1

我在网站上使用自定义 php 验证码,但无法获取发送电子邮件以检查验证码是否成功完成的 php。这是代码:

形式:

<form method="POST" name="contact_form" action="/templates/onlinespark/contact-form-handler.php"> 
    <label for="name">Name: </label>
    <input type="text" name="name" value="<?php echo htmlentities($name); ?>">
    <label for='email'>Email: </label>
    <input type="text" name="email" value="<?php echo htmlentities($visitor_email); ?>">
    <label for="phone">Phone: </label>
    <input type="text" name="phone" value='<?php echo htmlentities($phone); ?>'>
    <label for="message">Message:</label>
    <textarea name="message" rows="8" cols="30"><?php echo htmlentities($user_message); ?></textarea>
    <label><img src="/templates/onlinespark/captcha.php"></label>
    <input type="text" name="code"> 
    <input type="submit" value="Submit" name="submit" class="quoteButton">
</form>

PHP:联系表格hander.php

<?php 
    if (isset($_POST['submit'])) {
        $error = "";
        if (!empty($_POST['name'])) {
             $name = $_POST['name'];
        } else {
             $error .= "You didn't type in your name. <br />";
        }

        if (!empty($_POST['phone'])) {
            $name = $_POST['phone'];
        } else {
            $error .= "You didn't enter your phone. <br />";
        }

        if (!empty($_POST['email'])) {
            $email = $_POST['email'];
            if (!preg_match("/^[a-z0-9]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$/i", $email)){ 
                $error .= "The e-mail address you entered is not valid. <br/>";
            }
         } else {
            $error .= "You didn't type in an e-mail address. <br />";
         }

         if (!empty($_POST['message'])) {
             $message = $_POST['message'];
         } else {
             $error .= "You didn't type in a message. <br />";
         }

         if(($_POST['code']) == $_SESSION['code']) { 
             $code = $_POST['code'];
         } else { 
             $error .= "The captcha code you entered does not match. Please try again. <br />";    
         }

         if (empty($error)) {
             $from = 'From: ' . $name . ' <' . $email . '>';
             $to = "mail@email.com";
             $subject = "New contact form message";
             $content = $name . " has sent you a message: \n" . $message;
             $success = "<h3>Thank you! Your message has been sent!</h3>";
             mail($to,$subject,$content,$from);
         }
    }
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> 
<html>
<head>
<title>ERROR - Please fill in all fields!</title>
</head>
<body>
<!-- This page is displayed only if there is some error -->
<h1>ERROR - Please go back and fill in all fields!</h1>
<?php
    if (!empty($error)) {
        echo '<p class="error"><strong>Your message was NOT sent<br/> The following error(s) returned:</strong><br/>' . $error . '</p>';
    } elseif (!empty($success)) {
        echo $success;
    }
?>
</body>
</html>

基本上我需要发送邮件的外部 php 文件来检查验证码是否在发送邮件之前正确完成。目前,它似乎完全忽略了验证码。我需要做什么?

谢谢!

4

2 回答 2

1

在您的表格中:

<?php
    session_start(); //important!
    $_SESSION['code'] = sha1('Same text as in the image');
?>
<!--form goes here-->

在您的contact-form-hander.php 中:

//At top of your code
session_start();

//code

if(sha1($_POST['code']) == $_SESSION['code']) { 
    $code = $_POST['code'];
} else { 
    $error .= "The captcha code you entered does not match. Please try again. <br />";    
}

//code

sha1()函数将给定值转换为无法破解的哈希值。您应该使用它,因为可以使用开发工具轻松访问会话存储,并且机器人可能会向您的表单发送垃圾邮件(因为他可以在会话存储中读取)。因此对验证码中的文本进行编码,并将其与输入文本的编码值进行比较。该session_start()函数创建或恢复会话。

于 2013-06-11T07:26:46.520 回答
0

一种方法是在使用验证码时使用键/值对。获取随机图像(键)并比较其值...

于 2013-06-11T07:16:59.420 回答