PHP使用mail.inc实现周密的留言发邮箱

我网站上很多地方都有给我留言的链接,这些链接指向一个地方 http://www.dushangself.site/emlog/?post=8

2345截图20190508162554.jpg


码使用方式:一共四个源代码,第一个和第二个写在一起,,第三个命名为mail.inc.php,第四个命名为mail.php,传到你服务器的一个目录下,记下mail.PHP的地址,然后把第二个源码的第20行改成那个地址,另外,第四个提示的地方也要改)


源代码与讲解:

对于新手来讲,这页面很容易就能写出来,可是如何实现它的功能和安全性就比较复杂了,因为考虑如何把邮件发出去,不让功能代码泄露,也不让不良人士猛刷PHP地址而造成邮箱瘫痪这些功能的实现是需要经验的。

首先,这个漂亮型的界面是如何写的?

这里的验证码生成我没有使用传统的servlet 和session来互动,因为我认为那会加重我宝贵的服务器的负担,提前退休,所以就用JS小程序写了一个,并达到类似的安全水准。

如果你是用的默认的样式的话,无法达到上面这个效果,这里我用的bootstrap的样式,只需要在HTML头部最上方导入这样的地址

<link rel="stylesheet" href="https://cdn.staticfile.org/twitter-bootstrap/3.3.7/css/bootstrap.min.css"> 	
<script src=" 
<script src="https://cdn.staticfile.org/twitter-bootstrap/3.3.7/js/bootstrap.min.js"></script>

 

以下是页面的HTML

<style> #code{  
                font-family:Arial;  
                font-style:italic;  
                font-weight:bold;  
                border:0;  
                letter-spacing:2px;  
                color:blue;  
                text-decoration:line-through;
            }
</style>
<script>
function gengxin(){
document.getElementById('lianxi').value='';
document.getElementById('zhengwen').value='';
document.getElementById('input').value='';
form1.add.disabled=true; createCode(); 
}
    window.onload = function (){ 
createCode();
document.getElementById("form1").action="http://www.dushangself.site/old_index.php";
document.getElementById('lianxi').value='';
document.getElementById('zhengwen').value='';
document.getElementById('input').value='';
form1.add.disabled=true;
  }
function SaveChange()
{
 var oValue = document.getElementById('input').value.toUpperCase(); var lianxi = document.getElementById('lianxi').value; var zhengwen = document.getElementById('zhengwen').value; if(lianxi ==""){document.getElementById("p2").style.backgroundColor="GREY"; alert('把您的联系方式写出来,要不我怎么知道你是谁呢?'); }else if(zhengwen ==""){ document.getElementById("p2").style.backgroundColor="GREY";alert('给我说的话不可空置'); }else if(oValue ==0){ document.getElementById("p2").style.backgroundColor="GREY";alert('输验证码!如果没有显示,请发信息到2528852314@qq.com,感激不尽!'); }else if(oValue != code){ document.getElementById("p2").style.backgroundColor="GREY";alert('您个锤子!这种验证码都您都写不对!'); oValue = ' '; document.getElementById('input').value='';  createCode(); }else{ 
document.getElementById("form1").action="http://www.dushangself.site/sendmailtool/mail.php";
form1.add.disabled=true;createCode();document.getElementById("p2").disabled=true;
document.getElementById("p2").style.backgroundColor="GREY";
 }
}
 var code;
    function createCode(){
        code = '';
        var codeLength = 4;
        var codeV = document.getElementById('code');
        var random = new Array(0,1,2,3,4,5,6,7,8,9);
        for(var i = 0; i < codeLength; i++){ var index = Math.floor(Math.random()*10); code += random[index]; } codeV.value = code; } function validate(){ var oValue = document.getElementById('input').value.toUpperCase(); var lianxi = document.getElementById('lianxi').value; var zhengwen = document.getElementById('zhengwen').value; if(lianxi==""){document.getElementById("p2").style.backgroundColor="GREY"; alert('把您的联系方式写出来,要不我怎么知道你是谁呢?'); }else if(zhengwen ==""){ document.getElementById("p2").style.backgroundColor="GREY";alert('给我说的话不可空置'); }else if(oValue ==0){ document.getElementById("p2").style.backgroundColor="GREY";alert('输验证码!如果没有显示,请发信息到2528852314@qq.com,感激不尽!'); }else if(oValue != code){ document.getElementById("p2").style.backgroundColor="GREY";alert('您个锤子!这种验证码都您都写不对!'); oValue = ' '; document.getElementById('input').value=''; createCode(); }else{document.getElementById("form1").action="http://www.dushangself.site/sendmailtool/mail.php"; document.getElementById("p2").style.backgroundColor="#00FF7F";createCode();document.getElementById("p2").style.color="white";document.getElementById("p2").disabled=false;document.getElementById('input').value='';} } </script>
<p style="font:13px/20px Georgia, "background-color:azure;" align="left">
    <span class="glyphicon glyphicon-info-sign"> </span>  低级浏览器不兼容我的代码,若写完内容并点留言后未弹出窗口,则留言失败。
</p>
<form name="form1" id="form1" method="post" action="http://www.dushangself.site/sendmailtool/mail.php" target="ifrm">
    <p align="center">
        <input name="q3" size="21" type="text" class="form-control" id="lianxi" placeholder="QQ、微信或任何能联系您的方式并注明" /> 
    </p>
    <p align="center">
         <textarea name="q4" cols="21" class="form-control" id="zhengwen" rows="6" placeholder="请输入您要给我的留言"></textarea> 
    </p>
    <p align="center">
        <br />
    </p>
    <p>
        <input type="button" id="code" onclick="createCode()" /> <input type="number" id="input" value="" /> <input type="button" value="验证" onclick="validate()" class="btn btn-warning" /> 
    </p>
    <p>
        <br />
    </p>
    <p onclick="" align="center">
        <input onclick="SaveChange(); name=" add"="" type="submit" style="color:#a8a8a9;background-color:#717171;border-color:#00FF7F;" id="p2" class="btn btn-success" disabled="disabled" value="单击留言" />  
    </p>
    <p onclick="" align="center">
        <br />
    </p>
    <p onclick="" align="center">
        <br />
    </p>
</form>

