检查验证码是否正确

时间:2011-11-24 08:32:51

标签: php

我尝试实现php图像验证码,这里是test.php文件:

<form method="POST" action="processor.php">
  <div style="float:left;">Code: <input type="text" name="verif_box" style="cursor:text">     </div> 
  <div style="margin-top:0px;position:relative;left:5px;  top:-8px;"><IMG SRC="image.php"></div>
  <input type="submit" name="submit" value="Submit">
</FORM>

以下是image.php

   $width = 60;
      $height = 24;

 $my_image = imagecreatetruecolor($width, $height);

 imagefill($my_image, 0, 0, 0xFFFFFF);

   for ($c = 0; $c < 110; $c++){
$x = rand(0,$width-1);
$y = rand(0,$height-1);
imagesetpixel($my_image, $x, $y, 0x000000);
}

$sessioncode=rand(0,9999);
  imagestring($my_image, 5, 0, 0, substr(strtoupper(md5("Mytext".$sessioncode)), 0,6),     $textcolor);
 setcookie('tntcon',(md5("Mytext".$sessioncode)));
imagejpeg($my_image);
imagedestroy($my_image);
     exit();

以下是processor.php

     $verif_box = $_POST["verif_box"];
 if (strtoupper($_COOKIE['tntcon']) == strtoupper($verif_box)) {
  echo "right code";
 } else {
   echo "wrong code";
    }

问题是,即使我输入了正确的验证码,在processor.php文件中总是给我“错误的代码”消息,我做错了什么?

2 个答案:

答案 0 :(得分:3)

您不是在cookie中存储代码,而是存储代码的完整md5-hash。

setcookie('tntcon',(md5("Mytext".$sessioncode)));

只存储Cookie中的前6个字符。

    setcookie('tntcon',(strtoupper(substr(md5("Mytext".$sessioncode), 0, 6))));

另一个(更好的)选项是将代码存储在会话中:

//image.php
session_start();
$_SESSION['code'] = strtoupper(substr(md5('Mytext' . $sessioncode), 0, 6));

//processor.php
session_start();
if ($_SESSION['code'] == strtoupper($_POST["verif_box"])) {
    // Correct code
} else {
    // Incorrect code
    unset($_SESSION['code']);
}

答案 1 :(得分:0)

您只在图像中显示6个字符,但将整个md5哈希存储在cookie中。更好的方法是这样:

$captchacode = substr(strtoupper(md5(rand(234,234234))), 2,6);
imagestring($my_image, 5, 0, 0, $captchacode,     $textcolor);
setcookie('tntcon', $captchacode);