表格发送验证

时间:2016-09-29 18:06:09

标签: php mysql forms

我希望在表单上进行保护,如果用户在使用表单后想在不到一分钟内发送另一条消息,他就会被拒绝。其他方式应该通过。

现在我在视图上看到了这样的东西:

      <!-- If Success form message send display this -->
      <?php if (isset($_GET['msgSuccessSent']) == 1) { ?>
        <h1 class="page-title text-center">Dziękujemy za wysłanie wiadomości</h1>
        <div class="text-center">
          <a href="form.php" class="btn btn-default text-center">Wyślij kolejną wiadomość</a>
        </div>
      <?php } else { ?>

        <?php if (isset($_GET['msgTimerError']) == 1) { ?>
            <div id="errorMessage" class="alert alert-danger" role="alert">Przed wysłaniem kolejnej wiadomości musisz odczekać conajmniej minutę.</div>
        <?php } ?>


        <!-- If message isn't sent display form -->
        <h1 class="page-title text-center">Formularz kontaktowy</h1>

        <!-- Contact form -->
        <form action="contact_send.php" method="post">

          <!-- First name input -->
          <div class="form-group">
            <label for="firstName">Imię</label>
            <input type="text" class="form-control" id="firstName" name="firstName" placeholder="Wpisz swoje imię">
          </div>

          <!-- Second name input -->
          <div class="form-group">
            <label for="secondName">Nazwisko</label>
            <input type="text" class="form-control" id="secondName" name="secondName" placeholder="Wpisz swoje nazwisko">
          </div>

          <!-- Phone number input -->
          <div class="form-group">
            <label for="phoneNumber">Telefon kontaktowy</label>
            <input type="tel" class="form-control" id="phoneNumber" name="phoneNumber" placeholder="Wpisz swój numer telefonu">
          </div>

          <!-- Email address input -->
          <div class="form-group">
            <label for="email">Adres e-mail</label>
            <input type="email" class="form-control" id="email" name="email" placeholder="Wpisz swój adres e-mail">
          </div>

          <!-- Message textarea -->
          <div class="form-group">
            <label for="message">Treść wiadomości</label>
            <textarea type="text" class="form-control" id="message" name="message" rows="3"></textarea>
          </div>

          <!-- Send message button -->
          <button type="reset" class="btn btn-default">Wyczyść formularz</button>

          <button type="submit" class="btn btn-default pull-right">Wyślij</button>


        </form>
        <!-- Contact form end -->

      <!-- End of If message isn't sent display form -->
      <?php } ?>

这是我的contact_send.php文件:

<?php
  // Uncomment if you want to use session to check last form send
  session_start();
  $_SESSION['time'] = date('H:i:s');

  header('Content-type: text/plain; charset=utf-8');

  # Database connection settings
  $dbHost = 'localhost'; // database hostname
  $dbName = 'contactForm'; // database name
  $dbUser = 'root'; // database user name
  $dbPswd = ''; // database password

  // Set connection
  $connectionDb = new mysqli($dbHost, $dbUser, $dbPswd, $dbName);
  // Check connection
  if ($connectionDb->connect_error) {
      die("Connection failed: " . $connectionDb->connect_error);
  }

  mysqli_set_charset( $connectionDb, 'utf8'); // change charset for mysqli to utf8

  # Require ContactSend and DatabaseQuery class
  require 'contact.class.php';
  # Get ContactSend class
  $sendEmail = new ContactSend();

  $ipAddress = $_SERVER['REMOTE_ADDR']; // get user ip address
  $currentDate = date('Y-m-d H:i:s'); // get Date time when user send form
  # ***
  # Here I check if time of last form send is greater than minute
  # ***
  $sqlCheck = "SELECT * FROM contactForm WHERE ipAddress = '$_SERVER[REMOTE_ADDR]' AND dateSend > DATE_SUB(NOW(),INTERVAL 1 MINUTE)";
  if ($connectionDb->query($sqlCheck) === TRUE) {
    $sendEmail->redirectToForm('form.php?msgTimerError=1');
  } else {

  // insert form values into database
  $sqlQueryInsert =
    "INSERT INTO contactForm (
      firstName,
      secondName,
      phoneNumber,
      email,
      message,
      dateSend,
      ipAddress)
    VALUES (
      '$_POST[firstName]',
      '$_POST[secondName]',
      '$_POST[phoneNumber]',
      '$_POST[email]',
      '$_POST[message]',
      '$currentDate',
      '$ipAddress'
    )";

  // if data was save send mail and redirect to form
  if ($connectionDb->query($sqlQueryInsert) === TRUE) {

    # Get Parametrs from form
    $sendEmail->sendTo = "kuchar.rafal@gmail.com"; // here insert your email address that you want get mails
    $sendEmail->subject = "Tytuł wiadomości"; // here insert Subject of email
    $sendEmail->firstName = $_POST['firstName']; // get user first name
    $sendEmail->secondName = $_POST['secondName']; // get user second name
    $sendEmail->phoneNumber = $_POST['phoneNumber']; // get user phone number
    $sendEmail->email = $_POST['email']; // get user email address
    // make mail content and insert form values into it
    $sendEmail->message = "
      Imię: " . $_POST['firstName'] . "
      Nazwisko: " . $_POST['secondName'] . "
      Numer telefonu: " . $_POST['phoneNumber'] . "
      Adres email: " . $_POST['email'] . "
      Wiadomość: " . $_POST['message'];

    $sendEmail->mailSender(); // send mail

  } else {
      echo "Error: " . $sqlQueryInsert . "<br>" . $connectionDb->error; // display error if database connection or query has error
  }

  // close connection to database
  $connectionDb->close();
  // redirect to form
  $sendEmail->redirectToForm('form.php?msgSuccessSent=1');

}
?>

$msgTimerError应该显示,如果在数据库中存在具有用户IP的行,并且创建日期少于分钟,则应该只显示表单。

$sqlCheck用于签入数据库,如果最后一次表单发送的时间大于分钟,如果它没有使用方法get将form.php重定向到msgTimerError=1,否则它将添加新的将值格式化为数据库并发送邮件。

1 个答案:

答案 0 :(得分:0)

好的,我在contact_send.php中更改了一行,所以它有效......(我很惭愧......)

    # Check if user send form less than minute, if true return to form with error
  $sqlCheck = "SELECT * FROM contactForm WHERE ipAddress = '$ipAddress' AND dateSend > DATE_SUB(NOW(),INTERVAL 1 MINUTE) LIMIT 1";
  $result = $connectionDb->query($sqlCheck);
  if (mysqli_fetch_row($result)) {
    $sendEmail->redirectToForm('form.php?msgTimerError=1'); // return to form page
  } else {