 

这样就能实现以下功能

1.表层功能

2.防不良人士使用开发工具修改灰色按钮属性向别人炫耀自己的技术,并造成邮箱瘫痪

3.检测各个表单的内容是否为空

4.验证码更新后原来的填写变空

5.良好的用户体验(会引导用户以正确步骤使用而没有困惑)


尤其是第二点,需要再检测一遍,即JS代码第26行起的那个函数始和终,但这个不是重点,验证码才是重点

那么验证码是怎么实现的呢,我没有那个精力去写一个生成图像的PHP,但是也要弄一个很难被解析的图像,并且获取值,这个函数叫createCode(见第41行)
,用语言表述过程就是

设计长度

建立0-9数组

用random和for排序,即随机生成数字,并循环这个操作4遍

CSS添加加密样式,(这里,因为考虑到我还有其他函数,所以就弄得简单了,这个大家自己加密)

把值传出去


不过本文章的最重要的重点是PHP发邮件


虽然PHP以内置函数库巨大而著称,但对于虚拟主机用户还是无法使用发邮件的函数,因为这个函数不是内置的,而且虚拟主机用户不能自定义安装

所以我就把这个插件的源代码复制了一下

点击展开然后复制,命名为mail.inc.php

<?php
class smtp
{
    /* Public Variables */
    var $smtp_port;
    var $time_out;
    var $host_name;
    var $log_file;
    var $relay_host;
    var $debug;
    var $auth;
    var $user;
    var $pass;
    var $from;
    var $test="test";

    /* Private Variables */ 
    var $sock;

    /* Constractor */

    function smtp($relay_host = "", $smtp_port = 25,$auth = false,$user,$pass,$from)
    {
        $this->debug = FALSE;
        $this->smtp_port = $smtp_port;
        $this->relay_host = $relay_host;
        $this->time_out = 30; //is used in fsockopen() 
        
        #

        $this->auth = $auth;//auth
        $this->user = $user;
        $this->pass = $pass;
        $this->from = $from;
        
        #

        $this->host_name = "localhost"; //is used in HELO command 
        $this->log_file = "";
        $this->sock = FALSE;
    }
    /* Main Function */

    function sendmail($to,$fromname="",$subject = "", $body = "", $mailtype, $cc = "", $bcc = "", $additional_headers = "")
    {
        $mail_from = $this->get_address($this->strip_comment($this->from));
        $body = ereg_replace("(^|(\r\n))(\.)", "\1.\3", $body);
        $header = "MIME-Version:1.0\r\n";

        if($mailtype=="HTML"){
            $header .= "Content-Type:text/html\r\n";
        }

        $header .= "To: ".$to."\r\n";

        if ($cc != "") {
            $header .= "Cc: ".$cc."\r\n";
        }
        if ($fromname!="") $header .= "From: ".$fromname."<".$this->from.">\r\n";
        if ($fromname=="") $header .= "From:<".$this->from.">\r\n";
        $header .= "Subject: ".$subject."\r\n";
        $header .= $additional_headers;
        $header .= "Date: ".date("r")."\r\n";
        $header .= "X-Mailer:By Redhat (PHP/".phpversion().")\r\n";
        $utfheader=iconv("GBK","UTF-8//IGNORE",$header);
        list($msec, $sec) = explode(" ", microtime());

