验证码脚本生成失败响应
Captcha script generates a failure response
我刚开始学习 php,试图用它来创建联系表单的验证脚本,但它总是 returns 错误,即使用户输入了正确的数字:
<?php
session_start ();
$_SESSION['safe']=rand(1000,9999);
if(isset($_POST['nazwa']) && isset ($_POST['dane']) &&isset($_POST['message']))
{
$name = $_POST['nazwa'];
$email = $_POST['dane'];
$message = $_POST['message'];
if (!empty($name) && !empty($email) && !empty($message)) {
if(strlen ($name)>50||strlen($email)>50||strlen($message)>1000) {echo 'Character limit exceeded '; } else
{
$from = 'z formularza nazwastrony';
$to = 'roman.pliszka@yahoo.com';
$subject = 'wiadomosc ze strony';
$body = "From: $name\n E-Mail: $email\n Message:\n $message";
if (!isset($_POST['check'])) {
$_SESSION['safe']=rand(1000,9999);
} else {
if ($_SESSION['safe'] == $_POST['check']) {
if ($_POST['submit'])
{
if (@mail ($to, $subject, $body, $from))
{
echo '<p>Message sent</p>';
} else
{
echo '<p>An error occurred</p>';
}
}
}else {
echo 'Incorrect number';
$_SESSION['safe']=rand(1000,9999);
}
}
}
} else {
echo 'Please fill all of the fields';
}
}
?>
脚本使用 generate.php 生成图像:
<?php
session_start();
header('Content-type: image/jpeg');
$text = $_SESSION['safe'];
$font_size = 30;
$image_width = 100;
$image_height = 40;
$image = imagecreate ($image_width, $image_height);
imagecolorallocate($image, 255, 255, 255);
$text_color = imagecolorallocate($image, 0, 0, 0);
for ($x=1; $x<50; $x++) {
$x1 = rand(1, 100);
$y1 = rand(1, 100);
$x2 = rand(1, 100);
$y2 = rand(1, 100);
imageline($image, $x1, $y1, $x2, $y2, $text_color);
}
imagettftext($image, $font_size, 0, 15, 30, $text_color, 'font.ttf', $text);
imagejpeg($image);
?>
基本上,在所有情况下我都会得到 "Incorrect number"。我的猜测是 php 会话更改生成另一个随机数,但我无法正确编写此代码。脚本和 html 形式中的所有名称都是相同的。如果有任何帮助,我将不胜感激。
编辑:这是带有用户输入的表单片段:
<image src="generate.php" />
<input type="text" name="check">
我看不到表单的代码,但似乎您使用了错误的变量来生成验证码上的文本。尝试替换
$text = $_SESSION['bezpieczny'];
和
$text = $_SESSION['safe'];
明显的问题是您的陈述顺序。在会话中生成新的随机代码之前,您应该处理 POST 数据。否则,您总是创建一个新代码而不是用户发送的代码。我会稍微改变一下:
<?php
session_start();
// PROCESS POST DATA - RETURN CORRESPONDING MESSAGE
function processPostData() {
$code="";
// CHECK IF POST DATA WAS SENT
if (isset($_POST["check"])) {
$code=$_POST["check"];
} else {
return false;
}
// CHECK CODE
if ($code != $_SESSION["safe"]) {
return "<p>Incorrect number</p>";
}
// CHECK NON-EMPTY
if (empty($_POST['nazwa']) || empty($_POST['dane']) || empty($_POST['message'])) {
return "<p>Please fill all of the fields</p>";
} else{
// GET POST DATA
$name = $_POST['nazwa'];
$email = $_POST['dane'];
$message = $_POST['message'];
}
// CHECK MAX LENGTH
if(strlen ($name)>50||strlen($email)>50||strlen($message)>1000) {
return "<p>Character limit exceeded</p>";
}
/* VALIDATE DATA HERE: email (look for good validation scripts) */
// SEND EMAIL
if (@mail ($to, $subject, $body, $from)) {
return "<p>Message sent</p>";
} else {
return "<p>An error occurred</p>";
}
}
// PROCESS POST DATA - IF SET
echo processPostData();
// GENERATE NEW CODE EVERY TIME -! AFTER PROCESSING POST DATA
$_SESSION["safe"]=rand(1000,9999);
?>
PS。问题出在代码的第 3 行 - 将其移到最后,它应该可以工作。不过,我认为使用适当的 API 会更安全。我使用:Google's reCaptcha
