计算两个随机数,以防止PHP中的寄存器成员发送垃圾邮件

时间:2015-02-05 07:28:37

标签: php random

我想设计一个简单的网页来注册会员。

我几乎所做的一切,但我想通过使用随机数的计算来设置反垃圾邮件的问题。

问题是当我点击按钮时随机数被更改"提交" POST方法,所以答案将永远不正确,我该如何解决?感谢。

这是我的代码:

$rand1 = rand(0, 99);
$rand2 = rand(0, 99);

echo "<html> 
        <head><title>Member Registation</title></head>
            <body>
                <form action='memberReg.php' method='POST'>
                    <br />Please enter your name:<br/>
                    Username: <input type='text' name='username' class='form'/><br/>
                    <br />Please enter your password <br/>(At least 8 characters, maximum 20 characters):<br/>
                    Password: <input type='password' name='password' class='form'/><br /><br/>
                    Confirm password: <br/><input type='password' name='confirmPW' class='form'/><br/>
                    <br/>Please fill in the answer into textbox:<br/>
                    <br/>$rand1 + $rand2 = <input type='text' name='answer' class='form'/><br/>
                    <br/><input type='submit' value='Register' class='button'/><br/>
                    <br/><a href = memberLogin.php>Go Back</a>
                </form>
            </body>
    </html>";

if(isset($_POST["answer"])&&isset($_POST["username"])&&isset($_POST["password"])&&isset($_POST["confirmPW"])){

    $username = mysql_real_escape_string($_POST["username"]);
    $password = mysql_real_escape_string($_POST["password"]);
    $passConfirm = mysql_real_escape_string($_POST["confirmPW"]);
    $answer = mysql_real_escape_string($_POST["answer"]);

    if($username == "" || $password == "" || $passConfirm == ""|| $answer == ""){
        echo "Username/Password/Confirm password/Answer cannot be null.";
        return;
    }elseif($answer != ($rand1+$rand2)){
        echo "The answer is incorrect, please edit.";
        return;
    }elseif($username==$password||$username==$passConfirm){
        echo "Password/Confirm password cannot be the same with username, please check.";
        return;
    }elseif($password!=$passConfirm){
        echo "Confirm Password is not be same with password, please check.";
        return;
    }elseif((strlen($password) < 8||strlen($password) > 20)){
        echo "Password's length did not meet the standard, please change it.";
        return;
    }elseif((strlen($passConfirm) < 8||strlen($passConfirm) > 20)){
        echo "Password's length did not meet the standard, please change it.";
        return;
    }else{
        if($regApplicant->register($username, $password)){
            echo "Register Successfully. You can go back and Login";
        }else{
            echo "The username is already exist. Please change it.<br>";
            return;
        }
    }
}

4 个答案:

答案 0 :(得分:1)

这是一个适合你的工作脚本。请参阅我对您的问题的评论以及一些细节。

$rand1 = rand(0, 99);
$rand2 = rand(0, 99);
$sum = $rand1 + $rand2;

echo "<html> 
        <head><title>Member Registation</title></head>
            <body>
                <form action='memberReg.php' method='POST'>
                    <br />Please enter your name:<br/>
                    Username: <input type='text' name='username' class='form'/><br/>
                    <br />Please enter your password <br/>(At least 8 characters, maximum 20 characters):<br/>
                    Password: <input type='password' name='password' class='form'/><br /><br/>
                    Confirm password: <br/><input type='password' name='confirmPW' class='form'/><br/>
                    <input type='hidden' name='actualSum' value='$sum'/>
                    <br/>Please fill in the answer into textbox:<br/>
                    <br/>$rand1 + $rand2 = <input type='text' name='answer' class='form'/><br/>
                    <br/><input type='submit' value='Register' class='button'/><br/>
                    <br/><a href = memberLogin.php>Go Back</a>
                </form>
            </body>
    </html>";

if(isset($_POST["answer"])&&isset($_POST["username"])&&isset($_POST["password"])&&isset($_POST["confirmPW"])){

    $username = mysql_real_escape_string($_POST["username"]);
    $password = mysql_real_escape_string($_POST["password"]);
    $passConfirm = mysql_real_escape_string($_POST["confirmPW"]);
    $answer = mysql_real_escape_string($_POST["answer"]);

    if($username == "" || $password == "" || $passConfirm == ""|| $answer == ""){
        echo "Username/Password/Confirm password/Answer cannot be null.";
        return;
    }elseif($answer != $_POST['actualSum']){
        echo "The answer is incorrect, please edit.";
        return;
    }elseif($username==$password||$username==$passConfirm){
        echo "Password/Confirm password cannot be the same with username, please check.";
        return;
    }elseif($password!=$passConfirm){
        echo "Confirm Password is not be same with password, please check.";
        return;
    }elseif((strlen($password) < 8||strlen($password) > 20)){
        echo "Password's length did not meet the standard, please change it.";
        return;
    }elseif((strlen($passConfirm) < 8||strlen($passConfirm) > 20)){
        echo "Password's length did not meet the standard, please change it.";
        return;
    }else{
        if($regApplicant->register($username, $password)){
            echo "Register Successfully. You can go back and Login";
        }else{
            echo "The username is already exist. Please change it.<br>";
            return;
        }
    }
}

这不是一个很好的防止自动提交的保护,因为现在垃圾邮件发送者可以在隐藏字段中伪造总和,但另一方面,没有什么能阻止他解析页面并提取数字。如果您确实需要一种阻止垃圾邮件发送者的好方法,请使用recapcha或其他现有的capcha服务。

答案 1 :(得分:0)

您应该只在未设置后变量时生成随机数。因此,您可以在代码末尾的else部分执行此操作。否则,您可以在隐藏的表单字段中传递随机数。希望这会帮助你。

答案 2 :(得分:0)

在呈现表单之前处理表单 - 这样,如果用户没有提交任何内容,您将只生成随机数和表单。

此外,一旦用户成功注册,请查看使用redirects,以便不再显示该表单。

答案 3 :(得分:0)

简单检查已存在的随机数是否正常。 替代方案:您可以考虑使用Google Recapcha。有趣的玩。 Google Recapcha

相关问题
最新问题