我的网站上有一个验证码,http://sketchedneo.com/jointest.php
然而它不起作用。
它只是让错误的代码通过。
请帮忙解决这个问题
我不确定我需要为此展示哪部分代码。 (这是我的captcha.php)
<?php
session_start();
header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
header("Cache-Control: no-store, no-cache, must-revalidate");
header("Cache-Control: post-check=0, pre-check=0", false);
header("Pragma: no-cache");
function _generateRandom($length=6)
{
$_rand_src = array(
array(48,57) //digits
, array(97,122) //lowercase chars
// , array(65,90) //uppercase chars
);
srand ((double) microtime() * 1000000);
$random_string = "";
for($i=0;$i<$length;$i++){
$i1=rand(0,sizeof($_rand_src)-1);
$random_string .= chr(rand($_rand_src[$i1][0],$_rand_src[$i1][1]));
}
return $random_string;
}
$im = @imagecreatefromjpeg("http://sketchedneo.com/images/sitedesigns/captcha.jpg");
$rand = _generateRandom(3);
$_SESSION['captcha'] = $rand;
ImageString($im, 5, 2, 2, $rand[0]." ".$rand[1]." ".$rand[2]." ", ImageColorAllocate ($im, 0, 0, 0));
$rand = _generateRandom(3);
ImageString($im, 5, 2, 2, " ".$rand[0]." ".$rand[1]." ".$rand[2], ImageColorAllocate ($im, 255, 0, 0));
Header ('Content-type: image/jpeg');
imagejpeg($im,NULL,100);
ImageDestroy($im);
?>
代码检查:
<tr><td align="center">CAPTCHA:<br>
(antispam code, 3 black symbols)<br>
<table><tr><td><img src="captcha.php" alt="captcha image"></td><td><input type="text" name="captcha" size="3" maxlength="3"></td></tr></table>
</td></tr>
<td height="27" colspan="2" valign="middle">
<center><input type=submit name=Submit value="Register"></center>
</td>
</table>
</form>
<?php
if(isset($_POST['captcha'])) {
if($_SESSION['captcha'] == $_POST['captcha']) {
if(isset($_POST["captcha"]))
//CAPTHCA is valid; proceed the message: save to database, send by e-mail ...
echo 'CAPTHCA is valid; proceed the message';
}
else
{
echo 'CAPTHCA is not valid; ignore submission';
}
}
?>
哪个代码在哪里?
<?php
include ($_SERVER['DOCUMENT_ROOT'].'/addon.php');
include ($_SERVER['DOCUMENT_ROOT'].'/dblink.php');
include ($_SERVER['DOCUMENT_ROOT'].'/security/stripusers.php');
$name = $_POST['name'];
$pass1 = $_POST['pass1'];
$pass2 = $_POST['pass2'];
$email = $_POST['email'];
$security = $_POST['security'];
$name = mysql_real_escape_string($name);
$name = stripslashes($name);
$name = stripusers($name);
$pass1 = mysql_real_escape_string($pass1);
$pass1 = stripslashes($pass1);
$pass1 = stripusers($pass1);
$pass2 = mysql_real_escape_string($pass2);
$pass2 = stripslashes($pass2);
$pass2 = stripusers($pass2);
$security = mysql_real_escape_string($security);
$security = stripslashes($security);
$security = stripusers($security);
$email = mysql_real_escape_string($email);
$email = stripslashes($email);
$email = stripusers($email);
if ((!$name) OR (!$pass1) OR (!$pass2) OR (!$email) OR (!$security))
{
die(header("Location: $baseurl/join.php?error=Please+fill+out+all+of+the+information."));
}
$check = mysql_fetch_array(mysql_query("SELECT * FROM members WHERE username = '$name' "));
if ($check[username] == $name)
{
die(header("Location: $baseurl/join.php?error=The+username+you+selected+already+exists"));
}
if ($pass1 != $pass2)
{
die( header("Location: $baseurl/join.php?error=Your+passwords+did+not+match"));
}
if((!is_numeric($security)) AND (!$security > 0000) AND (!$security < 9999))
{
die(header("Location: $baseurl/join.php?error=Your+security+code+can+only+contain+numbers!"));
}
if(strlen($security) <= 3)
{
die(header("Location: $baseurl/join.php?error=Your+security+code+must+contain+four+numbers!"));
}
if (preg_match('/^[a-zA-Z0-9_]*$/UD',$name))
{
$pword2 = md5($pass1);
$secure2 = md5($security);
$one = md5($name);
mysql_query("INSERT INTO members (username,password,security,email,rank,name,age,gender,location,helpfaerie,profile,about,tasks,joined,icedmutereason,icedmutedetails,icedmuteby,icedmutedate,posts,signature,avatar,verify) VALUES ('$name','$pword2','$secure2','$email','3','$name','New Born','Unknown','Lost!','1','Welcome','Welcome','Hiding','$timestamp','None','None','None','0','0','None','http://images.neopets.com/neoboards/avatars/default.gif','0')") or die (mysql_error());
$message = "<p><p><center><table width=\"450\" border=\"0\" cellspacing=\"0\" cellpadding=\"4\" style=\"border-top: 1pt solid black;border-left: 1pt solid black;border-right: 1pt solid black;;border-bottom: 1pt solid black;\">
<tr>
<td colspan=\"2\" style=\"background-color:#5eaed4;border-bottom: 1pt solid black;\"><center>Welcome to Lutari.net!</center></td>
</tr>
<tr>
<td><img src=\"http://images.neopets.com/pets/happy/lutari_island_baby.gif\"></td>
<td><p>Thank you for creating an account with us. To access the full featres of the site, please activate your account by clicking <a href=\"$baseurl/verify.php?user=$name&code=$one\">HERE</a></p>
<p>Your Username: <b>$name</b><br>
Your Activation Code: <b>$one</b>
<p>If you did not make an account with us, please ignore this email.</p></td>
</tr>
</table>
<p> </p>
</center>";
$subject = "Welcome to Lutari! - Activate your account.";
mail($email,$subject,$message,"From: admin@lutari.net \nContent-Type: text/html; charset=iso-8859-1\r\nMime-Version: 1.0\nContent-Transfer-Encoding: 7bit");
}
else
{
header("Location: $baseurl/join.php?error=Your+username+can+only+contain+letters+numbers+and+underscores.");
}
setcookie("lutari_user",$name, time()+3600*24);
setcookie("lutari_pass",$pword2, time()+3600*24);
header("Location: $baseurl/joined.php");
?>
答案 0 :(得分:0)
您可以将检查代码移动到join.pro.php(我假设这是您发布的最后一个代码部分),如下所示:
....
$email = stripslashes($email);
$email = stripusers($email);
session_start();
if (isset($_SESSION['captcha']) && isset($_POST['captcha'])){
if($_SESSION['captcha'] != $_POST['captcha']) {
header("Location: $baseurl/join.php?error=captcha+incorrect.");
die();
}
}else {
header("Location: $baseurl/join.php?error=captcha+missing.");
die();
}
if ((!$name) OR (!$pass1) OR (!$pass2) OR (!$email) OR (!$security))
...