PHP Mail（）函数将“@cp-in-3.webhostbox.net”与反馈表单中的“发件人”地址一起注入_Php_Email_Code Injection

PHP Mail（）函数将“@cp-in-3.webhostbox.net”与反馈表单中的“发件人”地址一起注入

php email

PHP Mail（）函数将“@cp-in-3.webhostbox.net”与反馈表单中的“发件人”地址一起注入,php,email,code-injection,Php,Email,Code Injection,在通过反馈表发送邮件时，我遇到了很多问题。首先，函数在本地主机中发送邮件。但在上传到远程服务器后，它停止了发送。不管怎样，我总算修好了。现在它正在发送邮件，但向发件人地址注入了更多字符串。请看一看我写的代码，这是我收到电子邮件后得到的代码==> <?php function putinplace($string=NULL, $put=NULL, $position=false) { $d1=$d2=$i=false; $d=array(s

在通过反馈表发送邮件时，我遇到了很多问题。首先，函数在本地主机中发送邮件。但在上传到远程服务器后，它停止了发送。不管怎样，我总算修好了。现在它正在发送邮件，但向发件人地址注入了更多字符串。请看一看我写的代码，这是我收到电子邮件后得到的

代码==>

<?php

    function putinplace($string=NULL, $put=NULL, $position=false)
    {
        $d1=$d2=$i=false;
        $d=array(strlen($string), strlen($put));
        if($position > $d[0]) $position=$d[0];
        for($i=$d[0]; $i >= $position; $i--) $string[$i+$d[1]]=$string[$i];
        for($i=0; $i<$d[1]; $i++) $string[$position+$i]=$put[$i];
        return $string;
    }

    $from1 = $_POST["email"];
    $from = preg_replace('/[^a-zA-Z0-9@\.]/', ' ', $from1);

    $at_pos = strpos($from, "@");

    $from = putinplace($from, "\\", $at_pos);

    $subject1 = $_POST["subject"];
    $subject = preg_replace('/[^a-zA-Z0-9\']/', ' ', $subject1);
    $message1 = $_POST["body"];
    $message = preg_replace('/[^a-zA-Z0-9\']/', ' ', $message1);
    $to = "emailidtosend@gmail.com";
    $headers = 'MIME-Version: 1.0' . "\r\n";
    $headers = 'From: abc.co.in' . "\r\n". 'Reply-To: emailidtosend@gmail.com' . "\r\n" .'X-Mailer: PHP/' . phpversion();
    $headers .= 'Content-type : text/html; CHARSET=ISO-8859-1' . "\r\n";
    $headers = "From:" . $from . "\r\n";

    if(mail($to,$subject,$message,$headers)){
        echo "<script>alert('Email Sent Successfully. We will Get back to you Very soon.');</script>";
        echo "<script>window.open('contact-us.php', '_self');</script>";
    }else{
        echo "<script>alert('Unable To Send The Email.');</script>";
        echo "<script>window.open('contact-us.php', '_self');</script>";
    }
?>

和输出==>

用户名\@gmail。com@cp-in-3.webhostbox.net查看发件人地址的最后一部分

为什么要在@前面加一个\呢？您能否在PHP脚本中打印$headers以查看您的邮件服务器是否损坏了它？这看起来像是您正在使用一个web托管包，其中您的提供商将发送邮件服务器配置为将域部分附加到您的发件人地址，有效防止您欺骗提供商的邮件服务器不负责的任何地址。如果您想获得邮件的回复，请添加回复标题，然后将其设置为username@gmail.com.@Eric，我在服务器上打印了出来，输出的只是username\@gmail.com而不是username\@gmail。com@cp-in-3.webhostbox.net；现在我为什么在@is之前加上\这个邮件是从本地主机发送的，但不是从远程主机发送的。为了解决这个问题，我必须把这个。请帮帮我，兄弟。代码不是一个完整的答案。请解释你自己，你修复了什么，为什么这么做。

You do not need to put  via cp-in-9.webhostbox.net 
You need to configure you php.ini file in your web server.

Step 1. Find php.ini file
If it's not there then create one in home directory and add codes below

[mail function]
; For Win32 only.
SMTP = localhost
smtp_port = 25

; For Win32 only.
;sendmail_from = me@example.com

; For Unix only.  You may supply arguments as well (default: "sendmail -t -i").
;sendmail_path = /usr/sbin/sendmail

this path "/usr/sbin/sendmail" is specific to server.
To get yours just create a php file with code 
<?php
phpinfo();
?>

and hit that file from web browser you will get the path value for key sendmail_path

One small and simple example for sending email in php is as :

<?php

// Set up parameters
$to = "Vivek.kumar@xyz.com";
$subject = "Your password";
$message = "<p>Hello Homer,</p>
<p>Thanks for registering.</p>
<p>Your password is: <b>springfield</b></p>
";
$from = "vivek@domainname.com";

$headers = "MIME-Version: 1.0" . "\n";
$headers .= "Content-type:text/html;charset=iso-8859-1" . "\n";
$headers .= "From: $from" . "\n";

// Send email
mail($to,$subject,$message,$headers);

// Inform the user
echo "Thanks for registering! We have just sent you an email with your password.";

?>