我希望在表单上进行保护,如果用户在使用表单后想在不到一分钟内发送另一条消息,他就会被拒绝。其他方式应该通过。
现在我在视图上看到了这样的东西:
<!-- If Success form message send display this -->
<?php if (isset($_GET['msgSuccessSent']) == 1) { ?>
<h1 class="page-title text-center">Dziękujemy za wysłanie wiadomości</h1>
<div class="text-center">
<a href="form.php" class="btn btn-default text-center">Wyślij kolejną wiadomość</a>
</div>
<?php } else { ?>
<?php if (isset($_GET['msgTimerError']) == 1) { ?>
<div id="errorMessage" class="alert alert-danger" role="alert">Przed wysłaniem kolejnej wiadomości musisz odczekać conajmniej minutę.</div>
<?php } ?>
<!-- If message isn't sent display form -->
<h1 class="page-title text-center">Formularz kontaktowy</h1>
<!-- Contact form -->
<form action="contact_send.php" method="post">
<!-- First name input -->
<div class="form-group">
<label for="firstName">Imię</label>
<input type="text" class="form-control" id="firstName" name="firstName" placeholder="Wpisz swoje imię">
</div>
<!-- Second name input -->
<div class="form-group">
<label for="secondName">Nazwisko</label>
<input type="text" class="form-control" id="secondName" name="secondName" placeholder="Wpisz swoje nazwisko">
</div>
<!-- Phone number input -->
<div class="form-group">
<label for="phoneNumber">Telefon kontaktowy</label>
<input type="tel" class="form-control" id="phoneNumber" name="phoneNumber" placeholder="Wpisz swój numer telefonu">
</div>
<!-- Email address input -->
<div class="form-group">
<label for="email">Adres e-mail</label>
<input type="email" class="form-control" id="email" name="email" placeholder="Wpisz swój adres e-mail">
</div>
<!-- Message textarea -->
<div class="form-group">
<label for="message">Treść wiadomości</label>
<textarea type="text" class="form-control" id="message" name="message" rows="3"></textarea>
</div>
<!-- Send message button -->
<button type="reset" class="btn btn-default">Wyczyść formularz</button>
<button type="submit" class="btn btn-default pull-right">Wyślij</button>
</form>
<!-- Contact form end -->
<!-- End of If message isn't sent display form -->
<?php } ?>
这是我的contact_send.php文件:
<?php
// Uncomment if you want to use session to check last form send
session_start();
$_SESSION['time'] = date('H:i:s');
header('Content-type: text/plain; charset=utf-8');
# Database connection settings
$dbHost = 'localhost'; // database hostname
$dbName = 'contactForm'; // database name
$dbUser = 'root'; // database user name
$dbPswd = ''; // database password
// Set connection
$connectionDb = new mysqli($dbHost, $dbUser, $dbPswd, $dbName);
// Check connection
if ($connectionDb->connect_error) {
die("Connection failed: " . $connectionDb->connect_error);
}
mysqli_set_charset( $connectionDb, 'utf8'); // change charset for mysqli to utf8
# Require ContactSend and DatabaseQuery class
require 'contact.class.php';
# Get ContactSend class
$sendEmail = new ContactSend();
$ipAddress = $_SERVER['REMOTE_ADDR']; // get user ip address
$currentDate = date('Y-m-d H:i:s'); // get Date time when user send form
# ***
# Here I check if time of last form send is greater than minute
# ***
$sqlCheck = "SELECT * FROM contactForm WHERE ipAddress = '$_SERVER[REMOTE_ADDR]' AND dateSend > DATE_SUB(NOW(),INTERVAL 1 MINUTE)";
if ($connectionDb->query($sqlCheck) === TRUE) {
$sendEmail->redirectToForm('form.php?msgTimerError=1');
} else {
// insert form values into database
$sqlQueryInsert =
"INSERT INTO contactForm (
firstName,
secondName,
phoneNumber,
email,
message,
dateSend,
ipAddress)
VALUES (
'$_POST[firstName]',
'$_POST[secondName]',
'$_POST[phoneNumber]',
'$_POST[email]',
'$_POST[message]',
'$currentDate',
'$ipAddress'
)";
// if data was save send mail and redirect to form
if ($connectionDb->query($sqlQueryInsert) === TRUE) {
# Get Parametrs from form
$sendEmail->sendTo = "kuchar.rafal@gmail.com"; // here insert your email address that you want get mails
$sendEmail->subject = "Tytuł wiadomości"; // here insert Subject of email
$sendEmail->firstName = $_POST['firstName']; // get user first name
$sendEmail->secondName = $_POST['secondName']; // get user second name
$sendEmail->phoneNumber = $_POST['phoneNumber']; // get user phone number
$sendEmail->email = $_POST['email']; // get user email address
// make mail content and insert form values into it
$sendEmail->message = "
Imię: " . $_POST['firstName'] . "
Nazwisko: " . $_POST['secondName'] . "
Numer telefonu: " . $_POST['phoneNumber'] . "
Adres email: " . $_POST['email'] . "
Wiadomość: " . $_POST['message'];
$sendEmail->mailSender(); // send mail
} else {
echo "Error: " . $sqlQueryInsert . "<br>" . $connectionDb->error; // display error if database connection or query has error
}
// close connection to database
$connectionDb->close();
// redirect to form
$sendEmail->redirectToForm('form.php?msgSuccessSent=1');
}
?>
$msgTimerError
应该显示,如果在数据库中存在具有用户IP的行,并且创建日期少于分钟,则应该只显示表单。
$sqlCheck
用于签入数据库,如果最后一次表单发送的时间大于分钟,如果它没有使用方法get将form.php
重定向到msgTimerError=1
,否则它将添加新的将值格式化为数据库并发送邮件。
答案 0 :(得分:0)
好的,我在contact_send.php中更改了一行,所以它有效......(我很惭愧......)
# Check if user send form less than minute, if true return to form with error
$sqlCheck = "SELECT * FROM contactForm WHERE ipAddress = '$ipAddress' AND dateSend > DATE_SUB(NOW(),INTERVAL 1 MINUTE) LIMIT 1";
$result = $connectionDb->query($sqlCheck);
if (mysqli_fetch_row($result)) {
$sendEmail->redirectToForm('form.php?msgTimerError=1'); // return to form page
} else {