Email spoofing error: form is sending from submitted email, not server/domain
Email spoofing error: form is sending from submitted email, not server/domain
例如,如果我们在表单中输入任何电子邮件,我们在提交表单时会收到电子邮件欺骗错误。但是,如果我们输入来自网站域的电子邮件,表单将无误发送。
我们如何更改从域发送的电子邮件而不是从表单提交的电子邮件?
预先感谢您的宝贵时间和技巧。
* Server settings
*/
// $mail->SMTPDebug = SMTP::DEBUG_SERVER; // Enable verbose debug output
// $mail->SMTPDebug = 2;
$mail->isSMTP(); // Send using SMTP
$mail->Host = 'smtp.ipage.com'; // Set the SMTP server to send through
$mail->SMTPAuth = true; // Enable SMTP authentication
$mail->Username = 'contact@mikesledztattoo.com'; // SMTP username
$mail->Password = 'password'; // SMTP password
$mail->SMTPSecure = "tls"; // Enable TLS encryption; `PHPMailer::ENCRYPTION_SMTPS` encouraged
$mail->Port = 587; // TCP port to connect to, use 465 for `PHPMailer::ENCRYPTION_SMTPS` above
// $mail->SMTPSecure = "tls"; // Enable TLS encryption, `ssl` also accepted
// $mail->Port = 587; // TCP port to connect to
// Name
if (array_key_exists('name', $_POST)) {
//Limit length and strip HTML tags
$name = substr(strip_tags($_POST['name']), 0, 255);
} else {
$name = '';
$msg .= "Error: invalid name provided (1)";
$err = true;
}
// Phone
if (array_key_exists('phone', $_POST)) {
//Limit length and strip HTML tags
$phone = substr(strip_tags($_POST['phone']), 0, 15);
} else {
$phone = 'Not A Valid Phone';
$msg .= "Error: invalid phone number provided (2)";
$err = true;
}
// Email
// Make sure the address they provided is valid before trying to use it
if (array_key_exists('email', $_POST) and (PHPMailer::validateAddress($_POST['email'], 'php'))){
// $email = $_POST['email'];
$email = filter_var($_POST['email'], FILTER_SANITIZE_EMAIL);
} else {
$msg .= "Error: invalid email provided";
$err = true;
}
// Message
// Apply some basic validation and filtering to the query / message
if (array_key_exists('message', $_POST)) {
//Limit length and strip HTML tags
$message = nl2br($_POST['message']);
// $message = nl2br($_POST['message']);
// $message = utf8_encode(filter_var($_POST['message'], FILTER_SANITIZE_STRING));
// $message = htmlspecialchars($_POST['message']);
// $message = strip_tags(htmlentities($_POST['message'], ENT_QUOTES),'<br><p>');
} else {
$message = '';
$msg = 'No message provided!';
$err = true;
}
//Recipients
$mail->setFrom($_POST['email'], $_POST['name']);
$mail->addAddress('personalemail@gmail.com', 'Mike S');
$mail->addReplyTo('$email', '$name');
$mail->Subject = 'MikeSledzTattoo.com Tattoo Inqury - '.$name;
$mail->Body = $name . '<br>' . $email . '<br>' . $phone . '<br>' . $message . '<br>';
$mail->AltBody = $name . '\n' . $email . '\n' . $phone . '\n' . $message . '\n';
$mail->isHTML(true); // Set email format to HTML
$error_count = 0;
$image_count = 0;
for ($ct = 0, $ctMax = count($_FILES['userfile']['tmp_name']); $ct < $ctMax; $ct++) {
$image_count++;
// Extract an extension from the provided filename
$ext = PHPMailer::mb_pathinfo($_FILES['userfile']['name'], PATHINFO_EXTENSION);
// Define a safe location to move the uploaded file to, preserving the extension
$uploadfile = tempnam(sys_get_temp_dir(), $_FILES['userfile']['name'][$ct]) . '.' . $ext;
$filename = $_FILES['userfile']['name'][$ct];
if (move_uploaded_file($_FILES['userfile']['tmp_name'][$ct], $uploadfile)) {
if (!$mail->addAttachment($uploadfile, $filename)) {
$msg .= 'Failed to attach file '.$image_count.' ' . $filename;
}
} else {
$error_count++;
$adds_var = ($error_count > 1 ? 's' : '');
$msg .= "<p>Failed to move image ".$image_count." into the email. This image was too large or corrupted.</p>";
