0

フォーム入力を含む電子メールを自動的に送信するPHPスクリプトを作成しようとしましたが、送信時に呼び出されると、phpに直接アクセスしようとするとエラーが表示されます。

どんな助けでも大歓迎です、私はこれで非常に新しいです。

<form action="form-to-email.php" method="post" name="camper_registration" id="camper registration" ">
    <label>Last Name*: </label>
    <input name="lastname" type="text" id="lastname" required="required"/><br />
    <label>First Name*: </label>
    <input name="firstname" type="text" id="firstname" required="required"/><br />
    <label>Middle Initial: </label>
    <input type="text" name="initial" size=1 maxlength=1 /><br /><br />

    <label>Street Address*: </label>
    <input name="streetaddress" type="text" id="streetaddress" required="required"/><br />
    <label>Address Line 2: </label><input type="text" name="addressline2" /><br />
    <label>City*: </label>
    <input name="city" type="text" id="city" required="required"/><br />
    <label>State/Province/Region*: </label>
    <input name="state" type="text" id="state" required="required"/><br />
    <label>Zipcode*: </label>
    <INPUT NAME="zip" input type="tel" SIZE=5 MAXLENGTH=5 onKeyPress="return numbersonly(this, event)" required="required"><br /><br />
    <label>Youth's Email*: </label>
    <input type="email" name="email" required="required"/><br /><br />
    <label>Date of Birth*: </label>
    <INPUT NAME="month" input type="tel" SIZE=2 MAXLENGTH=2 onKeyPress="return numbersonly(this, event)" required="required">/
    <INPUT NAME="day" input type="tel" SIZE=2 MAXLENGTH=2 onKeyPress="return numbersonly(this, event)" required="required">/
    <INPUT NAME="year" input type="tel" SIZE=4 MAXLENGTH=4 onKeyPress="return numbersonly(this, event)" required="required">

    <SCRIPT TYPE="text/javascript">
        autojump("month", "day", 2); autojump("day", "year", 2);
    </SCRIPT>
    <br /><br />
    <label>Grade completed in<br /> Spring 2013*: </label>
    <input type="tel" name="grade" size=2 maxlength=2 required="required"/><br /><br />
    <label>Gender*:</label>
    <input type="radio" name="gender" value="Male" required="required"> Male
    <input type="radio" name="gender" value="Female" required="required"> Female <br /> <br />
    <label>Parent/Guardian(s)*: </label>
    <input name="guardian" type="text" id="guardian" required="required"/> <br /><br />
    <label>Parent Phone*: </label>
    (<INPUT NAME="areacode" input type="tel" SIZE=3 MAXLENGTH=3 onKeyPress="return numbersonly(this, event)" required="required">)
    <INPUT NAME="cellphone" input type="tel" SIZE=7 MAXLENGTH=7 onKeyPress="return numbersonly(this, event)" required="required"><br /><br />

    <SCRIPT TYPE="text/javascript">
        <!--
        autojump("areacode", "cellphone", 3);
        //-->
    </SCRIPT>

    <label>1st Emergency Contact*: </label>
    <input name="emergency_contact_1" type="text" id="emergency_contact_1" required="required"/><br /><br />
    <label>Contact Number*: </label>
    (<INPUT NAME="emergency_contact_1_areacode" input type="tel" SIZE=3 MAXLENGTH=3 onKeyPress="return numbersonly(this, event)" required="required">)
    <INPUT NAME="emergency_contact_1_phone" input type="tel" SIZE=7 MAXLENGTH=7 onKeyPress="return numbersonly(this, event)" required="required"><br /><br />

    <SCRIPT TYPE="text/javascript">
        <!--
        autojump("emergency_contact_1_areacode", "emergency_contact_1_phone", 3);
        //-->
    </SCRIPT>

