图像验证码问题

时间:2010-12-12 21:22:34

标签: php html ajax verification contact-form

大家好,我已在我的联系表单中添加了图片验证码。它成功显示图像,但它告诉我图像验证码是错误的,即使我输入正确的图像。我认为这是我的contactform.php中的一个问题

这是我的HTML表单:

<form id="ajax-contact-form" action="javascript:alert('success!');">
<label>Name:*</label><INPUT class="textbox" type="text" name="name" value=""><br />

<label>E-Mail:*</label><INPUT class="textbox" type="text" name="email" value=""><br />

<label>Telephone:</label><INPUT class="textbox" type="text" name="Telephone" value=""      /><br />

<INPUT class="textbox" type="hidden" name="subject" value="Contact Form" >

<label>Message:*</label><TEXTAREA class="textbox" NAME="message" ROWS="5" COLS="25">    </TEXTAREA><br />
<tr>
<label>Image  Verification:*</label>
        <input type="text"  name="verify" style="width:200px;" /><img  src="verification.php?<?php echo rand(0,9999);?>" alt="Help us  avoid spam! Please type the image text in the box" width="50"  height="24" align="absbottom" />


<label>&nbsp;</label><INPUT class="button" type="submit" name="submit" value="Send Message">
</form>

以下是它发送给的contactform.php:

<?php
/*
Credits: Bit Repository
URL: http://www.bitrepository.com/
*/

include 'config.php';

error_reporting (E_ALL ^ E_NOTICE);

$post = (!empty($_POST)) ? true : false;

if($post)
{
include 'functions.php';

$name = stripslashes($_POST['name']);
$email = trim($_POST['email']);
$telephone = stripslashes($_POST['telephone']);
$subject = stripslashes($_POST['subject']);
$message = stripslashes($_POST['message']);
$verify = stripslashes($_POST['verify']);


$error = '';

// Check name

if(!$name)
{
$error .= 'Please enter your name.<br />';
}

// Check email

if(!$email)
{
$error .= 'Please enter an e-mail address.<br />';
}

if($email && !ValidateEmail($email))
{
$error .= 'Please enter a valid e-mail address.<br />';
}

// Check message (length)

if(!$message || strlen($message) < 15)
{
$error .= "Please enter your message. It should have at least 15 characters.<br />";
}

// Check Verification code
if(md5($verify).'098f6bcd4621d373cade4e832627b4f6' !=  $_cookie['contact_verify'])
{
$error .= "Image Verification failed.<br />";
}





//Send the Name, Email, Telephone, and Message in a formated version.
$email_message = "The following message was sent to you in your contact form on domain.com\n\n";

function clean_string($string) {
  $bad = array("content-type","bcc:","to:","cc:","href");
  return str_replace($bad,"",$string);
}
$email_message .= "Name: ".clean_string($name)."\n";
$email_message .= "Email: ".clean_string($email)."\n";
$email_message .= "Telephone: ".clean_string($telephone)."\n";
$email_message .= "Message: ".clean_string($message)."\n";

if(!$error)
{
$mail = mail(WEBMASTER_EMAIL, $subject, $email_message,
 "From: ".$name." <".$email.">\r\n"
."Reply-To: ".$email."\r\n"
."X-Mailer: PHP/" . phpversion());


if($mail)
{
echo 'OK';
}

}
else
{
echo '<div class="notification_error">'.$error.'</div>';
}

}
?>

最后..这里是生成验证图像的verify.php:

<?php

//Declare in the header what kind of file this is
header('Content-type: image/jpeg');

//A nice small image that's to the point 
$width = 50;
$height = 24;

//Here we create the image with the sizes declared above and save it to a  variable my_image
$my_image = imagecreatetruecolor($width, $height);

//Let's give our image a background color.  White sound ok to everyone?
imagefill($my_image, 0, 0, 0xFFFFFF);

//Now we're going to add some noise to the image by placing pixels  randomly all over the image
for ($c = 0; $c < 40; $c++){
$x = rand(0,$width-1);
$y = rand(0,$height-1);
imagesetpixel($my_image, $x, $y, 0x000000);
}

$x = rand(1,10);
$y = rand(1,10);

$rand_string = rand(1000,9999);
imagestring($my_image, 5, $x, $y, $rand_string, 0x000000);

/*
We're going to store a ****** in the user's browser so we can call to it
later and confirm they entered the correct verification. The
"md5 rand string" can be anything you want.  It's just our personal
code to be added to the end of the captcha value stored in the ******
as an encrypted string
*/
setcookie('contact_verify',(md5($rand_string).'098f6bcd4621d373cade4e832627b4f6'));

imagejpeg($my_image);
imagedestroy($my_image);
?>

有什么想法吗?

1 个答案:

答案 0 :(得分:1)

在页面刷新之前,PHP不会传输cookie。因此,当您通过AJAX提交表单时,它不会获得cookie。更好的方法是将图像验证代码存储在$ _SESSION变量中,而不是存储在cookie中:

$_SESSION['contact_verify'] = (md5($rand_string).'098f6bcd4621d373cade4e832627b4f6');