-1

嘿伙计们,我一直在搞乱我发现的免费 php/html 联系表格:http ://www.freecontactform.com/email_form.php这就是我正在做的网站的全部内容,但我需要稍微改进一下更安全,所以我要做的就是创建一个额外的盒子并让它接受 4 的值。问题是我在实现它时遇到了麻烦。如果安全值为 4,我希望表单执行,如果不是,则显示错误消息。我收到了错误消息,但它似乎不接受 4 的值。你能看看我的代码并告诉我哪里出错了吗?谢谢。

<?php
if(isset($_POST['email'])) {

    // EDIT THE 2 LINES BELOW AS REQUIRED
    $email_to = "0000000000";
    $email_subject = "From the website";


    function died($error) {
        // your error code can go here
        echo "We are very sorry, but there were error(s) found with the form you submitted. ";
        echo "These errors appear below.<br /><br />";
        echo $error."<br /><br />";
        echo "Please go back and fix these errors.<br /><br />";
        die();
    }

    // validation expected data exists
    if(!isset($_POST['first_name']) ||
        !isset($_POST['last_name']) ||
        !isset($_POST['email']) ||
        !isset($_POST['telephone']) ||
        !isset($_POST['security']) ||
        !isset($_POST['comments'])) {
        died('We are sorry, but there appears to be a problem with the form you submitted.');       
    }

    $first_name = $_POST['first_name']; // required
    $last_name = $_POST['last_name']; // required
    $email_from = $_POST['email']; // required
    $telephone = $_POST['telephone']; // not required
    $security = $_POST['security'];
    $comments = $_POST['comments']; // required

    $error_message = "";
    $email_exp = '/^[A-Za-z0-9._%-]+@[A-Za-z0-9.-]+\.[A-Za-z]{2,4}$/';
  if(!preg_match($email_exp,$email_from)) {
    $error_message .= 'The Email Address you entered does not appear to be valid.<br />';
  }
    $string_exp = "/^[A-Za-z .'-]+$/";
    $string_sec = "4";
  if(!preg_match($string_exp,$first_name)) {
    $error_message .= 'The First Name you entered does not appear to be valid.<br />';
  }
  if(!preg_match($string_exp,$last_name)) {
    $error_message .= 'The Last Name you entered does not appear to be valid.<br />';
  }
  if(strlen($security) < 4) {
    $error_message .= 'The security passphrase is not correct.';
  }if(strlen($comments) > 4) {
    $error_message .= 'The security passphrase is not correct.<br />';
  }

  if(strlen($comments) < 2) {
    $error_message .= 'The Comments you entered do not appear to be valid.<br />';
  }
  if(strlen($error_message) > 0) {
    died($error_message);
  }
    $email_message = "Form details below.\n\n";

    function clean_string($string) {
      $bad = array("content-type","bcc:","to:","cc:","href");
      return str_replace($bad,"",$string);
    }

    $email_message .= "First Name: ".clean_string($first_name)."\n";
    $email_message .= "Last Name: ".clean_string($last_name)."\n";
    $email_message .= "Email: ".clean_string($email_from)."\n";
    $email_message .= "Telephone: ".clean_string($telephone)."\n";
    $email_message .= "Comments: ".clean_string($comments)."\n";


// create email headers
$headers = 'From: '.$email_from."\r\n".
'Reply-To: '.$email_from."\r\n" .
'X-Mailer: PHP/' . phpversion();
@mail($email_to, $email_subject, $email_message, $headers);  
?>

<!-- include your own success html here -->


Thank you for contacting us. We will be in touch with you very soon.
<?php
}
?>

我的网站的HTML:

    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<script src="Scripts/swfobject_modified.js" type="text/javascript"></script>
<head>
<link rel="stylesheet" type="text/css" media="all" href="css/text.css" />
<link rel="stylesheet" type="text/css" media="all" href="css/960.css" />
<link rel="stylesheet" type="text/css" media="all" href="css/style.css" />
<title>Japonica Flower Shop</title>
</head>

