我一直在通过几种方法自学PHP / MySQL,无论是在线还是关闭,我通过Head First PHP& amp; MySQL书。它的年龄可能会给我带来一些问题,但是我已经能够通过所有这些问题来解决这个问题,直到现在我已经遇到了这个问题。
我正在尝试让CAPTCHA在提交表单上工作,并且$ _SESSION值与用户输入的内容不匹配 - 即使它应该。
最初,本书向sha1()生成CAPTCHA短语,然后向sha1()用户输入的短语,并比较两者。那是失败的,所以我添加了一个echo来查看用户输入的短语是什么,以及$ _SESSION ['CAPTCHA']短语是什么。混淆的短语不同。
然后我更新了代码并删除了captcha.php页面(生成图像)和表单页面上的sha1(),并在匹配失败时继续打印它们。无论我尝试什么,我都会得到不同的短语。
以下是captcha.php页面的代码:
<?php
session_start();
// Set some important CAPTCHA constants
define('CAPTCHA_NUMCHARS', 6); // number of characters in pass-phrase
define('CAPTCHA_WIDTH', 100); // width of image
define('CAPTCHA_HEIGHT', 25); // height of image
// Generate the random pass-phrase
$pass_phrase = "";
for ($i = 0; $i < CAPTCHA_NUMCHARS; $i++) {
$pass_phrase .= chr(rand(97, 122));
}
// Store the encrypted pass-phrase in a session variable
$_SESSION['pass_phrase'] = sha1($pass_phrase);
// Create the image
$img = imagecreatetruecolor(CAPTCHA_WIDTH, CAPTCHA_HEIGHT);
// Set a white background with black text and gray graphics
$bg_color = imagecolorallocate($img, 255, 255, 255); // white
$text_color = imagecolorallocate($img, 0, 0, 0); // black
$graphic_color = imagecolorallocate($img, 64, 64, 64); // dark gray
// Fill the background
imagefilledrectangle($img, 0, 0, CAPTCHA_WIDTH, CAPTCHA_HEIGHT, $bg_color);
// Draw some random lines
for ($i = 0; $i < 5; $i++) {
imageline($img, 0, rand() % CAPTCHA_HEIGHT, CAPTCHA_WIDTH, rand() % CAPTCHA_HEIGHT, $graphic_color);
}
// Sprinkle in some random dots
for ($i = 0; $i < 50; $i++) {
imagesetpixel($img, rand() % CAPTCHA_WIDTH, rand() % CAPTCHA_HEIGHT, $graphic_color);
}
// Draw the pass-phrase string
imagettftext($img, 18, 0, 5, CAPTCHA_HEIGHT - 5, $text_color, 'Credit Valley Bold.ttf', $pass_phrase);
// Output the image as a PNG using a header
header("Content-type: image/png");
imagepng($img);
// Clean up
imagedestroy($img);
?>
这是表格页面php:
<?php
session_start();
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Guitar Wars - Add Your High Score</title>
<link rel="stylesheet" type="text/css" href="style.css" />
</head>
<body>
<h2>Guitar Wars - Add Your High Score</h2>
<?php
require_once('appvars.php');
require_once('connectvars.php');
if (isset($_POST['submit'])) {
// Connect to the database
$dbc = mysqli_connect(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME);
// Grab the score data from the POST
$name = mysqli_real_escape_string($dbc, trim($_POST['name']));
$score = mysqli_real_escape_string($dbc, trim($_POST['score']));
$screenshot = mysqli_real_escape_string($dbc, trim($_FILES['screenshot']['name']));
$screenshot_type = $_FILES['screenshot']['type'];
$screenshot_size = $_FILES['screenshot']['size'];
//check the CAPTCHA pass-phrase for verification
$user_pass_phrase = sha1($_POST['captcha']); //hash('sha256', $_POST['captcha']);
if ($_SESSION['pass_phrase'] == $user_pass_phrase) {
if (!empty($name) && is_numeric($score) && !empty($screenshot)) {
if ((($screenshot_type == 'image/gif') || ($screenshot_type == 'image/jpeg') || ($screenshot_type == 'image/pjpeg') || ($screenshot_type == 'image/png')) && ($screenshot_size > 0)
&& ($screenshot_size <= GW_MAXFILESIZE)) {
if ($_FILES['screenshot']['error'] == 0) {
// Move the file to the target upload folder
$target = GW_UPLOADPATH . $screenshot;
if (move_uploaded_file($_FILES['screenshot']['tmp_name'], $target)) {
// Write the data to the database
$query = "INSERT INTO guitarwars (date, name, score, screenshot) VALUES (NOW(), '$name', '$score', '$screenshot')";
mysqli_query($dbc, $query);
// Confirm success with the user
echo '<p>Thanks for adding your new high score! It will be reviewed and added to the high score list as soon as possible.</p>';
echo '<p><strong>Name:</strong> ' . $name . '<br />';
echo '<strong>Score:</strong> ' . $score . '<br />';
echo '<img src="' . GW_UPLOADPATH . $screenshot . '" alt="Score image" /></p>';
echo '<p><a href="index.php"><< Back to high scores</a></p>';
// Clear the score data to clear the form
$name = "";
$score = "";
$screenshot = "";
mysqli_close($dbc);
} else {
echo '<p class="error">Sorry, there was a problem uploading your screen shot image.</p>';
}
}
} else {
echo '<p class="error">The screen shot must be a GIF, JPEG, or PNG image file no greater than ' . (GW_MAXFILESIZE / 1024) . ' KB in size.</p>';
}
// Try to delete the temporary screen shot image file
@unlink($_FILES['screenshot']['tmp_name']);
}
else {
echo '<p class="error">Please enter all of the information to add your high score.</p><br />';
}
}
else {
echo '<p class="error">Please enter the verification pass-phrase exectly as shown.</p>';
echo '<p class="error">' . $user_pass_phrase . ' : user_pass_phrase</p>';
echo '<p class="error">' . $_SESSION['pass_phrase'] . ' : _SESSION pass_phrase</p>';
}
}
?>
<hr />
<form enctype="multipart/form-data" method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>">
<input type="hidden" name="MAX_FILE_SIZE" value="<?php echo GW_MAXFILESIZE; ?>" />
<label for="name">Name:</label>
<input type="text" id="name" name="name" value="<?php if (!empty($name)) echo $name; ?>" /><br />
<label for="score">Score:</label>
<input type="text" id="score" name="score" value="<?php if (!empty($score)) echo $score; ?>" /><br />
<label for="screenshot">Screen shot:</label>
<input type="file" id="screenshot" name="screenshot" /><br />
<label for="captcha">Verification:</label>
<input type="text" id="captcha" name="captcha" value="Enter the pass-phrase" />
<img src="captcha.php" alt="Verification pass-phrase" />
<hr />
<input type="submit" value="Add" name="submit" />
</form>
</body>
</html>
截至2017年11月5日,如果你去http://revolutionaryholdings.com/sandbox/guitarwars/11/addscore.php
,你可以看到发生的事情真的让每个人都难过。任何和所有的帮助表示赞赏。