0

这是表单的 URL:http ://www.mrhowtosay.com/register

我似乎从这个表格中获得了大约 20-30 个机器生成的帐户。我不知道机器人是如何通过它的,因为我对其进行了多次测试以查看它是否会在不输入正确的验证码的情况下通过,但是当我尝试它时,它似乎正确地拒绝了使用空白或不正确的验证码创建帐户的尝试。

所以我不知道如何阻止创建垃圾邮件帐户。也许我的公钥已被泄露?从我在垃圾邮件创建帐户中看到的模式来看,似乎创建它们的来源不止一个。

如果有必要,这里是doregister.php表单发布到的页面中的代码:

<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/> 
</head>
<body>Please wait...
<?
session_start();
include 'functions.php';
function check_email_address($email) {
// First, we check that there's one @ symbol, 
// and that the lengths are right.
if (!ereg("^[^@]{1,64}@[^@]{1,255}$", $email)) {
// Email invalid because wrong number of characters 
// in one section or wrong number of @ symbols.
return false;
}
// Split it into sections to make life easier
$email_array = explode("@", $email);
$local_array = explode(".", $email_array[0]);
for ($i = 0; $i < sizeof($local_array); $i++) {
if
(!ereg("^(([A-Za-z0-9!#$%&'*+/=?^_`{|}~-][A-Za-z0-9!#$%&
?'*+/=?^_`{|}~\.-]{0,63})|(\"[^(\\|\")]{0,62}\"))$",
$local_array[$i])) {
  return false;
}
}
// Check if domain is IP. If not, 
// it should be valid domain name
if (!ereg("^\[?[0-9\.]+\]?$", $email_array[1])) {
$domain_array = explode(".", $email_array[1]);
if (sizeof($domain_array) < 2) {
    return false; // Not enough parts to domain
}
for ($i = 0; $i < sizeof($domain_array); $i++) {
  if
(!ereg("^(([A-Za-z0-9][A-Za-z0-9-]{0,61}[A-Za-z0-9])|
?([A-Za-z0-9]+))$",
$domain_array[$i])) {
    return false;
  }
}
}
return true;
}


    //------------------------------------------------------------------------checkrecaptcha

require_once('recaptchalib.php');
$privatekey = "CENSORED";
$resp = recaptcha_check_answer ($privatekey,
                            $_SERVER["REMOTE_ADDR"],
                            $_POST["recaptcha_challenge_field"],
                            $_POST["recaptcha_response_field"]);

if (!$resp->is_valid) {
        $_SESSION['msg2'] = "The reCAPTCHA wasn't entered correctly. Please try it again";
        ?><meta http-equiv="Refresh" content="0; url=http://www.mrhowtosay.com/register"> <?
die ("The reCAPTCHA wasn't entered correctly. Go back and try it again." .
     "(reCAPTCHA said: " . $resp->error . ")");
} 

else{
    // Your code here to handle a successful verification



    //----------------------------------------------------------------------------------------------

    //----------------------------------------uthenticating submied fields---------------------------
    //--------------------------------------------check passwords match--------------------------------------------------
    if ($_POST['password'] != $_POST['repeat'])  
    {
        $_SESSION['msg2'] = "passwords dont match";
        ?><meta http-equiv="Refresh" content="0; url=http://www.mrhowtosay.com/login"> <?exit();
    }
    else
    {
        $password = $_POST['password'];     
    }//--------------------------------------------check passwords match----END----------------------------------------------
    if ($_POST['email'])//-------------------------check email was submited--------------------------------------------------
    {   
        if(!check_email_address($_POST['email']))
        {
            $_SESSION['msg2'] = "(".$_POST['email'].") is not a valid email";
            ?><meta http-equiv="Refresh" content="0; url=http://www.mrhowtosay.com/login"> <?exit();
        }
        $email = $_POST['email'];
    }
    else
    {
        $_SESSION['msg2'] = "email is a required field";
        ?><meta http-equiv="Refresh" content="0; url=http://www.mrhowtosay.com/login"> <?exit();
    }//-------------------------check email was submited------END--------------------------------------------
    if ($_POST['name'])//-------------------------check name was submited--------------------------------------------------
    {
        $name = $_POST['name'];
    }
    else
    {
        $_SESSION['msg2'] = "name is a required field";
        ?><meta http-equiv="Refresh" content="0; url=http://www.mrhowtosay.com/login"> <?exit();
    }//-------------------------check name was submited----------END----------------------------------------
    //----------------------------------------uthenticating submited fields-------END--------------------


             //connecting to mysql server
        $DBConnect = mysqli_connect("localhost", "mrhowtos_user", "9Xhe9e949Xhe9e94!");
        mysqli_set_charset($DBConnect, "utf8");
        mb_internal_encoding("UTF-8");


        //error handling
        if (!$DBConnect)

        echo "<p>the database server is not available</P>";

        else
        {//------------------------------------------checking for existing user confilcts---------------------------
            if (mysqli_select_db($DBConnect, "mrhowtos_main"))
            {
                $checkqwry1 = "select name from users where name = '$name';";
                $checkqwry2 = "select email from users where email = '$email';";
                $array = mysqli_query($DBConnect, $checkqwry1);
                $Row = mysqli_fetch_row($array);
                if ($Row)
                {
                    $_SESSION['msg2'] = $Row[0]." is already in use by another user";
                    ?><meta http-equiv="Refresh" content="0; url=http://www.mrhowtosay.com/login"> <?exit();
                }

                $array = mysqli_query($DBConnect, $checkqwry2);
                $Row = mysqli_fetch_row($array);

                if ($Row)
                {
                    $_SESSION['msg2'] = "the email ".$Row[0]." is already in use by another user";
                    ?><meta http-equiv="Refresh" content="0; url=http://www.mrhowtosay.com/login"> <?exit();
                }
                else//------------------------------------------checking for existing user confilcts----END-----------------------
                {   
                    //-------------------------------aproved account credentials, insert in db and login-----------------------------------
                    $_SESSION['username'] = $name;
                    $_SESSION['rights'] = 1;
                    $_SESSION['msg2'] = "hi ".$name." you have successfully registered! and logged in!<br />Note that the \"Make Translations\" Option has now appeared in the Naviation so you can start adding translations!";
                    $ip = getRealIpAddr();
                    //--------------------------------------------insert user into db--------------------------------------------------------
                        $QueryResult = mysqli_query($DBConnect, "INSERT INTO `mrhowtos_main`.`users` (`ID` ,`name` ,`password` ,`email` ,`rights`, `IP address`)VALUES (NULL , '$name', '$password', '$email', '1', '$ip');")                       
                        Or die("<p>Unable to execute the query.<p>"
                        . "<p>Error code " . mysqli_errno($DBConnect)
                        . ": " . mysqli_error($DBConnect)) . "</p";
                    //--------------------------------------------insert user into db---END-----------------------------------------------------
                    if ($_SESSION['lastpage'])
                    {
                    ?><meta http-equiv="Refresh" content="0; url=http://www.mrhowtosay.com/page<?echo $_SESSION['lastpage'];?>"> <?exit(); //auto return to last page
                    }
                    else
                    {
                    ?><meta http-equiv="Refresh" content="0; url=http://www.mrhowtosay.com/login"> <?exit(); //auto return to login page
                    }
                }  //-------------------------------aproved account credentials, insert in db and login---END-------------------------------
            }
            else
            {   
                echo "database selected was not found";
            }
        }   

}
            ?><meta http-equiv="Refresh" content="0; url=http://www.mrhowtosay.com/insert"> 
            <a href="insert">insert</a>
            </body>
            </html>
4

0 回答 0