错误的Securimage验证码仍然会发送表单

时间:2014-06-17 17:48:03

标签: php forms validation email

第一次海报,温柔。

我有一个带有.php处理脚本的表单,除了我开始接收垃圾邮件之外,它的工作时间最长。我对Captcha进行了一些研究,并遇到了Securimage,它是(据说)最容易实现的之一。我下载了文件并将其安装到我的脚本中。我遇到了两个问题。

  1. 如果验证码留空,表单仍在发送(它仍然通知我它是空白的。)
  2. 如果验证码错误,表格仍在发送(它仍然通知我这是错误的)。

    3. 您可以在此处看到它:http://216.119.71.44/contact/

    我"打补丁"问题1只需将该字段设为必填字段即可。我需要一些帮助来修复第2号。下面是我的代码,你可以找到securimage here的文档:

    contact.php:

    <?php 
$thisPage = "Contact";
$errors = array();
$missing = array();
$date = date('F j, Y');

// check if the form has been submitted
if (isset($_POST['send'])) {

    // sends the message to recipient
    ini_set("SMTP","mail.abcprintingink.com");

    // Please specify an SMTP Number 25 and 8889 are valid SMTP Ports.
    ini_set("smtp_port","587");

    // Please specify the return address to use 

    $to = 'paulr@abcprintingink.com'; //recipient's email address
    $from = $_POST['email']; // this is the sender's Email address
    $fname = $_POST['fname'];
    $lname = $_POST['lname'];
    $subject = 'Online Form Submission';
    $expected = array('fname','lname','email','phone','comments','captcha_code');
    $required = array('fname','lname','email','phone','comments','captcha_code','');
    $headers = "From: Technical Staffing Solutions";

    // sends a copy of the message to the sender
    $receiptHeader = "From: Technical Staffing Solutions";
    $receiptSubject = "Copy of your form submission";
    $receipt = "Hello " . $fname . "," . "\n" . "Below is a copy of the message you sent to us on " . $date . ". We will contact you as soon as possible. Thank you!" . "\n\n" . $_POST['comments'];
    mail($from,$receiptSubject,$receipt,$receiptHeader); 

    // detailed processing script (checks for errors)
    require('../include/processmail.php');
}
?>

<h1>CONTACT US</h1>
<?php 
// Various on submit mail messages
    if ($mailSent)  { 
        echo "<div id=\"form-success\"><div>&#x2713;</div><p>Thank you " . $fname . ", your message has been sent.</p></div>"; 
    } 
    elseif (($_POST && $suspect) || ($_POST && isset($errors['mailfail']))) { 
        echo "<div id=\"form-error\"><div>!</div><p>Your message could not be sent. Please try again.</p></div>"; 
    }
    elseif ($missing || $errors) { 
        echo "<div id=\"form-error\"><div>!</div><p>Please fill out the required fields and try again.</p></div>"; 
    }
?>  
<form id="getquote" method="post" action="" style="float:left;">
    <input type="text" id="fname" name="fname" placeholder="First Name" 
    <?php if ($missing && in_array('fname', $missing)) { ?>style="border: 1px solid #cc0000;" 
    <?php } if ($missing || $errors) { echo 'value="' . htmlentities($fname, ENT_COMPAT, 'UTF-8') . '"'; } ?>> 

    <input type="text" id="lname" name="lname" placeholder="Last Name" 
    <?php if ($missing && in_array('lname', $missing)) { ?>style="border: 1px solid #cc0000;" 
    <?php } if ($missing || $errors) { echo 'value="' . htmlentities($lname, ENT_COMPAT, 'UTF-8') . '"'; } ?>> 

    <input type="email" id="email" name="email" placeholder="Email Address" 
    <?php if ($missing && in_array('email', $missing)) { ?>style="border: 1px solid #cc0000;" 
    <?php } if ($missing || $errors) { echo 'value="' . htmlentities($email, ENT_COMPAT, 'UTF-8') . '"'; } ?>> 

    <input type="text" id="phone" name="phone" placeholder="Phone Number" 
    <?php if ($missing && in_array('phone', $missing)) { ?>style="border: 1px solid #cc0000;" 
    <?php } if ($missing || $errors) { echo 'value="' . htmlentities($phone, ENT_COMPAT, 'UTF-8') . '"'; } ?>>  

