0

我的网站上有一个验证码,http://sketchedneo.com/jointest.php

但是它不起作用。

它只是让不正确的代码通过。

请有人帮忙解决这个问题

我不确定我需要为此显示哪一部分代码。(这是我的验证码.php)

<?php
session_start();
header("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); 
header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT"); 
header("Cache-Control: no-store, no-cache, must-revalidate"); 
header("Cache-Control: post-check=0, pre-check=0", false);
header("Pragma: no-cache"); 

function _generateRandom($length=6)
{
    $_rand_src = array(
        array(48,57) //digits
        , array(97,122) //lowercase chars
//      , array(65,90) //uppercase chars
    );
    srand ((double) microtime() * 1000000);
    $random_string = "";
    for($i=0;$i<$length;$i++){
        $i1=rand(0,sizeof($_rand_src)-1);
        $random_string .= chr(rand($_rand_src[$i1][0],$_rand_src[$i1][1]));
    }
    return $random_string;
}

$im = @imagecreatefromjpeg("http://sketchedneo.com/images/sitedesigns/captcha.jpg"); 
$rand = _generateRandom(3);
$_SESSION['captcha'] = $rand;
ImageString($im, 5, 2, 2, $rand[0]." ".$rand[1]." ".$rand[2]." ", ImageColorAllocate ($im, 0, 0, 0));
$rand = _generateRandom(3);
ImageString($im, 5, 2, 2, " ".$rand[0]." ".$rand[1]." ".$rand[2], ImageColorAllocate ($im, 255, 0, 0));
Header ('Content-type: image/jpeg');
imagejpeg($im,NULL,100);
ImageDestroy($im);
?>

代码检查:

<tr><td align="center">CAPTCHA:<br>
    (antispam code, 3 black symbols)<br>
    <table><tr><td><img src="captcha.php" alt="captcha image"></td><td><input type="text" name="captcha" size="3" maxlength="3"></td></tr></table>
</td></tr>
<td height="27" colspan="2" valign="middle">
         <center><input type=submit name=Submit value="Register"></center>
       </td>
</table>
</form>
<?php
if(isset($_POST['captcha'])) {
    if($_SESSION['captcha'] == $_POST['captcha']) {
        if(isset($_POST["captcha"]))

            //CAPTHCA is valid; proceed the message: save to database, send by e-mail ...
            echo 'CAPTHCA is valid; proceed the message';
        }
        else
        {
        echo 'CAPTHCA is not valid; ignore submission';
        }
    }
?>

哪个代码在哪里?

<?php


include ($_SERVER['DOCUMENT_ROOT'].'/addon.php');

include ($_SERVER['DOCUMENT_ROOT'].'/dblink.php');

include ($_SERVER['DOCUMENT_ROOT'].'/security/stripusers.php');


$name = $_POST['name'];
$pass1 = $_POST['pass1'];
$pass2 = $_POST['pass2'];
$email = $_POST['email'];
$security = $_POST['security'];



$name = mysql_real_escape_string($name);
$name = stripslashes($name);
$name = stripusers($name);

$pass1 = mysql_real_escape_string($pass1);
$pass1 = stripslashes($pass1);
$pass1 = stripusers($pass1);

$pass2 = mysql_real_escape_string($pass2);
$pass2 = stripslashes($pass2);
$pass2 = stripusers($pass2);

$security = mysql_real_escape_string($security);
$security = stripslashes($security);
$security = stripusers($security);

$email = mysql_real_escape_string($email);
$email = stripslashes($email);
$email = stripusers($email);






if ((!$name) OR (!$pass1) OR (!$pass2) OR (!$email) OR (!$security))
{


 die(header("Location: $baseurl/join.php?error=Please+fill+out+all+of+the+information."));



}







$check = mysql_fetch_array(mysql_query("SELECT * FROM members WHERE username = '$name' "));




if ($check[username] == $name)



{


 die(header("Location: $baseurl/join.php?error=The+username+you+selected+already+exists"));



}



if ($pass1 != $pass2)



{



die( header("Location: $baseurl/join.php?error=Your+passwords+did+not+match"));



}





if((!is_numeric($security)) AND (!$security > 0000) AND (!$security < 9999))
    {
die(header("Location: $baseurl/join.php?error=Your+security+code+can+only+contain+numbers!"));
    }


if(strlen($security) <= 3)
    {
die(header("Location: $baseurl/join.php?error=Your+security+code+must+contain+four+numbers!"));
    }







if (preg_match('/^[a-zA-Z0-9_]*$/UD',$name))



{


$pword2 = md5($pass1);


$secure2 = md5($security);
$one = md5($name);

        mysql_query("INSERT INTO members (username,password,security,email,rank,name,age,gender,location,helpfaerie,profile,about,tasks,joined,icedmutereason,icedmutedetails,icedmuteby,icedmutedate,posts,signature,avatar,verify) VALUES ('$name','$pword2','$secure2','$email','3','$name','New Born','Unknown','Lost!','1','Welcome','Welcome','Hiding','$timestamp','None','None','None','0','0','None','http://images.neopets.com/neoboards/avatars/default.gif','0')") or die (mysql_error());










$message = "<p><p><center><table width=\"450\" border=\"0\" cellspacing=\"0\" cellpadding=\"4\" style=\"border-top: 1pt solid black;border-left: 1pt solid black;border-right: 1pt solid black;;border-bottom: 1pt solid black;\">
  <tr>
    <td colspan=\"2\" style=\"background-color:#5eaed4;border-bottom: 1pt solid black;\"><center>Welcome to Lutari.net!</center></td>
    </tr>
  <tr>
    <td><img src=\"http://images.neopets.com/pets/happy/lutari_island_baby.gif\"></td>
    <td><p>Thank you for creating an account with us. To access the full featres of the site, please activate your account by clicking <a href=\"$baseurl/verify.php?user=$name&code=$one\">HERE</a></p>
      <p>Your Username: <b>$name</b><br>
 Your Activation Code: <b>$one</b>

      <p>If you did not make an account with us, please ignore this email.</p></td>
  </tr>
</table>
<p>&nbsp;</p>
</center>";

$subject = "Welcome to Lutari! - Activate your account.";







        mail($email,$subject,$message,"From: admin@lutari.net \nContent-Type: text/html; charset=iso-8859-1\r\nMime-Version: 1.0\nContent-Transfer-Encoding: 7bit");




}



else



{


 header("Location: $baseurl/join.php?error=Your+username+can+only+contain+letters+numbers+and+underscores.");



}



setcookie("lutari_user",$name, time()+3600*24);
setcookie("lutari_pass",$pword2, time()+3600*24);





 header("Location: $baseurl/joined.php");





?>
4

1 回答 1

0

您可以将您的检查代码移动到join.pro.php(我假设这是您发布的最后一个代码部分),如下所示:

....
$email = stripslashes($email);
$email = stripusers($email);

session_start();

if (isset($_SESSION['captcha']) && isset($_POST['captcha'])){
     if($_SESSION['captcha'] != $_POST['captcha']) {
        header("Location: $baseurl/join.php?error=captcha+incorrect.");
        die();
     }

}else {
    header("Location: $baseurl/join.php?error=captcha+missing.");
    die();
}

if ((!$name) OR (!$pass1) OR (!$pass2) OR (!$email) OR (!$security))
...
于 2012-04-10T00:48:05.897 回答