我创建了发送电子邮件的表单。但是当我使用$_SESSION['secure']时它不起作用。只是随机化4位数字是否安全?
generate.php
<?php
session_start();
header('Content-type: image/jpeg');
$text = $_SESSION['secure'];
$font_size = 20;
$img_width = 110;
$img_height = 40;
$img = imagecreate($img_width, $img_height);
imagecolorallocate($img, 255, 255, 255);
$txt_color = imagecolorallocate($img, 0, 0, 0);
for($x = 1; $x <= 50; $x++){
$x1 = rand(1, 100);
$y1 = rand(1, 100);
$x2 = rand(1, 100);
$y2 = rand(1, 100);
imageline($img, $x1, $y1, $x2, $y2, $txt_color);
}
imagettftext($img, $font_size, 0, 15, 30, $txt_color, 'NautilusPompiliusRegular.ttf', $text);
imagejpeg($img);
?>
contact.php
<?php
session_start();
$_SESSION['secure'] = rand(1000, 9999);
$to = '***';/*Change it to the site owners email.*/
$subject = 'New customer!';
$contact_name = $_POST['contact_name'];
$contact_email = $_POST['contact_email'];
$contact_message = $_POST['contact_message'];
$contact_captcha = $_POST['contact_captcha'];
$headers = 'From: '. $contact_name . "\r\n" . 'Reply-To: '. $contact_email . "\r\n" . 'X-Mailer: PHP/' . phpversion();
$result = "";
if($_SESSION['secure'] === $contact_captcha){
mail($to, $subject, $contact_message, $headers);
$result = "Your message was successfully sent.";
}else{
$result = "Error. Some field values are too long. Try again.";
}
echo '
<!DOCTYPE html>
<html lang="en">...'
<div class="form-group">
<div class="col-sm-2 control-div"><img src="generate.php" /></div>
<div class="col-sm-10">
<input type="text" class="form-control" name="contact_captcha" placeholder="Enter the value from the img." value="" maxlength="5" required>
</div>
</div>
<div class="form-group">
<div class="col-sm-10 col-sm-offset-2">
<input name="submit" type="submit" value="Send" class="btn btn-primary">
</div>
</div>
</div>';
注意:我没有destroy_session(),generate.php是单独的文件(我在两者中启动会话)。当我不使用if / else语句时,它可以工作。
答案 0 :(得分:0)
嗯,首先你要经常检查你是否有$ _POST,因为当你提交帖子时,你改变了会话值
所以你的代码应该是
session_start();
if($_POST) {
$to = '***';/*Change it to the site owners email.*/
$subject = 'New customer!';
$contact_name = $_POST['contact_name'];
$contact_email = $_POST['contact_email'];
$contact_message = $_POST['contact_message'];
$contact_captcha = $_POST['contact_captcha'];
$headers = 'From: '. $contact_name . "\r\n" . 'Reply-To: '. $contact_email . "\r\n" . 'X-Mailer: PHP/' . phpversion();
$result = "";
if($_SESSION['secure'] === $contact_captcha){
mail($to, $subject, $contact_message, $headers);
$result = "Your message was successfully sent.";
}else{
$_SESSION['secure'] = rand(1000, 9999); // Change capcha because it is wrong
$result = "Error. Some field values are too long. Try again.";
}
} else {
$_SESSION['secure'] = rand(1000, 9999);
}
// Show the html after
答案 1 :(得分:0)
由于您没有粘贴所有HTML,我不是100%您已将表单包裹在<form method="post" action="?">...</form>中。
@Martin Andreev是正确的,虽然您需要检查$ _POST参数,否则每次都会重新创建$ _SESSION。
session_start();
if(isset($_POST['contact_captcha']) && isset($_SESSION['secure'])) {
$to = '***';/*Change it to the site owners email.*/
$subject = 'New customer!';
$contact_name = $_POST['contact_name'];
$contact_email = $_POST['contact_email'];
$contact_message = $_POST['contact_message'];
$contact_captcha = $_POST['contact_captcha'];
$headers = 'From: '. $contact_name . "\r\n" . 'Reply-To: '. $contact_email . "\r\n" . 'X-Mailer: PHP/' . phpversion();
$result = "";
if($_SESSION['secure'] === $contact_captcha){
mail($to, $subject, $contact_message, $headers);
$result = "Your message was successfully sent.";
} else {
$result = "Error. Some field values are too long. Try again."
}
}
$_SESSION['secure'] = rand(1000, 9999);
//html
如果没有结果,那么var_dump()$ _POST和$ _SESSION如果会话为空,您可能需要在浏览器上查看您的服务器设置和cookie。
编辑:删除===并使其= =它可能是一个严格的类型问题:
if($_SESSION['secure'] == $contact_captcha){
当你var_dump时,他们需要使用相同的类型来使用===
即。 $ _POST [&#39; contact_captcha&#39;]是一个字符串?在var_dump()上有哪些类型?
var_dump($_SESSION['secure']);
string(1) "1"
var_dump($contact_captcha);
int(1)