}
}
/* HTML Email Template*/
ob_start();
include('vendor/htmlemail/index.php');
$mail->Body = ob_get_contents();
ob_end_clean();
// Mail Send Errors or Confirmation
if (!$mail->send()) {
$msg .= 'Mailer Error: ' . $mail->ErrorInfo;
} else {
$msg .= '
<br><br><h1 class="entry-title page-title center-text">Tattoo Request Sent!</h1>';
$msg .= '
<div class="last">
<p>Thank you for sharing your dream tattoo details. We appreciate your interest in working with us. Mike Sledz Tattoo will get back to you shortly!</p>
</div>';
}
}
?>
<!DOCTYPE HTML>
<html lang="en-US">
<head>
<title>Mike Sledz Tattoo | Contact</title>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<meta name="description" content="" />
<meta name="keywords" content="" />
<meta name="author" content="" />
<meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1">
<meta name="robots" content="follow,noindex">
<?php include('head.php'); ?>
<!--[if lt IE 9]>
<script src="js/html5shiv.js"></script>
<script src="js/respond.min.js"></script>
<![endif]-->
</head>
<body class="page-background">
<div class="site-wrapper">
<?php include('nav.php'); ?>
<!-- Page Content Holder -->
<div id="content" class="site-content">
<div class="content-holder center-relative content-1170">
<?php if ($books == 1) {
if (empty($msg)) { ?>
<h1 class="entry-title page-title center-text">Request A Tattoo</h1>
<p>Please include all necessary information, <em><a target="_blank" href="https://squoosh.app/">consider preparing any large images for email</a>.</em></p>
<div class="last">
<div class="contact-form">
<!-- BEGIN FORM STATE -->
<form method="post" enctype="multipart/form-data">
<label for="name">Full Name:</label>
<input type="text" name="name" id="name" maxlength="255" placeholder="Full Name" required><br>
<br>
<label for="phone">Phone:</label>
<input type="tel" name="phone" id="name" maxlength="15" placeholder="Phone Number" required><br>
<br>
<label for="email">Email:</label>
<input type="email" name="email" id="email" maxlength="255" placeholder="Email" required><br>
<br>
<label for="message">Tattoo Details <em style="font-size:0.8em;opacity:0.7;">description, where, size, placement</em></label>
<textarea cols="30" rows="8" name="message" id="message" placeholder="Tattoo description, where, size, placement" required></textarea><br>
<br>
<label for="userfile[]">Upload Files <a style="font-size:0.8em;opacity:0.7;" title="20MB Maximum. Holding the ctrl key will allow selection of multiple files">[?]</a></label>
<input type="hidden" name="MAX_FILE_SIZE" value="20000000">
<input id="file" type="file" name="userfile[]" multiple="multiple" onchange="javascript:updateList()">
<div id="filelist"></div>
<ul>
<li>Upload a photo of the location of your body where your tattoo will be placed.</li>
<li>Upload any reference photos you may have</li>
</ul>
<p class="contact-submit-holder">
<input class="agree" type="submit" value="Submit Request">
</p>
</form>
```
如果您只想从例如 info@mycompany.com
发送
您设置发件人和回复
$mail->setFrom('info@mycompany.com','Info - MyCompany');
$mail->addReplyTo('info@mycompany.com','Info - MyCompany');
在 $mail->setFrom($_POST['email'], $_POST['name']); 中,将 $_POST 值替换为来自您域的固定电子邮件地址。人们经常使用“noreply@...”类型的地址来发送此类自动电子邮件。例如:
$mail->setFrom("noreply@yourdomain.com", "Your Company Name");
它不一定是带有邮箱的“真实”帐户,它只需要与您发送它的服务器来自同一域,否则 - 正确 - 它会被识别为欺骗/ 垃圾邮件尝试。
如果您需要知道它来自谁,请将这些值放入电子邮件的 body 中。而且,如果您希望能够点击“回复”并将电子邮件返回给填写表格的人,请将他们的地址放在 reply-to header 中——两者看起来都像您在这种情况下已经完成了。
例如,如果我们在表单中输入任何电子邮件,我们在提交表单时会收到电子邮件欺骗错误。但是,如果我们输入来自网站域的电子邮件,表单将无误发送。
我们如何更改从域发送的电子邮件而不是从表单提交的电子邮件?
