我有一个关于我的基于 PHP 的项目的反馈网页。反馈页面有一个包含我需要的所有字段的表单,我将recaptcha 显示在那里,它工作得很好:一切都正确显示并且根据谷歌手册运行。表单“action”设置为另一个页面,该页面应该只检查recaptcha,防止sql注入并将用户消息插入数据库。一切似乎都很简单。
然而,问题出在第二页。它只是返回空白,即使它不应该:
<?php
require_once('recaptchalib.php');
$privatekey = "my private key";
$resp = recaptcha_check_answer ($privatekey,
$_SERVER["REMOTE_ADDR"],
$_POST["recaptcha_challenge_field"],
$_POST["recaptcha_response_field"]);
if (!$resp->is_valid) {
// What happens when the CAPTCHA was entered incorrectly
//in this case the returned page is totally blank
echo <<<EOT
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Error</title>
</head>
<body bgcolor="WhiteSmoke">
EOT;
switch ($_POST["lang"]) {
case "en":
echo <<<EOT
<table width="100%" height="100%" border="0" cellspacing="10" align="center">
<tr>
<td width="100" height="100" align="center" valign="middle"><h3>CAPTCHA failed ($resp->error)!</h3></td>
</tr>
</table>
<meta HTTP-EQUIV='REFRESH' content='3; url=feedback_en.php'>
</body>
</html>
EOT;
break;
//here go other possible $_POST['lang'] values which i removed from the sample since its irrelevant
}
} else {
// Your code here to handle a successful verification
//in this case the page returns totally blank either
//here goes some db stuff
//here goes sql injection check which is also skipped for this code
//more db stuff
switch ($_POST["lang"]) {
case "en":
echo <<<EOT
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Thank you!</title>
<meta HTTP-EQUIV='REFRESH' content='3; url=feedback_en.php'>
</head>
<body bgcolor="WhiteSmoke">
<table width="100%" height="100%" border="0" cellspacing="10" align="center">
<tr>
<td width="100" height="100" align="center" valign="middle"><h3>Thank you for the feedback, with your help this service will be better!</h3></td>
</tr>
</table>
</body>
</html>
EOT;
break;
//and so on...
} //end of switch
//and we have nothing
}
?>
如代码中所述,无论测试结果如何,输出页面都是空白的。如果将 recaptcha 字段完全留空,它只会有点像样的。它根据想法返回 HTML,并带有文本“CAPTCHA failed (incorrect-captcha-sol)!”