0

嗨,我使用了一个基本的验证码脚本,如下所示。我面临的问题是,尽管验证码值错误,但仍提交了表单。如果 Captcha 的值输入错误,我需要阻止表单提交。

<?php
  if(isset($_POST['submit']))
{
  $hash = (!empty($_POST['hash'])) ? preg_replace('/[\W]/i', '', trim($_POST['hash'])) : ''; // Remove any non alphanumeric characters to prevent exploit attempts
  $captchacode = (!empty($_POST['captchacode'])) ? preg_replace('/[\W]/i', '', trim($_POST['captchacode'])) : ''; // Remove any non alphanumeric characters to prevent exploit attempts
  // function to check the submitted captcha
  function captchaChars($hash)
  {
    //  Generate a 32 character string by getting the MD5 hash of the servers name with the hash added to the end.
    //  Adding the servers name means outside sources cannot just work out the characters from the hash
    $captchastr = strtolower(md5($_SERVER['SERVER_NAME'] . $hash));
    $captchastr2 = '';
    for($i = 0; $i <= 28; $i += 7)
    {
      $captchastr2 .= $captchastr[$i];
    }
    return $captchastr2;
  }
  if(!empty($captchacode))
  {
    if(strtolower($captchacode) == captchaChars($hash))  // We convert submitted characters to lower case then compare with the expected answer
    {
      echo '<h3>The submitted characters were correct</h3>';

    }
    else
    {
      echo '<h3>The submitted characters were WRONG!</h3>';
       return true;
    }

  }

  else
  {
    echo '<h3>You forgot to fill in the code!</h3>';
    return true;
  }

}
?>
4

1 回答 1

0

我在我的网站上启动并运行了验证码,但它并没有阻止垃圾邮件。恐怕它已作为一种垃圾邮件预防机制受到损害。

除此之外,如果验证码不正确,则需要返回 false 并且不会提交表单。

于 2012-11-06T15:54:14.953 回答