0

我在网站上有一个电子邮件表单,将表单数据发送到外部 php 文件 (contact-form-handler.php) 我最近尝试添加验证码,但是我未能成功获取外部 php 文件以检查是否验证码输入正确.. 目前它说即使我输入正确的代码也是不正确的。该网站是浴室设计珀斯 com.au

表格代码:

<?php
    $_SESSION['code'] = sha1('Same text as in the image');
?>
<form method="POST" name="contact_form" action="/templates/onlinespark/contact-form-handler.php"> 
    <label for='name'>Name: </label>
    <input type="text" name="name" value='<?php echo htmlentities($name) ?>'>
    <label for='email'>Email: </label>
    <input type="text" name="email" value='<?php echo htmlentities($visitor_email) ?>'>
    <label for='phone'>Phone: </label>
    <input type="text" name="phone" value='<?php echo htmlentities($phone) ?>'>
    <label for='message'>Message:</label>
    <textarea name="message" rows=8 cols=30><?php echo htmlentities($user_message) ?></textarea>
    <label><img src="/templates/onlinespark/captcha.php"></label>
    <input type="text" name="code"> 
    <input type="submit" value="Submit" name='submit' class="quoteButton">
</form>

php代码:

<?php 
        if (isset($_POST['submit'])) {
        $error = "";

        if (!empty($_POST['name'])) {
        $name = $_POST['name'];
        } else {
        $error .= "You didn't type in your name. <br />";
        }

                if (!empty($_POST['phone'])) {
        $name = $_POST['phone'];
        } else {
        $error .= "You didn't enter your phone. <br />";
        }

        if (!empty($_POST['email'])) {
        $email = $_POST['email'];
          if (!preg_match("/^[a-z0-9]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$/i", $email)){ 
          $error .= "The e-mail address you entered is not valid. <br/>";
          }
        } else {
        $error .= "You didn't type in an e-mail address. <br />";
        }

        if (!empty($_POST['message'])) {
        $message = $_POST['message'];
        } else {
        $error .= "You didn't type in a message. <br />";
        }

        if(sha1($_POST['code']) == $_SESSION['code']) { 
    $code = $_POST['code'];
} else { 
    $error .= "The captcha code you entered does not match. Please try again. <br />";    
}

        if (empty($error)) {
        $from = 'From: ' . $name . ' <' . $email . '>';
        $to = "mail@email.com.au";
        $subject = "New contact form message";
        $content = $name . " has sent you a message: \n" . $message;
        $success = "<h3>Thank you! Your message has been sent!</h3>";
        mail($to,$subject,$content,$from);
        }
        }
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> 
<html>
<head>
<title>ERROR - Please fill in all fields!</title>
</head>
<body>
<!-- This page is displayed only if there is some error -->
<h1>ERROR - Please go back and fill in all fields!</h1>
<?php
            if (!empty($error)) {
            echo '<p class="error"><strong>Your message was NOT sent<br/> The following error(s) returned:</strong><br/>' . $error . '</p>';
            } elseif (!empty($success)) {
            echo $success;
            }
        ?>
</body>
</html>
4

1 回答 1

1

通过 POST 以编码形式将验证码的正确答案发送到外部 php 文件。

<?php $salt = 'some-random-text'; ?>

<input type="text" name="code" /> 
<input type="hidden" name="code_key" value="<?php echo sha1('Text in the image' . $salt); ?>" />

在 PHP 代码中,不要使用会话值,而是检查发布的“code_key”。

$salt = 'some-random-text'; // same salt string as in the original file
if ($_POST['code_key'] == sha1($_POST['code'] . $salt)) { 
    // captcha is correct
} else { 
    // captcha is wrong
}

这非常适用于跨不同域的验证码检查。请注意,$salt 参数是为了增加安全性。

于 2013-06-12T03:52:51.997 回答