嘿大家,我之前发布了一个主题,通过使用$ _SESSION代替$ _COOKIE来帮助解决我之前的问题 但是当我输入正确的验证码时,它仍然说我输错了。我去了一个网站,用随机文本生成了一个随机的MD5哈希,这是我应该做的吗?
我不知道出了什么问题,但这就是我所拥有的:
HTML表单:
<form id="ajax-contact-form" action="javascript:alert('success!');">
<label>Name:*</label><INPUT class="textbox" type="text" name="name" value=""><br />
<label>E-Mail:*</label><INPUT class="textbox" type="text" name="email" value=""><br />
<label>Telephone:</label><INPUT class="textbox" type="text" name=telephone" value="" /><br />
<INPUT class="textbox" type="hidden" name="subject" value="Contact Form" >
<label>Message:*</label><TEXTAREA class="textbox" NAME="message" ROWS="5" COLS="25"></TEXTAREA><br />
<tr>
<label>Image Verification:*</label>
<input type="text" name="verify" style="width:200px;" /><img src="verification.php?<?php echo rand(0,9999);?>" width="50" height="24" align="absbottom" />
<label> </label><INPUT class="button" type="submit" name="submit" value="Send Message">
</form>
contactform.php:
<?php
/*
Credits: Bit Repository
URL: http://www.bitrepository.com/
*/
include 'config.php';
error_reporting (E_ALL ^ E_NOTICE);
$post = (!empty($_POST)) ? true : false;
if($post)
{
include 'functions.php';
$name = stripslashes($_POST['name']);
$email = trim($_POST['email']);
$telephone = stripslashes($_POST['telephone']);
$subject = stripslashes($_POST['subject']);
$message = stripslashes($_POST['message']);
$verify = stripslashes($_POST['verify']);
$error = '';
// Check name
if(!$name)
{
$error .= 'Please enter your name.<br />';
}
// Check email
if(!$email)
{
$error .= 'Please enter an e-mail address.<br />';
}
if($email && !ValidateEmail($email))
{
$error .= 'Please enter a valid e-mail address.<br />';
}
// Check message (length)
if(!$message || strlen($message) < 15)
{
$error .= "Please enter your message. It should have at least 15 characters.<br />";
}
// Check Verification code
if(md5($verify).'098f6bcd4621d373cade4e832627b4f6' != $_SESSION['contact_verify'])
{
$error .= 'Image Verification failed.<br />';
}
//Send the Name, Email, Telephone, and Message in a formateed version.
$email_message = "The following message was sent to you in your contact form on domain.com\n\n";
function clean_string($string) {
$bad = array("content-type","bcc:","to:","cc:","href");
return str_replace($bad,"",$string);
}
$email_message .= "Name: ".clean_string($name)."\n";
$email_message .= "Email: ".clean_string($email)."\n";
$email_message .= "Telephone: ".clean_string($telephone)."\n";
$email_message .= "Message: ".clean_string($message)."\n";
if(!$error)
{
$mail = mail(WEBMASTER_EMAIL, $subject, $email_message,
"From: ".$name." <".$email.">\r\n"
."Reply-To: ".$email."\r\n"
."X-Mailer: PHP/" . phpversion());
if($mail)
{
echo 'OK';
}
}
else
{
echo '<div class="notification_error">'.$error.'</div>';
}
}
?>
我的所有verify.php文件:
<?php
//Declare in the header what kind of file this is
header('Content-type: image/jpeg');
//A nice small image that's to the point
$width = 50;
$height = 24;
//Here we create the image with the sizes declared above and save it to a variable my_image
$my_image = imagecreatetruecolor($width, $height);
//Let's give our image a background color. White sound ok to everyone?
imagefill($my_image, 0, 0, 0xFFFFFF);
//Now we're going to add some noise to the image by placing pixels randomly all over the image
for ($c = 0; $c < 40; $c++){
$x = rand(0,$width-1);
$y = rand(0,$height-1);
imagesetpixel($my_image, $x, $y, 0x000000);
}
$x = rand(1,10);
$y = rand(1,10);
$rand_string = rand(1000,9999);
imagestring($my_image, 5, $x, $y, $rand_string, 0x000000);
/*
We're going to store a ****** in the user's browser so we can call to it
later and confirm they entered the correct verification. The
"decipher_k2s58s4" can be anything you want. It's just our personal
code to be added to the end of the captcha value stored in the ******
as an encrypted string
*/
$_SESSION['contact_verify'] = (md5($rand_string).'098f6bcd4621d373cade4e832627b4f6');
imagejpeg($my_image);
imagedestroy($my_image);
?>
答案 0 :(得分:0)
这似乎不正确:
if(md5($verify).'098f6bcd4621d373cade4e832627b4f6' ...
我怀疑你想附加$verify的md5和另一个哈希。尝试:
if(md5($verify) != $_SESSION['contact_verify']) {
$error .= 'Image Verification failed.<br />';
}
答案 1 :(得分:0)
我相信verification.php没有session_start();
在该页面上添加session_start();作为第一行,在编辑之前查看是否适用于原始代码。
您唯一不需要这样做的时候是PHP文件添加了require_once或include。这是因为脚本将从调用它的文件继承它。你怎么从HTML中调用它,这意味着它没有。
每个文件都需要有session_start();或者他们不能使用$_SESSION vars。
旁注:
您还应该在verification.php脚本上添加错误报告,以便查看问题;)