0

http://www.3dmark3t.com/contact.html 1这是我的联系表格,我希望在 10 分钟内只允许来自 1 个 IP 地址的 2 次提交。请在这件事上给予我帮助?这是我用于表单验证的 php 脚本:

                <?php
            if(isset($_POST['email'])) {

                // CHANGE THE TWO LINES BELOW
                $email_to = "email@domain.com";

                $email_subject = "3DMark3t Contact:";


                function died($error) {
                    // your error code can go here
                    echo "We are very sorry, but there were error(s) found with the form you submitted. ";
                    echo "These errors appear below.<br /><br />";
                    echo $error."<br /><br />";
                    echo "Please go back and fix these errors.<br /><br />";
                    die();
                }

                // validation expected data exists
               if(!isset($_POST['first_name']) ||
                !isset($_POST['last_name']) ||
                !isset($_POST['email']) ||
                !isset($_POST['telephone']) ||
                !isset($_POST['comments'])) {
              if(empty($_POST['select']) )
            {
              $var3dmodels = $_POST['3DModels'];
              $vargraphic_design = $_POST['Graphic Design'];
              $varweb_design = $_POST['Web Design'];
              $vartutorials = $_POST['Tutorials'];
              $varreport = $_POST['Report'];
              $varrequests = $_POST['Requests'];
            }
                    died('We are sorry, but there appears to be a problem with the form you submitted.');       
                }




                $first_name = $_POST['first_name']; // required
                $last_name = $_POST['last_name']; // required
                $email_from = $_POST['email']; // required
                $telephone = $_POST['telephone']; // not required
                $select = $_POST['select']; // required
                $comments = $_POST['comments']; // required

                $error_message = "";
                $email_exp = '/^[A-Za-z0-9._%-]+@[A-Za-z0-9.-]+\.[A-Za-z]{2,4}$/';
              if(!preg_match($email_exp,$email_from)) {
                $error_message .= 'The Email Address you entered does not appear to be valid.<br />';
              }
                $string_exp = "/^[A-Za-z .'-]+$/";
              if(!preg_match($string_exp,$first_name)) {
                $error_message .= 'The First Name you entered does not appear to be valid.<br />';
              }
              if(!preg_match($string_exp,$last_name)) {
                $error_message .= 'The Last Name you entered does not appear to be valid.<br />';
              }
            if(empty($_POST['select']))
            {
              $error_message .= 'The Selection you made does not appear to be valid.<br />';
            }
              if(strlen($comments) < 2) {
                $error_message .= 'The Comments you entered do not appear to be valid.<br />';
              }
              if(strlen($error_message) > 0) {
                died($error_message);
              }
                $email_message = '3DMark3t Contact:';

                function clean_string($string) {
                  $bad = array("content-type","bcc:","to:","cc:","href");
                  return str_replace($bad,"",$string);
                }

                $email_message .= "First Name: ".clean_string($first_name)."\n";
                $email_message .= "Last Name: ".clean_string($last_name)."\n";
                $email_message .= "Email: ".clean_string($email_from)."\n";
                $email_message .= "Telephone: ".clean_string($telephone)."\n";
                $email_message .= "Select One: ".clean_string($select)."\n";
                $email_message .= "Comments: ".clean_string($comments)."\n";


            // create email headers
            $headers = 'From: '.$email_from."\r\n".
            'Reply-To: '.$email_from."\r\n" .
            'X-Mailer: PHP/' . phpversion();
            @mail($email_to, $email_subject, $email_message, $headers);  
            ?>

            <!-- place your own success html below -->

            <img src="../images/loading-circle.gif" width="32" height="32" />  Thank you for contacting us. We will be in touch with you very soon.
            <script type = "text/javascript">setTimeout('window.opener.location.href=\'http://www.3dmark3t.com\';close();', 3000)</script>
            <?php
            }
            die();
            ?>
4

2 回答 2

1

由于用户可以在两分钟内销毁他们的会话并再次提交,因此必须在您这边完成(可能使用数据库)。您的数据库应该跟踪用户提交和 IP 地址。当用户提交(或访问提交表单)时,根据您的数据库检查他们的 IP。如果他们在最后 2 分钟(或者是 10 分钟)内提交了,请显示错误并拒绝他们。如果你需要一些代码,我需要看看你正在使用什么代码。

于 2011-10-20T18:35:54.573 回答
1

使用 IP 地址进行检查存在致命缺陷——因为一些公司(甚至 ISP)共享 IP 地址。没有保证的解决方案,但为什么不探索使用 cookie(以及像 Captcha 之类的东西)

于 2011-10-20T18:42:12.963 回答