I am coming to stackoverflow for this because everything I search pretty much talks about email from a form using PHPMailer going to a users spam box. But, I need info on receiving spam from the form itself. I use it on a small, very light traffic real estate agents website. She gets spam from time to time and I don't know how to resolve it. PHPMailer seems to be the go to tool for sending email with PHP, so I figure spam/security is pretty well covered. I must be doing something wrong.... I am using class.phpmailer.php of course, and here is my code:
if ($_SERVER["REQUEST_METHOD"] == "POST") {
$name = trim($_POST["name"]);
$email = trim($_POST["email"]);
$phone = trim($_POST["phone"]);
$message = trim($_POST["message"]);
if ($name == "" OR $email == "" OR $phone == "" OR $message == "") {
echo "You must specify a value for name, email address, phone, and message.";
exit;
}
foreach( $_POST as $value ){
if( stripos($value,'Content-Type:') !== FALSE ){
echo "There was a problem with the information you entered.";
exit;
}
}
if ($_POST["address"] != "") {
echo "Your form submission has an error.";
exit;
}
require_once("phpmailer/class.phpmailer.php");
$mail = new PHPMailer();
if (!$mail->ValidateAddress($email)){
echo "You must specify a valid email address.";
exit;
}
$email_body = "";
$email_body = $email_body . "Name: " . $name . "<br>";
$email_body = $email_body . "Email: " . $email . "<br>";
$email_body = $email_body . "Phone: " . $phone . "<br>";
$email_body = $email_body . "Message: " . $message;
$mail->SetFrom($email, $name);
$address = "email@domain.com";
$mail->AddAddress($address, "A Name Here");
$mail->Subject = "Message from " . $name . " on website contact form";
$mail->MsgHTML($email_body);
if(!$mail->Send()) {
echo "There was a problem sending the email: " . $mail->ErrorInfo;
exit;
}
header("Location: index.php?status=thanks");
exit;
}
The HTML is very simple:
<form id="form" name="form" method="post" action="contact-process.php">
<?php if (isset($_GET["status"]) AND $_GET["status"] == "thanks") { ?>
<p class="form-thanks">Thank you for contacting us. We'll be in touch with you very soon.</p>
<?php } ?>
<label>Name
<span class="small">First and Last</span>
</label>
<input type="text" name="name" id="name" />
<label>E-Mail
<span class="small">name@email.com</span>
</label>
<input type="text" name="email" id="email" />
<label>Phone Number
<span class="small">With area code</span>
</label>
<input type="text" name="phone" id="phone" />
<label>Message
<span class="small">How can we help you?</span>
</label>
<textarea cols="40" rows="8" name="message"></textarea>
<button type="submit">Submit</button>
<div class="spacer"></div>
</form>
A simple technique to avoid spam is to use something called a honey-pot, which is a text field which is not visible to normal users but a dumb spam-robot will probably enter something into that field.
if ($_SERVER["REQUEST_METHOD"] == "POST") {
// robot detection
$honeypot = trim($_POST["email"]);
if(!empty($honeypot)) {
echo "BAD ROBOT!";
exit;
}
$name = trim($_POST["name"]);
$email = trim($_POST["real_email"]);
$phone = trim($_POST["phone"]);
$message = trim($_POST["message"]);
// rest stays as is
In your HTML file you need to insert another "hidden" text field which is the honeypot:
<label>E-Mail
<span class="small">name@email.com</span>
</label>
<input type="text" name="email" style="display: none;">
<input type="text" name="email_real" id="email" />
Note how I changed the name of the actual, visible email text field to "email_real". It would be even better to avoid the word "email" completely in the real email field, since many robots are dumb.
The invisible honeypot input field should be called "email" though. Why? Because most robots are scanning for some standard input fields like "email", "address" etc. - so it's important to give the honeypot a common form field name.
Another neat trick is to swap some common field names, i.e swap the name for email and zip fields, so robots will fill in a numeric value for the email address and an email address for the zip code which will fail the validation.
It's not a 100% guarantee to kill all spam but it worked quite well for me without forcing the user to solve an annoying captcha...
来源:https://stackoverflow.com/questions/28101429/receiving-spam-from-my-form-using-phpmailer