PHP CAPTCHA会话值不匹配

时间:2017-05-11 16:49:23

标签: php session captcha

我一直在通过几种方法自学PHP / MySQL,无论是在线还是关闭,我通过Head First PHP& amp; MySQL书。它的年龄可能会给我带来一些问题,但是我已经能够通过所有这些问题来解决这个问题,直到现在我已经遇到了这个问题。

我正在尝试让CAPTCHA在提交表单上工作,并且$ _SESSION值与用户输入的内容不匹配 - 即使它应该。

最初,本书向sha1()生成CAPTCHA短语,然后向sha1()用户输入的短语,并比较两者。那是失败的,所以我添加了一个echo来查看用户输入的短语是什么,以及$ _SESSION ['CAPTCHA']短语是什么。混淆的短语不同。

然后我更新了代码并删除了captcha.php页面(生成图像)和表单页面上的sha1(),并在匹配失败时继续打印它们。无论我尝试什么,我都会得到不同的短语。

以下是captcha.php页面的代码:

<?php
  session_start();

  // Set some important CAPTCHA constants
  define('CAPTCHA_NUMCHARS', 6);  // number of characters in pass-phrase
  define('CAPTCHA_WIDTH', 100);   // width of image
  define('CAPTCHA_HEIGHT', 25);   // height of image

  // Generate the random pass-phrase
  $pass_phrase = "";
  for ($i = 0; $i < CAPTCHA_NUMCHARS; $i++) {
    $pass_phrase .= chr(rand(97, 122));
  }

  // Store the encrypted pass-phrase in a session variable
  $_SESSION['pass_phrase'] = sha1($pass_phrase);

  // Create the image
  $img = imagecreatetruecolor(CAPTCHA_WIDTH, CAPTCHA_HEIGHT);

  // Set a white background with black text and gray graphics
  $bg_color = imagecolorallocate($img, 255, 255, 255);     // white
  $text_color = imagecolorallocate($img, 0, 0, 0);         // black
  $graphic_color = imagecolorallocate($img, 64, 64, 64);   // dark gray

  // Fill the background
  imagefilledrectangle($img, 0, 0, CAPTCHA_WIDTH, CAPTCHA_HEIGHT, $bg_color);

  // Draw some random lines
  for ($i = 0; $i < 5; $i++) {
    imageline($img, 0, rand() % CAPTCHA_HEIGHT, CAPTCHA_WIDTH, rand() % CAPTCHA_HEIGHT, $graphic_color);
  }

  // Sprinkle in some random dots
  for ($i = 0; $i < 50; $i++) {
    imagesetpixel($img, rand() % CAPTCHA_WIDTH, rand() % CAPTCHA_HEIGHT, $graphic_color);
  }

  // Draw the pass-phrase string
  imagettftext($img, 18, 0, 5, CAPTCHA_HEIGHT - 5, $text_color, 'Credit Valley Bold.ttf', $pass_phrase);

  // Output the image as a PNG using a header
  header("Content-type: image/png");
  imagepng($img);

  // Clean up
  imagedestroy($img);
?>

这是表格页面php:

<?php
  session_start();
?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
  "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
  <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
  <title>Guitar Wars - Add Your High Score</title>
  <link rel="stylesheet" type="text/css" href="style.css" />
</head>
<body>
  <h2>Guitar Wars - Add Your High Score</h2>

<?php
  require_once('appvars.php');
  require_once('connectvars.php');

  if (isset($_POST['submit'])) {
    // Connect to the database
    $dbc = mysqli_connect(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME);

    // Grab the score data from the POST
    $name = mysqli_real_escape_string($dbc, trim($_POST['name']));
    $score = mysqli_real_escape_string($dbc, trim($_POST['score']));
    $screenshot = mysqli_real_escape_string($dbc, trim($_FILES['screenshot']['name']));
    $screenshot_type = $_FILES['screenshot']['type'];
    $screenshot_size = $_FILES['screenshot']['size'];

    //check the CAPTCHA pass-phrase for verification
    $user_pass_phrase = sha1($_POST['captcha']);  //hash('sha256', $_POST['captcha']);
    if ($_SESSION['pass_phrase'] == $user_pass_phrase) {

      if (!empty($name) && is_numeric($score) && !empty($screenshot)) {
        if ((($screenshot_type == 'image/gif') || ($screenshot_type == 'image/jpeg') || ($screenshot_type == 'image/pjpeg') || ($screenshot_type == 'image/png')) && ($screenshot_size > 0) 
        && ($screenshot_size <= GW_MAXFILESIZE)) {
          if ($_FILES['screenshot']['error'] == 0) {
            // Move the file to the target upload folder
            $target = GW_UPLOADPATH . $screenshot;
            if (move_uploaded_file($_FILES['screenshot']['tmp_name'], $target)) {
              // Write the data to the database
              $query = "INSERT INTO guitarwars (date, name, score, screenshot) VALUES (NOW(), '$name', '$score', '$screenshot')";
              mysqli_query($dbc, $query);

              // Confirm success with the user
              echo '<p>Thanks for adding your new high score! It will be reviewed and added to the high score list as soon as possible.</p>';
              echo '<p><strong>Name:</strong> ' . $name . '<br />';
              echo '<strong>Score:</strong> ' . $score . '<br />';
              echo '<img src="' . GW_UPLOADPATH . $screenshot . '" alt="Score image" /></p>';
              echo '<p><a href="index.php">&lt;&lt; Back to high scores</a></p>';

              // Clear the score data to clear the form
              $name = "";
              $score = "";
              $screenshot = "";

              mysqli_close($dbc);
            } else {
              echo '<p class="error">Sorry, there was a problem uploading your screen shot image.</p>';
            }
          }      
        } else {
          echo '<p class="error">The screen shot must be a GIF, JPEG, or PNG image file no greater than ' . (GW_MAXFILESIZE / 1024) . ' KB in size.</p>';      
        }

        // Try to delete the temporary screen shot image file
        @unlink($_FILES['screenshot']['tmp_name']);
      }
      else {
        echo '<p class="error">Please enter all of the information to add your high score.</p><br />';
      }
    }
    else {
      echo '<p class="error">Please enter the verification pass-phrase exectly as shown.</p>';
      echo '<p class="error">' . $user_pass_phrase . ' : user_pass_phrase</p>';
      echo '<p class="error">' . $_SESSION['pass_phrase'] . ' : _SESSION pass_phrase</p>';
    }
  }
?>

  <hr />
  <form enctype="multipart/form-data" method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>">
    <input type="hidden" name="MAX_FILE_SIZE" value="<?php echo GW_MAXFILESIZE; ?>" />
    <label for="name">Name:</label>
    <input type="text" id="name" name="name" value="<?php if (!empty($name)) echo $name; ?>" /><br />
    <label for="score">Score:</label>
    <input type="text" id="score" name="score" value="<?php if (!empty($score)) echo $score; ?>" /><br />
    <label for="screenshot">Screen shot:</label>
    <input type="file" id="screenshot" name="screenshot" /><br />
    <label for="captcha">Verification:</label>
    <input type="text" id="captcha" name="captcha" value="Enter the pass-phrase" />
    <img src="captcha.php" alt="Verification pass-phrase" />
    <hr />
    <input type="submit" value="Add" name="submit" />
  </form>
</body> 
</html>

截至2017年11月5日,如果你去http://revolutionaryholdings.com/sandbox/guitarwars/11/addscore.php

,你可以看到发生的事情

真的让每个人都难过。任何和所有的帮助表示赞赏。

0 个答案:

没有答案