错误的Securimage验证码仍然会发送表单

时间:2014-06-17 17:48:03

标签: php forms validation email

第一次海报,温柔。

我有一个带有.php处理脚本的表单,除了我开始接收垃圾邮件之外,它的工作时间最长。我对Captcha进行了一些研究,并遇到了Securimage,它是(据说)最容易实现的之一。我下载了文件并将其安装到我的脚本中。我遇到了两个问题。

  1. 如果验证码留空,表单仍在发送(它仍然通知我它是空白的。)
  2. 如果验证码错误,表格仍在发送(它仍然通知我这是错误的)。
  3. 您可以在此处看到它:http://216.119.71.44/contact/

    我"打补丁"问题1只需将该字段设为必填字段即可。我需要一些帮助来修复第2号。下面是我的代码,你可以找到securimage here的文档:

    contact.php:

    <?php 
    $thisPage = "Contact";
    $errors = array();
    $missing = array();
    $date = date('F j, Y');
    
    // check if the form has been submitted
    if (isset($_POST['send'])) {
    
        // sends the message to recipient
        ini_set("SMTP","mail.abcprintingink.com");
    
        // Please specify an SMTP Number 25 and 8889 are valid SMTP Ports.
        ini_set("smtp_port","587");
    
        // Please specify the return address to use 
    
        $to = 'paulr@abcprintingink.com'; //recipient's email address
        $from = $_POST['email']; // this is the sender's Email address
        $fname = $_POST['fname'];
        $lname = $_POST['lname'];
        $subject = 'Online Form Submission';
        $expected = array('fname','lname','email','phone','comments','captcha_code');
        $required = array('fname','lname','email','phone','comments','captcha_code','');
        $headers = "From: Technical Staffing Solutions";
    
        // sends a copy of the message to the sender
        $receiptHeader = "From: Technical Staffing Solutions";
        $receiptSubject = "Copy of your form submission";
        $receipt = "Hello " . $fname . "," . "\n" . "Below is a copy of the message you sent to us on " . $date . ". We will contact you as soon as possible. Thank you!" . "\n\n" . $_POST['comments'];
        mail($from,$receiptSubject,$receipt,$receiptHeader); 
    
        // detailed processing script (checks for errors)
        require('../include/processmail.php');
    }
    ?>
    
    <h1>CONTACT US</h1>
    <?php 
    // Various on submit mail messages
        if ($mailSent)  { 
            echo "<div id=\"form-success\"><div>&#x2713;</div><p>Thank you " . $fname . ", your message has been sent.</p></div>"; 
        } 
        elseif (($_POST && $suspect) || ($_POST && isset($errors['mailfail']))) { 
            echo "<div id=\"form-error\"><div>!</div><p>Your message could not be sent. Please try again.</p></div>"; 
        }
        elseif ($missing || $errors) { 
            echo "<div id=\"form-error\"><div>!</div><p>Please fill out the required fields and try again.</p></div>"; 
        }
    ?>  
    <form id="getquote" method="post" action="" style="float:left;">
        <input type="text" id="fname" name="fname" placeholder="First Name" 
        <?php if ($missing && in_array('fname', $missing)) { ?>style="border: 1px solid #cc0000;" 
        <?php } if ($missing || $errors) { echo 'value="' . htmlentities($fname, ENT_COMPAT, 'UTF-8') . '"'; } ?>> 
    
        <input type="text" id="lname" name="lname" placeholder="Last Name" 
        <?php if ($missing && in_array('lname', $missing)) { ?>style="border: 1px solid #cc0000;" 
        <?php } if ($missing || $errors) { echo 'value="' . htmlentities($lname, ENT_COMPAT, 'UTF-8') . '"'; } ?>> 
    
        <input type="email" id="email" name="email" placeholder="Email Address" 
        <?php if ($missing && in_array('email', $missing)) { ?>style="border: 1px solid #cc0000;" 
        <?php } if ($missing || $errors) { echo 'value="' . htmlentities($email, ENT_COMPAT, 'UTF-8') . '"'; } ?>> 
    
        <input type="text" id="phone" name="phone" placeholder="Phone Number" 
        <?php if ($missing && in_array('phone', $missing)) { ?>style="border: 1px solid #cc0000;" 
        <?php } if ($missing || $errors) { echo 'value="' . htmlentities($phone, ENT_COMPAT, 'UTF-8') . '"'; } ?>>  
    