预先感谢您的宝贵时间和技巧。
* Server settings
*/
// $mail->SMTPDebug = SMTP::DEBUG_SERVER; // Enable verbose debug output
// $mail->SMTPDebug = 2;
$mail->isSMTP(); // Send using SMTP
$mail->Host = 'smtp.ipage.com'; // Set the SMTP server to send through
$mail->SMTPAuth = true; // Enable SMTP authentication
$mail->Username = 'contact@mikesledztattoo.com'; // SMTP username
$mail->Password = 'password'; // SMTP password
$mail->SMTPSecure = "tls"; // Enable TLS encryption; `PHPMailer::ENCRYPTION_SMTPS` encouraged
$mail->Port = 587; // TCP port to connect to, use 465 for `PHPMailer::ENCRYPTION_SMTPS` above
// $mail->SMTPSecure = "tls"; // Enable TLS encryption, `ssl` also accepted
// $mail->Port = 587; // TCP port to connect to
// Name
if (array_key_exists('name', $_POST)) {
//Limit length and strip HTML tags
$name = substr(strip_tags($_POST['name']), 0, 255);
} else {
$name = '';
$msg .= "Error: invalid name provided (1)";
$err = true;
}
// Phone
if (array_key_exists('phone', $_POST)) {
//Limit length and strip HTML tags
$phone = substr(strip_tags($_POST['phone']), 0, 15);
} else {
$phone = 'Not A Valid Phone';
$msg .= "Error: invalid phone number provided (2)";
$err = true;
}
// Email
// Make sure the address they provided is valid before trying to use it
if (array_key_exists('email', $_POST) and (PHPMailer::validateAddress($_POST['email'], 'php'))){
// $email = $_POST['email'];
$email = filter_var($_POST['email'], FILTER_SANITIZE_EMAIL);
} else {
$msg .= "Error: invalid email provided";
$err = true;
}
// Message
// Apply some basic validation and filtering to the query / message
if (array_key_exists('message', $_POST)) {
//Limit length and strip HTML tags
$message = nl2br($_POST['message']);
// $message = nl2br($_POST['message']);
// $message = utf8_encode(filter_var($_POST['message'], FILTER_SANITIZE_STRING));
// $message = htmlspecialchars($_POST['message']);
// $message = strip_tags(htmlentities($_POST['message'], ENT_QUOTES),'<br><p>');
} else {
$message = '';
$msg = 'No message provided!';
$err = true;
}
//Recipients
$mail->setFrom($_POST['email'], $_POST['name']);
$mail->addAddress('personalemail@gmail.com', 'Mike S');
$mail->addReplyTo('$email', '$name');
$mail->Subject = 'MikeSledzTattoo.com Tattoo Inqury - '.$name;
$mail->Body = $name . '<br>' . $email . '<br>' . $phone . '<br>' . $message . '<br>';
$mail->AltBody = $name . '\n' . $email . '\n' . $phone . '\n' . $message . '\n';
$mail->isHTML(true); // Set email format to HTML
$error_count = 0;
$image_count = 0;
for ($ct = 0, $ctMax = count($_FILES['userfile']['tmp_name']); $ct < $ctMax; $ct++) {
$image_count++;
// Extract an extension from the provided filename
$ext = PHPMailer::mb_pathinfo($_FILES['userfile']['name'], PATHINFO_EXTENSION);
// Define a safe location to move the uploaded file to, preserving the extension
$uploadfile = tempnam(sys_get_temp_dir(), $_FILES['userfile']['name'][$ct]) . '.' . $ext;
$filename = $_FILES['userfile']['name'][$ct];
if (move_uploaded_file($_FILES['userfile']['tmp_name'][$ct], $uploadfile)) {
if (!$mail->addAttachment($uploadfile, $filename)) {
$msg .= 'Failed to attach file '.$image_count.' ' . $filename;
}
} else {
$error_count++;
$adds_var = ($error_count > 1 ? 's' : '');
$msg .= "<p>Failed to move image ".$image_count." into the email. This image was too large or corrupted.</p>";
}
}
/* HTML Email Template*/
ob_start();
include('vendor/htmlemail/index.php');
