联系表格上的随机验证问题

时间:2017-04-13 04:45:20

标签: php html

我有这样的表格,我编码并希望“人工”验证随机循环通过一组预定义的安全问题,类似于下面的代码中的安全问题。

同样,当表单被提交时,主题中的名称会被打印两次。

我如何实现这一目标?

<?php
    if (isset($_POST["submit"])) {
        $name = $_POST['name'];
        $email = $_POST['email'];
        $phone = $_POST['phone'];
        $message = $_POST['message'];
        $human = intval($_POST['human']);
        $to = 'me@domain.com'; 
        $subject = 'Sent By '.$_POST['name']." ".$_POST['name'];

        $body ="From: $name\n E-Mail: $email\n Phone: $phone\n Message:\n $message";
        // Check if name has been entered
        if (!$_POST['name']) {
            $errName = 'Please enter your name';
        }

        // Check if email has been entered and is valid
        if (!$_POST['email'] || !filter_var($_POST['email'], FILTER_VALIDATE_EMAIL)) {
            $errEmail = 'Please enter a valid email address';
        }

        //Check phone
        if (!$_POST['phone']); {
        }

        //Check if message has been entered
        if (!$_POST['message']) {
            $errMessage = 'Please enter your message';
        }
        //Check if simple anti-bot test is correct
        if ($human !== 5) {
            $errHuman = 'Your anti-spam is incorrect';
        }
// If there are no errors, send the email
if (!$errName && !$errEmail && !$errMessage && !$errHuman) {
    if (mail ($to, $subject, $body, $from)) {
        $result='<div class="alert alert-success">Thank You! We will be in touch</div>';
    } else {
        $result='<div class="alert alert-danger">Sorry there was an error sending your message. Please try again.</div>';
    }
}
    }
?>
<!DOCTYPE html>
<html lang="en">
  <head>
    <meta charset="utf-8">
    <meta http-equiv="X-UA-Compatible" content="IE=edge">
    <meta name="viewport" content="width=device-width, initial-scale=1">
    <meta name="description" content="Bootstrap contact form with PHP example by BootstrapBay.com.">
    <meta name="author" content="BootstrapBay.com">
    <title>Bootstrap Contact Form With PHP Example</title>
    <link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.1/css/bootstrap.min.css">
  </head>
  <body>
    <div class="container">
        <div class="row">
            <div class="col-md-6 col-md-offset-3">
                <h1 class="page-header text-center">Contact Form Example</h1>
                <form class="form-horizontal" role="form" method="post" action="form-test.php">
                    <div class="form-group">
                        <div class="col-sm-10">
                            <input type="text" class="form-control" id="name" name="name" placeholder="First & Last Name" value="<?php echo htmlspecialchars($_POST['name']); ?>">
                            <?php echo "<p class='text-danger'>$errName</p>";?>
                        </div>
                    </div>
                    <div class="form-group">
                        <div class="col-sm-10">
                            <input type="email" class="form-control" id="email" name="email" placeholder="example@domain.com" value="<?php echo htmlspecialchars($_POST['email']); ?>">
                            <?php echo "<p class='text-danger'>$errEmail</p>";?>
                        </div>
                    </div>
                    <div class="form-group">

                        <div class="col-sm-10">
                            <input type="text" class="form-control" id="phone" name="phone" placeholder="Phone Number" value="<?php echo htmlspecialchars($_POST['phone']); ?>">
                            <?php echo "<p class='text-danger'>$errPhone</p>";?>
                        </div>
                    </div>
                    <div class="form-group">

                        <div class="col-sm-10">
                            <textarea class="form-control" rows="4" name="message"><?php echo htmlspecialchars($_POST['message']);?></textarea>
                            <?php echo "<p class='text-danger'>$errMessage</p>";?>
                        </div>
                    </div>
                    <div class="form-group">
                        <div class="col-sm-10">
                            <input type="text" class="form-control" id="human" name="human" placeholder="2 + 3=?">
                            <?php echo "<p class='text-danger'>$errHuman</p>";?>
                        </div>
                    </div>
                    <div class="form-group">
                        <div class="col-sm-10 col-sm-offset-2">
                            <input id="submit" name="submit" type="submit" value="Send" class="btn btn-primary">
                        </div>
                    </div>
                    <div class="form-group">
                        <div class="col-sm-10 col-sm-offset-2">
                            <?php echo $result; ?>  
                        </div>
                    </div>
                </form> 
            </div>
        </div>
    </div>   
    <script src="https://ajax.googleapis.com/ajax/libs/jquery/1.11.0/jquery.min.js"></script>
    <script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.1/js/bootstrap.min.js"></script>
  </body>
</html>

1 个答案:

答案 0 :(得分:0)

主题中的名称是两次,因为您的$_POST['name']变量中有两次变量($subject):

$subject = 'Sent By '.$_POST['name']." ".$_POST['name'];
//                                   ^^^^^^^^^^^^^^^^^^

应该是

$subject = 'Sent By '.$_POST['name'];

<小时/> 您可以轻松搜索Google以获取人工验证码。您有许多不同类型的人工验证,基于图像,基于数学等。

如果您要使用基于数学的CAPTCHA,我建议您使用类似的东西(这主要是伪代码):

<?php
session_start();

$digit1 = mt_rand(1,100);
$digit2 = mt_rand(1,100);
$type = mt_rand(1,3);

if($type === 1) {
    $math = "$digit1 + $digit2";
    $_SESSION['answer'] = $digit1 + $digit2;
} else if ($type === 2) {
    $math = "$digit1 - $digit2";
    $_SESSION['answer'] = $digit1 - $digit2;
} else {
    $math = "$digit1 x $digit2";
    $_SESSION['answer'] = $digit1 * $digit2;
}
?>
// your form
<input type="text" class="form-control" id="human" name="human" placeholder="<?php echo $math; ?>">

然后,您可以将人类的答案与会话中的答案进行比较。