.host56.com/尽管由于帐户被暂停,它可能处于离线状态。
那么......你怎么看,这个循环发送了1000封电子邮件吗?我一直在做一些控制台和警报测试,它似乎从未多次发送消息,但我认为暂停时间可能会产生影响。
我认为
如果有人在浏览器中禁用javascript,他们可以绕过您的jQuery验证并发送1000封电子邮件,因为您没有在服务器端验证您的Reply-To电子邮件。
尝试将服务器端验证更改为以下内容:
$to = 'harryfelton12@gmail.com';
$subject = 'ALERT! Website Form Submission';
$message = 'Users Name: '.strip_tags($_POST['Name'])."'n";
$message .= 'Users Email: '.strip_tags($_POST['Email'])."'n";
$message .= 'Submitted Message: '.strip_tags($_POST['Comment'])."'n";
$headers = 'From: noReply@harryfelton.com' . "'r'n" .
'Reply-To: '.strip_tags($_POST['Email']) . "'r'n";
// User the filter_var() function to check that there is no manipulation
// of the $headers
if(filter_var($_POST['Email'], FILTER_VALIDATE_EMAIL)) {
if(mail($to, $subject, $message, $headers)) { ?>
<script type="text/javascript">
console.log('Mail OK')
location.href="/"
</script>
<?php }
} ?>
我没有看到任何循环以及您发布的内容。 除了服务器端验证之外,我看不出它应该发送 1000 封电子邮件的任何理由。