    <label>2nd Emergency Contact*: </label>
    <input name="emergency_contact_2" type="text" id="emergency_contact_2" required="required"/><br /><br />
    <label>Contact Number*: </label>
    (<INPUT NAME="emergency_contact_2_areacode" input type="tel" SIZE=3 MAXLENGTH=3 onKeyPress="return numbersonly(this, event)" required="required">)
    <INPUT NAME="emergency_contact_2_phone" input type="tel" SIZE=7 MAXLENGTH=7 onKeyPress="return numbersonly(this, event)" required="required"><br /><br />

    <SCRIPT TYPE="text/javascript">
        <!--
        autojump("emergency_contact_2_areacode", "emergency_contact_2_phone", 3);
        //-->
    </SCRIPT>

    <label>Name of Home Church: </label>
    <input type="text" name="home_church" /><br /><br />
    <label>Phone Number: </label>
    (<INPUT NAME="church_areacode" input type="tel" SIZE=3 MAXLENGTH=3 onKeyPress="return numbersonly(this, event)">)
    <INPUT NAME="church_phone" input type="tel" SIZE=7 MAXLENGTH=7 onKeyPress="return numbersonly(this, event)"><br />

    <SCRIPT TYPE="text/javascript">
        autojump("church_areacode", "church_phone", 3);
    </SCRIPT>

    <label>Contact Person: </label>
    <input type="text" name="contact_person" /><br /><br />

    <b>Special Needs</b><br /> Some campers may have needs that might require special attention from our staff; accessibility, health concerns, diet, allergies, etc. <br /><br />
    <label>Please list any special needs: </label>
    <textarea rows="10" cols="20" name="special_needs"> </textarea> <br /><br />
    <label>T-Shirt Size*: </label>
    <input type="radio" name="shirt_size" value="Small" required="required"> Small
    <input type="radio" name="shirt size" value="Medium" required="required"> Medium
    <input type="radio" name="shirt size" value="Large" required="required"> Large
    <input type="radio" name="shirt size" value="XL" required="required"> XL
    <input type="radio" name="shirt size" value="2XL" required="required"> 2XL<br /><br />

    <b>Roommate</b><br /> There are double and many single occupancy dorm rooms at Grinnell college campus - if possible we will honor your request for ONE preferred roommate.<br /><br />
    <label>Roommate Preference: </label>
    <input type="text" name="roommate" /><br /><br />

    <div id="satellites">
        <b>Satellite Choices</b><br /> List your first, second, and third choices.  You will be given your first choice if it is not full.  ALL events have limited capacity. If you do not choose a satellite, one will be assigned for you. (<a href="satellites.htm"target="_blank">Satellite Choices</a>)<br />
        <label>First Choice*: </label>
        <input name="firstchoice" type="text" id="firstchoice" required="required"/><br />
        <label>Second Choice*: </label>
        <input name="secondchoice" type="text" id="secondchoice" required="required"/><br />
        <label>Third Choice*: </label>
        <input name="thirdchoice" type="text" id="thirdchoice" required="required"/><br /><br />
    </div>

    <p>
        <b> Remember! </b><br />Please to fill out and bring the <a href="Camper_Health_History_and_Authorization_Form_2013.pdf">Health Form</a> <i>with you to camp</i>.<br /><br />
        <b>Cost of SGU Camp July 8 - 12, 2013  $275 <br /></b> A $50 <i> non-refundable</i> fee is required to be registered. <br /> Due to the limited capacity of 400 campers, please note full payment is due by June 25th to ensure you have completed the registration process.
    </p><br />

    <input type="submit" value="Submit">
</form>

そしてここにPHPがあります

<?php
if(!isset($_POST['submit'])){
    //This page should not be accessed directly. Need to submit the form.
    echo "error; you need to submit the form!";
    die;
}

$page = "camper.htm";
if (!ereg($page, $_SERVER['HTTP_REFERER'])){
    echo "Invalid referer"; 
    die;
}

