1. 首页
  2. 问答
  3. PHP,试图验证码添加到现有的形式

PHP,试图验证码添加到现有的形式

2011-12-20 69 views
2

我不是一个PHP程序员,但用它触摸,足以把一个接触的形式。不过,我想添加一个验证码字段,现在的作品,但形式不验证它 - 所以它提出无论什么PHP,试图验证码添加到现有的形式

任何人可以帮助吗?如果代码是不好意思乱,在此先感谢

的,如果我的网页

 <?php session_start() ?> 
<?php 
     //If the form is submitted 
    if(isset($_POST['submit'])) { 

    //Check to make sure that the name field is not empty 
    if(trim($_POST['name']) == '') { 
     $hasError = true; 
    } else { 
     $name = trim($_POST['name']); 
    } 

     //Check to make sure that the subject field is not empty 
    if(trim($_POST['subject']) == '') { 
     $hasError = true; 
    } else { 
     $subject = trim($_POST['subject']); 
    } 

    //Check to make sure sure that a valid email address is submitted 
    if(trim($_POST['email']) == '') { 
     $hasError = true; 
    } else if (!eregi("^[A-Z0-9._%-][email protected][A-Z0-9._%-]+\.[A-Z]{2,4}$", trim($_POST['email']))) 
    { 
     $hasError = true; 
    } else { 
     $email = trim($_POST['email']); 
    } 

    //Check to make sure comments were entered 
    if(trim($_POST['message']) == '') { 
     $hasError = true; 
    } else { 
    if(function_exists('stripslashes')) { 
     $message = stripslashes(trim($_POST['message'])); 
    } else { 
     $message = trim($_POST['message']); 
    } 

    /*captcha 2*/ 

    if(isset($_POST["captcha"])) { 
     $hasError = true; 
    } else { 
    if($_SESSION["captcha"]==$_POST["captcha"]) { 
    } 
    } 
    //CAPTHCA is valid; proceed the message: save to database, send by e-mail ... 

    //If there is no error, send the email 
    if(!isset($hasError)) { 
     $emailTo = 'email address'; //Put your own email address here 
     $emailTo = 'email address'; //Put your own email address here 
     $body = "Name: $name \n\nEmail: $email \n\nSubject: $subject \n\nMessage:\n $message"; 
     $headers = 'From: website form <'.$emailTo.'>' . "\r\n" . 'Reply-To: ' .   
     $email; 

    mail($emailTo, $subject, $body, $headers); 
     $emailSent = true; 
    } 
    } 
?> 

    Code in the form: 

    [php]<?php if(isset($hasError)) { //If errors are found ?> 

     <p class="error">Please check if you've filled all the fields with valid information.   Thank you.</p> 
    <?php } ?> 

    <?php if(isset($emailSent) && $emailSent == true) { //If email is sent ?> 
     <p><strong>Email Successfully Sent!</strong></p> 
     <p>Thank you <strong><?php echo $name;?></strong> for contacting us. Your email was successfully sent and we will be in touch with you soon.</p> 
     <?php } ?> 

<form method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>" id="contactform"> 
    <div> 

     <p> 
     <label for="name">Name</label><br /> 
     <input type="text" name="name" value="" id="name" class="required"> 
     </p> 
    </div> 

    <div> 

     <p> 
     <label for="email">Email</label><br /> 
     <input type="text" name="email" value="" id="email" class="required"> 
     </p> 
    </div> 

    <div> 

     <p> 
     <label for="subject">Subject</label><br /> 
     <input type="text" name="subject" value="" id="subject" class="required"> 
     </p> 

    </div> 

    <div style="margin-bottom:25px;"> 

     <p> 
     <label for="message">Message</label><br /> 
     <textarea rows="5" name="message" value="" id="message" class="required"></textarea> 
     </p> 

    </div> 
    <div style="margin-bottom:25px;"> 


     <img src="captcha.php" alt="captcha image"> 
     <p> 
     <label for="captcha">(antispam code, 3 black symbols)</label><br /> 
     <input type="text" name="captcha" maxlength="3" id="captcha" class="required"> 
     </p> 

    </div> 
    <input type="submit" value="Send Message" name="submit" /> 
</form> 
[/php]

来源

2011-12-20 user1108564

+0

请问您的文件有调用session_start()?没有它,$ _SESSION ['catpcha']将是空的(并且可能会发出通知)。此外,请注意,您应该检查存储的验证码值是否不为空。否则,用户可以简单地通过不加载图像来通过验证码。 if(!empty($ _ SESSION ['captcha'])&& $ _SESSION ['captcha'] === $ captchaFromUser){valid} – Corbin 2011-12-20 19:56:03