        $header .= "Message-ID: <".date("YmdHis", $sec).".".($msec*1000000).".".$mail_from.">\r\n";

        $TO = explode(",", $this->strip_comment($to));

        if ($cc != "") {
            $TO = array_merge($TO, explode(",", $this->strip_comment($cc)));
        }


        if ($bcc != "") {
            $TO = array_merge($TO, explode(",", $this->strip_comment($bcc)));
        }

        $sent = TRUE;

        foreach ($TO as $rcpt_to) {
            $rcpt_to = $this->get_address($rcpt_to);
            
            if (!$this->smtp_sockopen($rcpt_to)) {
                $this->log_write("Error: Cannot send email to ".$rcpt_to."\n");
                $sent = FALSE;
                continue;
            }

            if ($this->smtp_send($this->host_name, $mail_from, $rcpt_to, $utfheader, $body)) {
                $this->log_write("E-mail has been sent to <".$rcpt_to.">\n");
            } else {
                $this->log_write("Error: Cannot send email to <".$rcpt_to.">\n");
                $sent = FALSE;
            }

            fclose($this->sock);

            $this->log_write("Disconnected from remote host\n");
        }
        return $sent;
    }
/* Private Functions */
    function smtp_send($helo, $from, $to, $header, $body = "")
    {
        if (!$this->smtp_putcmd("HELO", $helo)) {

            return $this->smtp_error("sending HELO command");
        }

        #auth

        if($this->auth){
            if (!$this->smtp_putcmd("AUTH LOGIN", base64_encode($this->user))) {
                return $this->smtp_error("sending HELO command");
            }

            if (!$this->smtp_putcmd("", base64_encode($this->pass))) {
                return $this->smtp_error("sending HELO command");
            }
        }

        #

        if (!$this->smtp_putcmd("MAIL", "FROM:<".$from.">")) {
            return $this->smtp_error("sending MAIL FROM command");
        }

        if (!$this->smtp_putcmd("RCPT", "TO:<".$to.">")) {
            return $this->smtp_error("sending RCPT TO command");
        }

        if (!$this->smtp_putcmd("DATA")) {
            return $this->smtp_error("sending DATA command");
        }
        if (!$this->smtp_message($header, $body)) {
            return $this->smtp_error("sending message");
        }
        if (!$this->smtp_eom()) {
            return $this->smtp_error("sending <CR><LF>.<CR><LF> [EOM]");
        }
        if (!$this->smtp_putcmd("QUIT")) {
            return $this->smtp_error("sending QUIT command");
        }
        return TRUE;
    }

    function smtp_sockopen($address)
    {
        if ($this->relay_host == "") {
            return $this->smtp_sockopen_mx($address);
        } else {
            return $this->smtp_sockopen_relay();
        }
    }
    function smtp_sockopen_relay()
    {
        $this->log_write("Trying to ".$this->relay_host.":".$this->smtp_port."\n");
        $this->sock = @fsockopen($this->relay_host, $this->smtp_port, $errno, $errstr, $this->time_out);
        if (!($this->sock && $this->smtp_ok())) {
            $this->log_write("Error: Cannot connenct to relay host ".$this->relay_host."\n");
            $this->log_write("Error: ".$errstr." (".$errno.")\n");
            return FALSE;
        }
        $this->log_write("Connected to relay host ".$this->relay_host."\n");
        return TRUE;
    }

    function smtp_sockopen_mx($address)
    {
        $domain = ereg_replace("^.+@([^@]+)$", "\1", $address);
        if (!@getmxrr($domain, $MXHOSTS)) {
            $this->log_write("Error: Cannot resolve MX \"".$domain."\"\n");
            return FALSE;
        }
        foreach ($MXHOSTS as $host) {
            $this->log_write("Trying to ".$host.":".$this->smtp_port."\n");
            $this->sock = @fsockopen($host, $this->smtp_port, $errno, $errstr, $this->time_out);
            if (!($this->sock && $this->smtp_ok())) {
                $this->log_write("Warning: Cannot connect to mx host ".$host."\n");
                $this->log_write("Error: ".$errstr." (".$errno.")\n");
                continue;
            }
            $this->log_write("Connected to mx host ".$host."\n");
            return TRUE;
        }
        $this->log_write("Error: Cannot connect to any mx hosts (".implode(", ", $MXHOSTS).")\n");
        return FALSE;
    }

    function smtp_message($header, $body)
    {
        fputs($this->sock, $header."\r\n".$body);
        $this->smtp_debug("> ".str_replace("\r\n", "\n"."> ", $header."\n> ".$body."\n> "));
        return TRUE;
    }

    function smtp_eom()
    {
        fputs($this->sock, "\r\n.\r\n");
        $this->smtp_debug(". [EOM]\n");
        return $this->smtp_ok();
    }

