发验证码邮箱

app/common.php

@@ -432,6 +432,14 @@ function hide_mobile(string $mobile): string
     return substr_replace($mobile, '****', 3, 4);
 }
 
+function is_email(string $email) : bool
+{
+    if (preg_match('/\w+([-+.]\w+)*@\w+([-.]\w+)*\.\w+([-.]\w+)*/', $email)) {
+        return true;
+    }
+    return false;
+}
+
 /**
  * 获取当前登录的商城ID
  * @return int $storeId

app/index/controller/Captcha.php

@@ -63,7 +63,7 @@ class Captcha extends Controller
     {
         $data = $this->postForm();
         $email = $data['mobile'] ?? '';
-        if (empty($email)) {
+        if (empty($email) || !is_email($email)) {
             return $this->renderError('Invalid email address.');
         }