$firstname = $_POST['firstname'];
$lastname = $_POST['lastname'];
$initial = $_POST['initial'];
$streetaddress = $_POST['streetaddress'];
$addressline2 = $_POST['addressline2'];
$city = $_POST['city'];
$state = $_POST['state'];
$zip = $_POST['zip'];
$email = $_POST['email'];
$month = $_POST['month'];
$day = $_POST['day'];
$year = $_POST['year'];
$grade = $_POST['grade'];
$gender = $_POST['gender'];
$guardian = $_POST['guardian'];
$areacode = $_POST['areacode'];
$cellphone = $_POST['cellphone'];
$contact1 = $_POST['emergency_contact_1'];
$contact1areacode = $_POST['emergency_contact_1_areacode'];
$contact1phone = $_POST['emergency_contact_1_phone'];
$contact2 = $_POST['emergency_contact_2'];
$contact2areacode = $_POST['emergency_contact_2_areacode'];
$contact2phone = $_POST['emergency_contact_2_phone'];
$homechurch = $_POST['home_church'];
$churchareacode = $_POST['church_areacode'];
$churchphone = $_POST['church_phone'];
$contactperson = $_POST['contact_person'];
$specialneeds = $_POST['special_needs'];
$shirtsize = $_POST['shirt_size'];
$roommate = $_POST['roommate'];
$firstchoice = $_POST['firstchoice'];
$secondchoice = $_POST['secondchoice'];
$thirdchoice = $_POST['thirdchoice'];


//Validate first
if(IsInjected($visitor_email)){
    echo "Bad email address!";
    exit;
}

/*
Simple form validation
check to see if an email and message were entered */
if ($_POST['firstname'] == "" || $_POST['lastname'] == "" || $_POST['streetaddress'] == "" || $_POST['city'] == "" || $_POST['state'] == "" || $_POST['zip'] == "" || $_POST['email'] == "" || $_POST['month'] == "" || $_POST['day'] == "" || $_POST['year'] == "" || $_POST['grade'] == "" || $_POST['gender'] == "" || $_POST['guardian'] == "" || $_POST['areacode'] == "" || $_POST['cellphone'] == "" || $_POST['emergency_contact_1'] == ""  || $_POST['emergency_contact_1_areacode'] == ""  || $_POST['emergency_contact_1_phone'] == ""  || $_POST['emergency_contact_2'] == ""  || $_POST['emergency_contact_2_areacode'] == ""  || $_POST['emergency_contact_2_phone'] == ""  || $_POST['shirt_size'] == ""  || $_POST['firstchoice'] == ""  || $_POST['secondchoice'] == ""  || $_POST['thirdchoice'] == "" ) {
    echo "Please fill in all required boxes.";
}
else {
    $email_from = 'cscholtens@marionmethodist.org';//<== update the email address
    $email_subject = "New Registration";
    $email_body = "You have received a new registration.\n". 
        "Camper: $firstname $initial $lastname \n".
        "Address: $streetaddress \n".
        "$addressline2 \n".
        "$city, $state $zip \n".
        "Email: $email \n".
        "Date of Birth: $month/$day/$year \n".
        "Grade Completed: $grade \n".
        "Gender: $gender \n".
        "Guardian: $guardian \n".
        "Guardian Cell Phone: ($areacode) $cellphone \n".
        "First Emergency Contact: $contact1  Contact Number: ($contact1areacode) $contact1phone \n".
        "Second Emergency Contact: $contact2  Contact Number: ($contact2areacode) $contact2phone \n".
        "Home Church: $homechurch Contact Number: ($churchareacode) $churchphone Contact Person: $contactperson \n".
        "Special Needs: $specialneeds \n".
        "T-Shirt Size: $shirtsize \n".
        "Roommate Preference: $roommate \n".
        "Satellite Preferences: 1.$firstchoice 2.$secondchoice 3.$thirdchoice \n".
        " \n".