$mail->Body = ob_get_contents();
ob_end_clean();
// Mail Send Errors or Confirmation
if (!$mail->send()) {
$msg .= 'Mailer Error: ' . $mail->ErrorInfo;
} else {
$msg .= '
<br><br><h1 class="entry-title page-title center-text">Tattoo Request Sent!</h1>';
$msg .= '
<div class="last">
<p>Thank you for sharing your dream tattoo details. We appreciate your interest in working with us. Mike Sledz Tattoo will get back to you shortly!</p>
</div>';
}
}
?>
<!DOCTYPE HTML>
<html lang="en-US">
<head>
<title>Mike Sledz Tattoo | Contact</title>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<meta name="description" content="" />
<meta name="keywords" content="" />
<meta name="author" content="" />
<meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1">
<meta name="robots" content="follow,noindex">
<?php include('head.php'); ?>
<!--[if lt IE 9]>
<script src="js/html5shiv.js"></script>
<script src="js/respond.min.js"></script>
<![endif]-->
</head>
<body class="page-background">
<div class="site-wrapper">
<?php include('nav.php'); ?>
<!-- Page Content Holder -->
<div id="content" class="site-content">
<div class="content-holder center-relative content-1170">
<?php if ($books == 1) {
if (empty($msg)) { ?>
<h1 class="entry-title page-title center-text">Request A Tattoo</h1>
<p>Please include all necessary information, <em><a target="_blank" href="https://squoosh.app/">consider preparing any large images for email</a>.</em></p>
<div class="last">
<div class="contact-form">
<!-- BEGIN FORM STATE -->
<form method="post" enctype="multipart/form-data">
<label for="name">Full Name:</label>
<input type="text" name="name" id="name" maxlength="255" placeholder="Full Name" required><br>
<br>
<label for="phone">Phone:</label>
<input type="tel" name="phone" id="name" maxlength="15" placeholder="Phone Number" required><br>
<br>
<label for="email">Email:</label>
<input type="email" name="email" id="email" maxlength="255" placeholder="Email" required><br>
<br>
<label for="message">Tattoo Details <em style="font-size:0.8em;opacity:0.7;">description, where, size, placement</em></label>
<textarea cols="30" rows="8" name="message" id="message" placeholder="Tattoo description, where, size, placement" required></textarea><br>
<br>
<label for="userfile[]">Upload Files <a style="font-size:0.8em;opacity:0.7;" title="20MB Maximum. Holding the ctrl key will allow selection of multiple files">[?]</a></label>
<input type="hidden" name="MAX_FILE_SIZE" value="20000000">
<input id="file" type="file" name="userfile[]" multiple="multiple" onchange="javascript:updateList()">
<div id="filelist"></div>
<ul>
<li>Upload a photo of the location of your body where your tattoo will be placed.</li>
<li>Upload any reference photos you may have</li>
</ul>
<p class="contact-submit-holder">
<input class="agree" type="submit" value="Submit Request">
</p>
</form>
```
如果您只想从例如 info@mycompany.com
发送您设置发件人和回复
$mail->setFrom('info@mycompany.com','Info - MyCompany');
$mail->addReplyTo('info@mycompany.com','Info - MyCompany');
在 $mail->setFrom($_POST['email'], $_POST['name']); 中,将 $_POST 值替换为来自您域的固定电子邮件地址。人们经常使用“noreply@...”类型的地址来发送此类自动电子邮件。例如:
$mail->setFrom("noreply@yourdomain.com", "Your Company Name");
它不一定是带有邮箱的“真实”帐户,它只需要与您发送它的服务器来自同一域,否则 - 正确 - 它会被识别为欺骗/ 垃圾邮件尝试。
如果您需要知道它来自谁,请将这些值放入电子邮件的 body 中。而且,如果您希望能够点击“回复”并将电子邮件返回给填写表格的人,请将他们的地址放在 reply-to header 中——两者看起来都像您在这种情况下已经完成了。