0

我有一个关于我的基于 PHP 的项目的反馈网页。反馈页面有一个包含我需要的所有字段的表单,我将recaptcha 显示在那里,它工作得很好:一切都正确显示并且根据谷歌手册运行。表单“action”设置为另一个页面,该页面应该只检查recaptcha,防止sql注入并将用户消息插入数据库。一切似乎都很简单。

然而,问题出在第二页。它只是返回空白,即使它不应该:

<?php
  require_once('recaptchalib.php');
  $privatekey = "my private key";
  $resp = recaptcha_check_answer ($privatekey,
                                $_SERVER["REMOTE_ADDR"],
                                $_POST["recaptcha_challenge_field"],
                                $_POST["recaptcha_response_field"]);

  if (!$resp->is_valid) {
    // What happens when the CAPTCHA was entered incorrectly
     //in this case the returned page is totally blank
     echo <<<EOT
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Error</title>
</head>
<body bgcolor="WhiteSmoke">

EOT;

    switch ($_POST["lang"]) {
    case "en":
        echo <<<EOT

<table width="100%" height="100%" border="0" cellspacing="10" align="center">
  <tr>
    <td width="100" height="100" align="center" valign="middle"><h3>CAPTCHA failed ($resp->error)!</h3></td>
  </tr>
  </table>
  <meta HTTP-EQUIV='REFRESH' content='3; url=feedback_en.php'>
</body>
</html>
EOT;
        break;
    //here go other possible $_POST['lang'] values which i removed from the sample since its irrelevant
}
  } else {
    // Your code here to handle a successful verification
    //in this case the page returns totally blank either

    //here goes some db stuff

    //here goes sql injection check which is also skipped for this code

    //more db stuff

        switch ($_POST["lang"]) {
    case "en":
        echo <<<EOT
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Thank you!</title>
<meta HTTP-EQUIV='REFRESH' content='3; url=feedback_en.php'>
</head>

<body bgcolor="WhiteSmoke">
<table width="100%" height="100%" border="0" cellspacing="10" align="center">
  <tr>
    <td width="100" height="100" align="center" valign="middle"><h3>Thank you for the feedback, with your help this service will be better!</h3></td>
  </tr>
  </table>
</body>
</html>
EOT;
        break;
    //and so on...
} //end of switch
    //and we have nothing
  }
  ?>

如代码中所述,无论测试结果如何,输出页面都是空白的。如果将 recaptcha 字段完全留空,它只会有点像样的。它根据想法返回 HTML,并带有文本“CAPTCHA failed (incorrect-captcha-sol)!”

4

0 回答 0