    <textarea placeholder="How can I help you?" id="comments" name="comments" 
    <?php if ($missing && in_array('comments', $missing)) { ?>style="border: 1px solid #cc0000;" 
    <?php } if ($missing || $errors) { echo 'value="' . htmlentities($comments, ENT_COMPAT, 'UTF-8') . '"'; } ?>> </textarea><br>

    <!-- Captcha -->
    <img id="captcha" src="/securimage/securimage_show.php" alt="CAPTCHA Image" />
    <a href="#" style="font-family: Lucida Sans Unicode; font-size: 16pt; font-weight: bold; color: #333; text-decoration: none;" title="Reload a new image" onClick="document.getElementById('captcha').src = '/securimage/securimage_show.php?' + Math.random(); return false">&#x21bb;</a>
    <input type="text" id="captcha_code" name="captcha_code" size="10" maxlength="6"
    <?php if ($missing && in_array('captcha_code', $missing)) { ?>style="border: 1px solid #cc0000;" 
    <?php } if ($missing || $errors) { echo 'value="' . htmlentities($captcha_code, ENT_COMPAT, 'UTF-8') . '"'; } ?>>   

    <!-- Submit -->
    <div style="width:292px;"><input type="submit" id="send" name="send" value="SUBMIT"></div>
</form>

    processmail.php:

    <?php 

session_start(); 

$suspect = false;                                           //assume nothing is suspect
$pattern = '/Content-Type:|Bcc:|Cc:/i';                     //create a pattern to locate suspect phrases

function isSuspect($val, $pattern, &$suspect) {             //function to check for suspect phrases
    if (is_array($val)) {                                   //if the variable is an array, loop thorugh each element and pass it recursively back to the same function
        foreach ($val as $item) {
            isSuspect($item, $pattern, $suspect);
        }
    } else {
        if(preg_match($pattern, $val)) {
            $suspect = true;
        }
    }
}

if (!$suspect) {
    foreach ($_POST as $key => $value) {
        $temp = is_array($value) ? $value : trim($value);   //assign to temporary variable and strip whitespace if not an array
        if (empty($temp) && in_array($key, $required)) {    //if empty and requires, add to $missing array
            $missing[] = $key;
        } elseif (in_array($key, $expected)) {
            ${$key} = $temp;                                //otherwise, assign to a variable of the same name as $key
        }
    }
}

if (!$suspect && !empty($email)) {
    $validemail = filter_input(INPUT_POST, 'email', FILTER_VALIDATE_EMAIL);
    if ($validemail) {
        $headers .= "\r\nReply-To: $validemail";
    } else {
        $errors['email'] = true;
    }
}

$mailSent = false;
if (!$suspect && !$missing && !$errors) {                   //go ahead only if not suspect and all required fields are ok
    $message = "";
    foreach($expected as $item) {                           //loop through the $expected array
        if (isset(${$item}) && !empty(${$item})) {
            $val = ${$item};
        } else {
            $val = 'Not Selected';                          //if it has no value, assign 'not selected'
        }
        if (is_array($val)) {                               //if an array, expand as comma-separated string
            $val = implode(', ', $val);
        }
        $item = str_replace(array('_', '-'), ' ', $item);   //replace underscores and hyphens in the label with spaces
        $message .= ucfirst($item).": $val\r\n\r\n";        //add label and value to the message body
    }
    $message = wordwrap($message, 70);                      //limit the line length to 70 characters

    $mailSent = mail($to, $subject, $message, $headers);
    if (!$mailSent) {
        $errors['mailfail'] = true;
    }
}


include_once $_SERVER['DOCUMENT_ROOT'] . '/securimage/securimage.php';

$securimage = new Securimage();

if ($securimage->check($_POST['captcha_code']) == false) {
  // the code was incorrect
  // you should handle the error so that the form processor doesn't continue

  // or you can use the following code if there is no validation or you do not know how
  echo "The security code entered was incorrect.<br /><br />";
  echo "Please go <a href='javascript:history.go(-1)'>back</a> and try again.";
  exit;
}

0 个答案:

没有答案
相关问题
最新问题