    $to = "cscholtens@marionmethodist.org";//<== update the email address
    $headers = "From: $email_from \r\n"; //Send the email!
    mail($to,$email_subject,$email_body,$headers);
    //done. redirect to thank-you page.
    header('Location: thanks2.htm');

    // Function to validate against any email injection attempts
    function IsInjected($str) {
        $injections = array('(\n+)',
            '(\r+)',
            '(\t+)',
            '(%0A+)',
            '(%0D+)',
            '(%08+)',
            '(%09+)'
        );
        $inject = join('|', $injections);
        $inject = "/$inject/i";
        if(preg_match($inject,$str)){
            return true;
        }
        else{
            return false;
        }
    }
}
?>
4

4 に答える 4

2

送信ボタンにname値が付いた属性があることを確認する必要がありますsubmit。それ以外の場合$_POST['submit']は設定されません。

<input type="submit" name="submit" value="Submit Form">
于 2012-12-21T15:08:34.520 に答える
0

これが私の標準的な教育例です。ereg()関数を削除することをお勧めします!

<?php // RAY_form_to_email.php
error_reporting(E_ALL);


// SEND MAIL FROM A FORM


// REQUIRED VALUES ARE PREPOPULATED - CHANGE THESE FOR YOUR WORK
$from  = "NoReply@Your.org";
$subj  = "Contact Form";

// THIS IS AN ARRAY OF RECIPIENTS - CHANGE THESE FOR YOUR WORK
$to[]  = "You@Your.org";
$to[]  = "Her@Your.org";
$to[]  = "Him@Your.org";


// IF THE DATA HAS BEEN POSTED
if (!empty($_POST['email']))
{
    // DISABLED ON THE SERVER SIDE
    var_dump($_POST);
    die(' DISABLED');

    // CLEAN UP THE POTENTIALLY BAD AND DANGEROUS DATA
    $email      = clean_string($_POST["email"]);
    $name       = clean_string($_POST["name"]);
    $telephone  = clean_string($_POST["telephone"]);

    // CONSTRUCT THE MESSAGE THROUGH STRING CONCATENATION
    $content    = NULL;
    $content   .= "You have a New Query From $name" . PHP_EOL . PHP_EOL;
    $content   .= "Tel No: $telephone" . PHP_EOL;
    $content   .= "Email: $email" . PHP_EOL;

    // SEND MAIL TO EACH RECIPIENT
    foreach ($to as $recipient)
    {
        if (!mail( $recipient, $subj, $content, "From: $from\r\n"))
        {
            echo "MAIL FAILED FOR $recipient";
        }
        else
        {
            echo "MAIL WORKED FOR $recipient";
        }
    }

    // PRODUCE THE THANK-YOU PAGE
    echo '<p>THANK YOU</p>' . PHP_EOL;
}


// A FORM TO TAKE CLIENT INPUT FOR THIS SCRIPT
$form = <<<ENDFORM
<form method="post">
Please enter your contact information
<br/>Email: <input name="email" />
<br/>Phone: <input name="telephone" />
<br/>Name:  <input name="name" />
<br/><input type="submit" />
</form>
ENDFORM;

エコー$フォーム;

于 2012-12-21T15:17:26.223 に答える
0

フォームが投稿されたことを検出するためのより良い方法が必要です。

if($_SERVER['REQUEST_METHOD'] !== 'POST')
{
    //do error here
}

これにより、フォームが送信されたときにPOSTが返されます。それがあなたのフォームであったことをさらに検証する必要がありますが、それを確実に行う唯一の方法はフォームキーを使用することです。

于 2012-12-21T15:18:17.517 に答える
0

'HTTP_REFERER'ユーザーエージェントを現在のページに参​​照させたページのアドレス(存在する場合)。これは、ユーザーエージェントによって設定されます。すべてのユーザーエージェントがこれを設定するわけではなく、HTTP_REFERERを機能として変更する機能を提供するものもあります。要するに、それは本当に信頼できるものではありません。

http://php.net/manual/en/reserved.variables.server.php

HTTP_REFERRER変数をエコーし​​て、そこに何かがあるかどうかを確認します。php_header関数を使用してURLをチェックしてください。

于 2012-12-21T15:22:13.990 に答える