我刚开始学习 php,试图用它来创建联系表单的验证脚本,但它总是 returns 错误,即使用户输入了正确的数字:
<?php
session_start ();
$_SESSION['safe']=rand(1000,9999);
if(isset($_POST['nazwa']) && isset ($_POST['dane']) &&isset($_POST['message']))
{
$name = $_POST['nazwa'];
$email = $_POST['dane'];
$message = $_POST['message'];
if (!empty($name) && !empty($email) && !empty($message)) {
if(strlen ($name)>50||strlen($email)>50||strlen($message)>1000) {echo 'Character limit exceeded '; } else
{
$from = 'z formularza nazwastrony';
$to = 'roman.pliszka@yahoo.com';
$subject = 'wiadomosc ze strony';
$body = "From: $name\n E-Mail: $email\n Message:\n $message";
if (!isset($_POST['check'])) {
$_SESSION['safe']=rand(1000,9999);
} else {
if ($_SESSION['safe'] == $_POST['check']) {
if ($_POST['submit'])
{
if (@mail ($to, $subject, $body, $from))
{
echo '<p>Message sent</p>';
} else
{
echo '<p>An error occurred</p>';
}
}
}else {
echo 'Incorrect number';
$_SESSION['safe']=rand(1000,9999);
}
}
}
} else {
echo 'Please fill all of the fields';
}
}
?>
脚本使用 generate.php 生成图像:
<?php
session_start();
header('Content-type: image/jpeg');
$text = $_SESSION['safe'];
$font_size = 30;
$image_width = 100;
$image_height = 40;
$image = imagecreate ($image_width, $image_height);
imagecolorallocate($image, 255, 255, 255);
$text_color = imagecolorallocate($image, 0, 0, 0);
for ($x=1; $x<50; $x++) {
$x1 = rand(1, 100);
$y1 = rand(1, 100);
$x2 = rand(1, 100);
$y2 = rand(1, 100);
imageline($image, $x1, $y1, $x2, $y2, $text_color);
}
imagettftext($image, $font_size, 0, 15, 30, $text_color, 'font.ttf', $text);
imagejpeg($image);
?>
基本上,在所有情况下我都会得到 "Incorrect number"。我的猜测是 php 会话更改生成另一个随机数,但我无法正确编写此代码。脚本和 html 形式中的所有名称都是相同的。如果有任何帮助,我将不胜感激。
编辑:这是带有用户输入的表单片段:
<image src="generate.php" />
<input type="text" name="check">
我看不到表单的代码,但似乎您使用了错误的变量来生成验证码上的文本。尝试替换
$text = $_SESSION['bezpieczny'];
和
$text = $_SESSION['safe'];
明显的问题是您的陈述顺序。在会话中生成新的随机代码之前,您应该处理 POST 数据。否则,您总是创建一个新代码而不是用户发送的代码。我会稍微改变一下:
<?php
session_start();
// PROCESS POST DATA - RETURN CORRESPONDING MESSAGE
function processPostData() {
$code="";
// CHECK IF POST DATA WAS SENT
if (isset($_POST["check"])) {
$code=$_POST["check"];
} else {
return false;
}
// CHECK CODE
if ($code != $_SESSION["safe"]) {
return "<p>Incorrect number</p>";
}
// CHECK NON-EMPTY
if (empty($_POST['nazwa']) || empty($_POST['dane']) || empty($_POST['message'])) {
return "<p>Please fill all of the fields</p>";
} else{
// GET POST DATA
$name = $_POST['nazwa'];
$email = $_POST['dane'];
$message = $_POST['message'];
}
// CHECK MAX LENGTH
if(strlen ($name)>50||strlen($email)>50||strlen($message)>1000) {
return "<p>Character limit exceeded</p>";
}
/* VALIDATE DATA HERE: email (look for good validation scripts) */
// SEND EMAIL
if (@mail ($to, $subject, $body, $from)) {
return "<p>Message sent</p>";
} else {
return "<p>An error occurred</p>";
}
}
// PROCESS POST DATA - IF SET
echo processPostData();
// GENERATE NEW CODE EVERY TIME -! AFTER PROCESSING POST DATA
$_SESSION["safe"]=rand(1000,9999);
?>
PS。问题出在代码的第 3 行 - 将其移到最后,它应该可以工作。不过,我认为使用适当的 API 会更安全。我使用:Google's reCaptcha