<body>
<div class="container_12" id="topContent">
  <div class="grid_4">
    <h1>Japonica Flower Shop</h1>
    <h2>For Fresh Flowers</h2>
    <h3>Secret Garden Centre, Keynsham</h3>
  </div>
  <div class="grid_8" id="rightTopContent"> <a href="index.html">home</a> | <a href="">gallery</a> | <a href="aboutus.html">about us</a> | <a href="http://blankwebsiteblog.blogspot.co.uk/">blog</a> | <a href="#">contact</a> </div>
</div>
<div class="clear">&nbsp;</div>
<div class="container_12">
  <div class="grid_4">
    <ul class="gallery">
      <li class="active">
        <table border="1" width ="100%"
cellpadding="40"  align="center">
            <tr>

          <td cell valign="top"  width ="300"><font color="black" face="Georgia, Arial, Garamond" >
            <form name="contactform" method="post" action="send_form_email.php">
              <table width="450px">
                  </tr>

                <tr>
               <p style="font-family:Helvetica;color:black;font-size:15px;">Fill out this form to send us a email, we aim to reply as soon as possible. </p>
                  <td valign="top"><label for="first_name">First Name *</label></td>
                  <td valign="top"><input  type="text" name="first_name" maxlength="50" size="30"></td>
                </tr>
                <tr>
                  <td valign="top""><label for="last_name">Last Name *</label></td>
                  <td valign="top"><input  type="text" name="last_name" maxlength="50" size="30"></td>
                </tr>
                <tr>
                  <td valign="top"><label for="email">Email Address *</label></td>
                  <td valign="top"><input  type="text" name="email" maxlength="80" size="30"></td>
                </tr>
                <tr>
                  <td valign="top"><label for="telephone">Telephone Number</label></td>
                  <td valign="top"><input  type="text" name="telephone" maxlength="30" size="30"></td>
                </tr>
                <tr>
                  <td valign="top"><label for="comments">Comments *</label></td>
                  <td valign="top"><textarea  name="comments" maxlength="1000" cols="25" rows="6"></textarea></td>
                </tr>

                 <tr>
                  <td valign="top"><label for="security">Security Passphrase</label></td>
                  <td valign="top"><input  type="number" name="security" maxlength="30" size="30">
                  <img src="./images/security.png" title="passphrase problem!" alt="1" align"left">
                  </td>
                <tr>
                  <td colspan="2" style="text-align:center"><input type="submit" value="Submit">
                    <a href="http://www.freecontactform.com/email_form.php">Email Form</a></td>
                </tr>
              </table>
            </form>
            &nbsp;
            </p></td>

            <td><p style="font-family:Helvetica;color:black;font-size:15px;">Japonica Flowershop,
Whitegate Nursieries,
The Secret Garden Centre,
Stockwood Hill,
Keynsham,
Bristol,
BS312AN,
Tel; 07848401140
</p>
<p style="font-family:Helvetica;color:black;font-size:15px;"> 
Opening Hours 10-4 closed Monday and Thursday
</p>
 </p><img src="./images/bonnet.png" title="Come on In!" alt="1" align"left"></td>
           <br />

              </font>
              </td>
          </tr>
        </table>
      </li>
    </ul>
  </div>
  <!-- end grid_4 -->
  <div class="grid_8">
    <div id="main_image"></div>
  </div>
</div>
<div class="clear">&nbsp;</div>
<div class="container_16">
  <div class="grid_2">
    <p>&nbsp;</p>
  </div>
  <div id="footer"><a href="index.html">home</a> | <a href="">gallery</a> | <a href="aboutus.html">about us</a> | <a href="http://blankwebsiteblog.blogspot.co.uk/">blog</a> | <a href="#">contact</a></div>
</div>
<div class="grid_2">
  <p>&nbsp;</p>
</div>
</div>
</div>
</body>
</html>
4

2 回答 2

0

您的代码中的行:

if(strlen($security) < 4) {

似乎是错误的,因为 $security 的长度是1

要验证它,您需要比较确切的值。

于 2013-03-17T18:25:10.427 回答
0

你根本没有使用$string_sec = "4";你设置的。

if(strlen($security) < 4) {
    $error_message .= 'The security passphrase is not correct.';
}
if(strlen($comments) > 4) {
    $error_message .= 'The security passphrase is not correct.<br />';
}

所有这一切都是检查长度$security是否小于4。你想测试 if $securitydoesn't equals $string_sec,所以使用这个:

if ($security != $string_sec) {
    $error_message .= 'The security passphrase is not correct.';
}

我不确定你在做什么测试strlen($comments),你可能想把它拿出来?

于 2013-03-17T18:23:50.877 回答