PHP Mail - Sending without information

0

I made a form in PHP with Google Captcha . Everything works. If someone sends the email via form, it arrives perfect, has required, etc. The problem is that the spans access the e-mail page on the site, eg "www.site.com.br/enviar-email.php" .

Can you put a code inside the same file by preventing it from accessing this page or by preventing the code from working because the fields are empty?

This is the code:

 <?


function post_captcha($user_response) {
        $fields_string = '';
        $fields = array(
            'secret' => '____aqui a secret key____',
            'response' => $user_response
        );
        foreach($fields as $key=>$value)
        $fields_string .= $key . '=' . $value . '&';
        $fields_string = rtrim($fields_string, '&');

        $ch = curl_init();
        curl_setopt($ch, CURLOPT_URL, 'https://www.google.com/recaptcha/api/siteverify');
        curl_setopt($ch, CURLOPT_POST, count($fields));
        curl_setopt($ch, CURLOPT_POSTFIELDS, $fields_string);
        curl_setopt($ch, CURLOPT_RETURNTRANSFER, True);

        $result = curl_exec($ch);
        curl_close($ch);

        return json_decode($result, true);
    }

    // Call the function post_captcha
    $res = post_captcha($_POST['g-recaptcha-response']);

    if (!$res['success']) {
        // What happens when the CAPTCHA wasn't checked
        echo '<p>Please go back and make sure you check the security CAPTCHA box.</p><br>';
    } else {
        // If CAPTCHA is successfully completed...

        // Paste mail function or whatever else you want to happen here!
        echo '<br><p>CAPTCHA was completed successfully!</p><br>';
    }

    $nome = $_POST['nome'];
    $fone = $_POST['telefone'];
    $email = $_POST['endereco'];
    $assunto = $_POST['assunto'];
    $msg = $_POST['msg'];

    $conteudo = "<table width='600' border='0' cellspacing='2' cellpadding='2'>
                    <tr>
                        <td colspan='1' align='center'><h3><em>Assunto do E-mail</em></h3></td>
                    </tr>

                        <tr>
                            <td width='30%' bgcolor='#f0f0f0'><strong>Nome:</strong></td>
                            <td>$nome</td>
                        </tr>
                        <tr>
                            <td width='30%' bgcolor='#f0f0f0'><strong>Telefone:</strong></td>
                            <td>$fone</td>
                        </tr>
                        <tr>
                            <td width='30%' bgcolor='#f0f0f0'><strong>Email:</strong></td>
                            <td>$email</td>
                        </tr>
                        <tr>
                            <td width='30%' bgcolor='#f0f0f0'><strong>Assunto:</strong></td>
                            <td>$assunto</td>
                        </tr>
                        <tr>
                            <td width='30%' bgcolor='#f0f0f0'><strong>Mensagem:</strong></td>
                            <td>$msg</td>
                        </tr>
                </table>";
    $seuemail = "[email protected]";
    $headers = "MIME-Version: 1.0\r\n"; 
    $headers .= "Content-type: text/html; charset=UTF-8\r\n";
    $headers .= "From:".$email." \r\n"; 
    $assunto = $assunto;

    $enviar = mail($seuemail, $assunto, $conteudo, $headers); 

    if($enviar) {
    echo "<script type='text/javascript'> alert('Contato Enviado com Sucesso!'); window.location.href='contato.php'; </script>";
    }else{
    echo "<script type='text/javascript'> alert('Ocorreu algum erro ao enviar o formul&aacute;rio'); </script>";
    }

    ?>
    
asked by anonymous 21.04.2017 / 13:09

1 answer

1

You can create a function to validate information passed via POST :

<?php
function validarPOST( $arg )
{
    if( isset( $_POST[$arg] ) ) //CHECA SE FOI PASSADO VIA POST
    {

        $arg = trim( $_POST[$arg] );

        // CHECA SE O VALOR PASSADO É NULO, VAZIO, FALSO OU ZERO;
        if( $arg == null || empty($arg) || $arg == false )
        {
            return false;
        } else
        {

        return true;

        }

    } else
    {
        return false;
    }
}
?>

Just put your code inside one condition:

<?php
if( validarPOST('nome') && validarPOST('telefone') && validarPOST('endereco') && validarPOST('assunto') && validarPOST('msg') )
{
    $nome = $_POST['nome'];
    $fone = $_POST['telefone'];
    $email = $_POST['endereco'];
    $assunto = $_POST['assunto'];
    $msg = $_POST['msg'];

    $conteudo = "<table width='600' border='0' cellspacing='2' cellpadding='2'>
                    <tr>
                        <td colspan='1' align='center'><h3><em>Assunto do E-mail</em></h3></td>
                    </tr>

                        <tr>
                            <td width='30%' bgcolor='#f0f0f0'><strong>Nome:</strong></td>
                            <td>$nome</td>
                        </tr>
                        <tr>
                            <td width='30%' bgcolor='#f0f0f0'><strong>Telefone:</strong></td>
                            <td>$fone</td>
                        </tr>
                        <tr>
                            <td width='30%' bgcolor='#f0f0f0'><strong>Email:</strong></td>
                            <td>$email</td>
                        </tr>
                        <tr>
                            <td width='30%' bgcolor='#f0f0f0'><strong>Assunto:</strong></td>
                            <td>$assunto</td>
                        </tr>
                        <tr>
                            <td width='30%' bgcolor='#f0f0f0'><strong>Mensagem:</strong></td>
                            <td>$msg</td>
                        </tr>
                </table>";
    $seuemail = "[email protected]";
    $headers = "MIME-Version: 1.0\r\n";
    $headers .= "Content-type: text/html; charset=UTF-8\r\n";
    $headers .= "From:".$email." \r\n";
    $assunto = $assunto;

    $enviar = mail($seuemail, $assunto, $conteudo, $headers);

    if($enviar) {
    echo "<script type='text/javascript'> alert('Contato Enviado com Sucesso!'); window.location.href='contato.php'; </script>";
    }else{
    echo "<script type='text/javascript'> alert('Ocorreu algum erro ao enviar o formul&aacute;rio'); </script>";
    }
} else
{
    die("Informações faltando ou inválidas!");
}
?>

PS: Basic form! Use this idea to implement validation as you need it.

    
21.04.2017 / 14:40