+0

检查会话存储的captcha值是否为空?这是我上面发布的代码。顺便说一句,$ captchaFromUser将是$ _POST ['captcha']。避免直接访问$ _POST值而不检查它们是否被首先设置通常会更好。如果他们没有设置,那么你会得到一个通知。 – Corbin 2011-12-20 20:02:30

+0

对不起,我之前没有看过代码,所以我已经替换if(isset($ _ POST [“captcha”])) with if(!empty($ _ SESSION ['captcha'])&& $ _SESSION ['captcha'] === $ captchaFromUser) – user1108564 2011-12-20 20:08:24

回答

0

[编辑] 2011-12-20下午8点22 CST - 更新代码的第二块与该OP使用最终代码 - 基于场外聊天。

有写代码更好的办法。我在下面举一个例子。提出问题,我将用评论解释来更新代码。我修改了关于验证码的if语句,以便它不需要双重if。在if语句中使用||(或)会导致PHP在测试第一个条件(如果第一个条件的计算结果为true)后停止。因此,如果变量没有设置,它永远不会进入POST与SESSION的比较。

另外,我默认你的hasError变量设置为false,以及正在测试的boolean值。这是更好的,因为它是有意义的。想想那些会追随你的程序员。如果它有意义,它会更容易处理。 你可能是程序员 :)

[编辑追加session_start();]

<?php 
session_start(); 

// default value 
$hasError = false; 

//If the form is submitted 
if(isset($_POST['submit'])) { 
    //Check to make sure that the name field is not empty 
    if(trim($_POST['name']) == '') { 
     $hasError = true; 
    } else { 
     $name = trim($_POST['name']); 
    } 

    //Check to make sure that the subject field is not empty 
    if(trim($_POST['subject']) == '') { 
     $hasError = true; 
    } else { 
     $subject = trim($_POST['subject']); 
    } 

    //Check to make sure sure that a valid email address is submitted 
    if(trim($_POST['email']) == '') { 
     $hasError = true; 
    } else if (!eregi("^[A-Z0-9._%-][email protected][A-Z0-9._%-]+\.[A-Z]{2,4}$", trim($_POST['email']))) { 
     $hasError = true; 
    } else { 
     $email = trim($_POST['email']); 
    } 

    //Check to make sure comments were entered 
    if(trim($_POST['message']) == '') { 
     $hasError = true; 
    } else { 
     if(function_exists('stripslashes')) { 
      $message = stripslashes(trim($_POST['message'])); 
     } else { 
      $message = trim($_POST['message']); 
     } 
    } 

    if(! isset($_POST["captcha"]) || $_SESSION["captcha"] != $_POST["captcha"]) { 
     $hasError = true; 
     echo 'CAPTHCA is not valid; ignore submission<br>'; 
     echo $_POST['captcha' . ' != ' . $_SESSION['captcha'] . '<br>'; 
    } 

    //If there is no error, send the email 
    if($hasError == false) { 
     $emailTo = '[email protected]'; //Put your own email address here 
     $emailTo = '[email protected]'; //Put your own email address here 
     $body = "Name: $name \n\nEmail: $email \n\nSubject: $subject \n\nMessage:\n $message"; 

     // !!!!!!!!!!!!!!!! REMOVE \r\n from $emailTo or your form will be hacked !!!!!!!!!!!!!!!!!!!!!! 
     $headers = 'From: website form <'.$emailTo.'>' . "\r\n" . 'Reply-To: ' . $email; 

     mail($emailTo, $subject, $body, $headers); 
     $emailSent = true; 
    } else { 

    } 
}

[编辑 - 全码,编辑和(希望)改善]

<?php 
session_start(); 

function clean_for_email($inbound) 
{ 
    return str_replace(array("\n", "\r"), "", $inbound); 
} 
// I really like the name of this function. :D 
function outputInput($name, $required) 
{ 
    $attribs[] = "name=\"{$name}\""; 
    $attribs[] = "id=\"{$name}\""; 
    $attribs[] = $required?'class="required"':''; 
    $attribs[] = 'type="text"'; 


    if (count($_POST) && array_key_exists($name, $_POST)) 
    { 
     $attribs[] = 'value="' . htmlspecialchars($_POST[$name]) . '"'; 
    } 

    echo '<input ' . implode(' ', $attribs) . '>'; 
} 
//------------------------------------------------------------------------ 
function outputTextarea($name, $required, $rows = 5) 
{ 
    $attribs[] = "name=\"{$name}\""; 
    $attribs[] = "id=\"{$name}\""; 
    $attribs[] = $required?'class="required"':''; 
    $attribs[] = 'rows="5"'; 
    $value = ''; 

    if (count($_POST) && array_key_exists($name, $_POST)) 
    { 
     $value = htmlspecialchars($_POST[$name]); 
    } 

    echo '<textarea ' . implode(' ', $attribs) . '>' . $value . '</textarea>'; 
} 

// default value 
$hasError = false; 
$emailSent = false; 

