I'm implementing a contact form in php using the mail() function. In the contact form, I ask for the user's email address, and upon submission I send their message to my own email address.
Here is my php code:
$to = '[email protected]';
$from_name = $_POST['InputName'];
$from_email = $_POST['InputEmail'];
$subject = 'Message from '.$from_name;
$message = $_POST['InputMessage'];
$headers = 'From: '.$from_email."
".'Reply-To: '.$from_email.
"
".'X-Mailer: PHP/'.phpversion();
$mailsuccess = mail($to,$subject,$message,$headers);
After testing this, I realize a person can send me an email masquerading as someone else's valid email address. For example, during testing, I used my friend's email and sent myself a message. Isn't this a security problem? In my gmail account, I did get a warning that this email may not be from that person, but if it's not clearly spam I usually ignore that warning.
For example, if Bob ([email protected]) sends a message through the contact form masquerading as Chris ([email protected]), I will respond in my email to Chris. Chris thinks his email is hacked because he never sent that email. Is this generally an issue? Or is there a way to make it safer?
See Question&Answers more detail:
os 与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…