    function smtp_ok()
    {
        $response = str_replace("\r\n", "", fgets($this->sock, 512));
        $this->smtp_debug($response."\n");
        if (!ereg("^[23]", $response)) {
            fputs($this->sock, "QUIT\r\n");
            fgets($this->sock, 512);
            $this->log_write("Error: Remote host returned \"".$response."\"\n");
            return FALSE;
        }
        return TRUE;
    }

    function smtp_putcmd($cmd, $arg = "")
    {
        if ($arg != "") {
            if($cmd=="") $cmd = $arg;
            else $cmd = $cmd." ".$arg;
        }
        fputs($this->sock, $cmd."\r\n");
        $this->smtp_debug("> ".$cmd."\n");
        return $this->smtp_ok();
    }

    function smtp_error($string)
    {
        $this->log_write("Error: Error occurred while ".$string.".\n");
        return FALSE;
    }
    
    function log_write($message)
    {
        $this->smtp_debug($message);
        if ($this->log_file == "") {
            return TRUE;
        }
        $message = date("M d H:i:s ").get_current_user()."[".getmypid()."]: ".$message;
        if (!@file_exists($this->log_file) || !($fp = @fopen($this->log_file, "a"))) {
            $this->smtp_debug("Warning: Cannot open log file \"".$this->log_file."\"\n");
            return FALSE;;
        }
        flock($fp, LOCK_EX);
        fputs($fp, $message);
        fclose($fp);
        return TRUE;
    }
    
    function strip_comment($address)
    {
        $comment = "\([^()]*\)";
        while (ereg($comment, $address)) {
            $address = ereg_replace($comment, "", $address);
        }
        return $address;
    }

    function get_address($address)
    {
        $address = ereg_replace("([ \t\r\n])+", "", $address);
        $address = ereg_replace("^.*<(.+)>.*$", "\1", $address);
        return $address;
    }
    function smtp_debug($message)
    {
        if ($this->debug) {
        echo $message;
        }
    }
}
?>

 


然后就是后台的代码,插一句,我喜欢用UE写代码,因为启动快


2345截图20190508175610.jpg



以下是PHP代码主体

<?php
function fang_SQL_zhu_ru($chars,$encoding='utf8')
{
    $pattern =($encoding=='utf8')?'/[\x{4e00}-\x{9fa5}a-zA-Z0-9,.,。?!]/u':'/[\x80-\xFF]/,.,。!?';
    preg_match_all($pattern,$chars,$result);
    $temp =join('',$result[0]);
    return $temp;
}
$liuyanzhe = $_POST["q3"];
$zhengwen = $_POST["q4"];
$liuyanzhe = fang_SQL_zhu_ru($liuyanzhe);
$zhengwen = fang_SQL_zhu_ru($zhengwen);
include_once("mail.inc.php");
$smtp = new smtp("邮箱服务器如smtp.qq.com",25,true,"你的邮箱","你的邮箱STMP密码","你的邮箱");//发件人信箱信息 
$smtp->debug = false;
$mailto="".$_POST["email"]."";
$mailsubject="留言者:".$liuyanzhe."";
$mailfrom="留言";//来自<自己改>
$mailbody="这是我网站上的留言:<br><br>";//称呼     <br>是换行的
$mailbody=$mailbody."".$zhengwen."";
$mailtype         =     "HTML";
$mailsubject     =     '=?UTF-8?B?'.base64_encode($mailsubject).'?=';
$mailfrom      =     '=?UTF-8?B?'.base64_encode($mailfrom).'?=';

if (isset($_COOKIE["visitor"]))
    {}
else{
     $smtp->sendmail("收件人邮箱", $mailfrom, $mailsubject, $mailbody, $mailtype);
}
setcookie("visitor","ok",time()+10);
echo "
<script>
    window.onload = function (){ 
                     alert('留言成功!我会看到哒!');
                     window.close();

}
</script>
";

 


把第14行和28行我提示的改掉就行了

值得注意的是,这个可以过滤非法字符,用的正则表达式,研究一下可以积累一些防止sql注入的经验。毕竟,留言板是一个最容易让一些互联网流氓黑客攻击的地方。

在攻击方面,利用单一的IP进行长时间的PING也会使服务器瘫痪,可能叫CC攻击吧,所以,弄一个session在PHP里也是很有必要的。


以下是效果图

<仅此全文>


作者授权:除特别说明外,本文由 独元殇 原创编译并授权 DS Lab. 或博客园 刊载发布。
版权声明:本文使用「署名 4.0 国际」创作共享协议,转载或使用请遵守署名协议。

posted @ 2019-05-23 17:34  独元殇  阅读(371)  评论(0编辑  收藏  举报