//If the form is submitted 
if(count($_POST) && isset($_POST['submit'])) { 
    //Check to make sure that the name field is not empty 
    if(trim($_POST['name']) == '') { 
     $hasError = true; 
    } else { 
     $name = trim($_POST['name']); 
    } 

    //Check to make sure that the subject field is not empty 
    if(trim($_POST['subject']) == '') { 
     $hasError = true; 
    } else { 
     $subject = trim($_POST['subject']); 
    } 

    //Check to make sure sure that a valid email address is submitted 
    if(trim($_POST['email']) == '') { 
     $hasError = true; 
    } else if (! preg_match('/^[email protected]+$/i', trim($_POST['email']))) { 
     $hasError = true; 
    } else { 
     $email = trim($_POST['email']); 
    } 

    //Check to make sure comments were entered 
    if(trim($_POST['message']) == '') { 
     $hasError = true; 
    } else { 
     if(function_exists('stripslashes')) { 
      $message = stripslashes(trim($_POST['message'])); 
     } else { 
      $message = trim($_POST['message']); 
     } 
    } 

    if (! array_key_exists('captcha', $_POST) || $_SESSION['captcha'] != $_POST["captcha"]) { 
     $hasError = true; 
    } 

    if(! $hasError) 
    { 
     $captchaValid = true; 
     //If there is no error, send the email 
     if($hasError == false) { 
      $emailTo = 'xxx'; //Put your own email address here 
      $body = "Name: $name \n\nEmail: $email \n\nSubject: $subject \n\nMessage:\n $message"; 
      $headers = 'From: website form <'.clean_for_email($emailTo).'>' . "\r\n" . 'Reply-To: ' . clean_for_email($email); 
      mail($emailTo, $subject, $body, $headers); 
      $emailSent = true; 
     } else { 

     } 
    } 
} 
?> 

<? if($hasError) : ?> 
    <p class="error">Please check if you've filled all the fields with valid information Thank you.</p> 
<? endif; ?> 

<? if($emailSent == true) : ?> 
    <p><strong>Email Successfully Sent!</strong></p> 
    <p>Thank you <strong><?php echo $name;?></strong> for contacting us. Your email was successfully sent and we will be in touch with you soon.</p> 
<? endif; ?> 

<form method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>" id="contactform"> 
    <div> 
     <p> 
     <label for="name">Name</label><br /> 
     <? outputInput('name', true); ?> 
     </p> 
    </div> 

    <div> 
     <p> 
     <label for="email">Email</label><br /> 
     <? outputInput('email', true); ?> 
     </p> 
    </div> 

    <div> 
     <p> 
     <label for="subject">Subject</label><br /> 
     <? outputInput('subject', true); ?> 
     </p> 
    </div> 

    <div style="margin-bottom:25px;"> 
     <p> 
     <label for="message">Message</label><br /> 
     <? outputTextarea('message', true); ?> 
     </p> 
    </div> 
    <div style="margin-bottom:25px;"> 
     <img src="captcha.php" alt="captcha image"> 
     <p> 
     <label for="captcha">(antispam code, 3 black symbols)</label><br /> 
     <? outputInput('captcha', true); ?> 
     </p> 
    </div> 
    <input type="submit" value="Send Message" name="submit" /> 
</form>

来源

2011-12-20 21:01:28

+0

表单字段被清除,因为表单代码中没有任何内容可以重新输出刚刚提交的值。 – 2011-12-20 21:16:37

+0

awsome!非常感谢 – user1108564 2011-12-20 21:44:09

+0

顶部的那个?或者只是'验证码无效......'的那个。' – user1108564 2011-12-20 22:04:17

0

的顶级代码(isset($ _ POST [ “验证码”))

你错过一个括号。

编辑,以显示整个代码....支架添加了对失踪的captcha条件句。原样,您的代码没有检查验证码是否通过发布设置。它只是根据post变量检查会话变量。如果两者都是空白的,表单将邮寄。您可能仍然遇到captcha.php或session变量的问题。