        <textarea placeholder="How can I help you?" id="comments" name="comments" 
        <?php if ($missing && in_array('comments', $missing)) { ?>style="border: 1px solid #cc0000;" 
        <?php } if ($missing || $errors) { echo 'value="' . htmlentities($comments, ENT_COMPAT, 'UTF-8') . '"'; } ?>> </textarea><br>
    
        <!-- Captcha -->
        <img id="captcha" src="/securimage/securimage_show.php" alt="CAPTCHA Image" />
        <a href="#" style="font-family: Lucida Sans Unicode; font-size: 16pt; font-weight: bold; color: #333; text-decoration: none;" title="Reload a new image" onClick="document.getElementById('captcha').src = '/securimage/securimage_show.php?' + Math.random(); return false">&#x21bb;</a>
        <input type="text" id="captcha_code" name="captcha_code" size="10" maxlength="6"
        <?php if ($missing && in_array('captcha_code', $missing)) { ?>style="border: 1px solid #cc0000;" 
        <?php } if ($missing || $errors) { echo 'value="' . htmlentities($captcha_code, ENT_COMPAT, 'UTF-8') . '"'; } ?>>   
    
        <!-- Submit -->
        <div style="width:292px;"><input type="submit" id="send" name="send" value="SUBMIT"></div>
    </form> 
    

    processmail.php:

    <?php 
    
    session_start(); 
    
    $suspect = false;                                           //assume nothing is suspect
    $pattern = '/Content-Type:|Bcc:|Cc:/i';                     //create a pattern to locate suspect phrases
    
    function isSuspect($val, $pattern, &$suspect) {             //function to check for suspect phrases
        if (is_array($val)) {                                   //if the variable is an array, loop thorugh each element and pass it recursively back to the same function
            foreach ($val as $item) {
                isSuspect($item, $pattern, $suspect);
            }
        } else {
            if(preg_match($pattern, $val)) {
                $suspect = true;
            }
        }
    }
    
    if (!$suspect) {
        foreach ($_POST as $key => $value) {
            $temp = is_array($value) ? $value : trim($value);   //assign to temporary variable and strip whitespace if not an array
            if (empty($temp) && in_array($key, $required)) {    //if empty and requires, add to $missing array
                $missing[] = $key;
            } elseif (in_array($key, $expected)) {
                ${$key} = $temp;                                //otherwise, assign to a variable of the same name as $key
            }
        }
    }
    
    if (!$suspect && !empty($email)) {
        $validemail = filter_input(INPUT_POST, 'email', FILTER_VALIDATE_EMAIL);
        if ($validemail) {
            $headers .= "\r\nReply-To: $validemail";
        } else {
            $errors['email'] = true;
        }
    }
    
    $mailSent = false;
    if (!$suspect && !$missing && !$errors) {                   //go ahead only if not suspect and all required fields are ok
        $message = "";
        foreach($expected as $item) {                           //loop through the $expected array
            if (isset(${$item}) && !empty(${$item})) {
                $val = ${$item};
            } else {
                $val = 'Not Selected';                          //if it has no value, assign 'not selected'
            }
            if (is_array($val)) {                               //if an array, expand as comma-separated string
                $val = implode(', ', $val);
            }
            $item = str_replace(array('_', '-'), ' ', $item);   //replace underscores and hyphens in the label with spaces
            $message .= ucfirst($item).": $val\r\n\r\n";        //add label and value to the message body
        }
        $message = wordwrap($message, 70);                      //limit the line length to 70 characters
    
        $mailSent = mail($to, $subject, $message, $headers);
        if (!$mailSent) {
            $errors['mailfail'] = true;
        }
    }
    
    
    include_once $_SERVER['DOCUMENT_ROOT'] . '/securimage/securimage.php';
    
    $securimage = new Securimage();
    
    if ($securimage->check($_POST['captcha_code']) == false) {
      // the code was incorrect
      // you should handle the error so that the form processor doesn't continue
    
      // or you can use the following code if there is no validation or you do not know how
      echo "The security code entered was incorrect.<br /><br />";
      echo "Please go <a href='javascript:history.go(-1)'>back</a> and try again.";
      exit;
    }
    

0 个答案:

没有答案