<?php 
     //If the form is submitted 
    if(isset($_POST['submit'])) { 

    //Check to make sure that the name field is not empty 
    if(trim($_POST['name']) == '') { 
     $hasError = true; 
    } else { 
     $name = trim($_POST['name']); 
    } 

     //Check to make sure that the subject field is not empty 
    if(trim($_POST['subject']) == '') { 
     $hasError = true; 
    } else { 
     $subject = trim($_POST['subject']); 
    } 

    //Check to make sure sure that a valid email address is submitted 
    if(trim($_POST['email']) == '') { 
     $hasError = true; 
    } else if (!eregi("^[A-Z0-9._%-][email protected][A-Z0-9._%-]+\.[A-Z]{2,4}$", trim($_POST['email']))) 
    { 
     $hasError = true; 
    } else { 
     $email = trim($_POST['email']); 
    } 

    //Check to make sure comments were entered 
    if(trim($_POST['message']) == '') { 
     $hasError = true; 
    } else { 
    if(function_exists('stripslashes')) { 
     $message = stripslashes(trim($_POST['message'])); 
    } else { 
     $message = trim($_POST['message']); 
    } 
    } 

    /*captcha 2*/ 


    if(isset($_POST["captcha"])) { 
    if($_SESSION["captcha"]==$_POST["captcha"]) 
    { 
    //CAPTHCA is valid; proceed the message: save to database, send by e-mail ... 

    //If there is no error, send the email 
    if(!isset($hasError)) { 
     $emailTo = '[email protected]'; //Put your own email address here 
     $emailTo = '[email protected]'; //Put your own email address here 
     $body = "Name: $name \n\nEmail: $email \n\nSubject: $subject \n\nMessage:\n $message"; 
     $headers = 'From: SJB Projects website form <'.$emailTo.'>' . "\r\n" . 'Reply-To: ' .   $email; 

    mail($emailTo, $subject, $body, $headers); 
     $emailSent = true; 
    } 
    else 
    { 
    echo 'CAPTHCA is not valid; ignore submission'; 
    } 
    } 


    } else { 

    ///message here if CAPTCHA is not set (via post) 

    } 

    } 
    ?> 

    <?php if(isset($hasError)) { //If errors are found ?> 

     <p class="error">Please check if you've filled all the fields with valid information.   Thank you.</p> 
    <?php } ?> 

    <?php if(isset($emailSent) && $emailSent == true) { //If email is sent ?> 
     <p><strong>Email Successfully Sent!</strong></p> 
     <p>Thank you <strong><?php echo $name;?></strong> for contacting SJB Projects. Your email was successfully sent and we will be in touch with you soon.</p> 
     <?php } ?> 

<form method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>" id="contactform"> 
    <div> 

     <p> 
     <label for="name">Name</label><br /> 
     <input type="text" name="name" value="" id="name" class="required"> 
     </p> 
    </div> 

    <div> 

     <p> 
     <label for="email">Email</label><br /> 
     <input type="text" name="email" value="" id="email" class="required"> 
     </p> 
    </div> 

    <div> 

     <p> 
     <label for="subject">Subject</label><br /> 
     <input type="text" name="subject" value="" id="subject" class="required"> 
     </p> 

    </div> 

    <div style="margin-bottom:25px;"> 

     <p> 
     <label for="message">Message</label><br /> 
     <textarea rows="5" name="message" value="" id="message" class="required"></textarea> 
     </p> 

    </div> 
    <div style="margin-bottom:25px;"> 


     <img src="captcha.php" alt="captcha image"> 
     <p> 
     <label for="captcha">(antispam code, 3 black symbols)</label><br /> 
     <input type="text" name="captcha" maxlength="3" id="captcha" class="required"> 
     </p> 

    </div> 
    <input type="submit" value="Send Message" name="submit" /> 
</form>

来源

2011-12-20 19:54:52 Scott

+0

谢谢 - 我需要在哪里添加支架?第三个在最后? – user1108564 2011-12-20 19:58:52

+0

它应该是 - if(isset($ _ POST [“captcha”])){ - (在我发布的行后面的开括号)。只需在底部添加另一个右括号与其他右括号。 – Scott 2011-12-20 20:00:53

+0

我编辑了上面的代码,它似乎注册如果验证码是正确的,但显示没有错误,并清除字段,如果它留空.... – user1108564 2011-12-20 20:29:42

相关问题

 相关问题