我创建了发送电子邮件的表单。但是当我使用$_SESSION['secure']它不起作用时。随机化 4 位数字是否安全?
生成.php
<?php
session_start();
header('Content-type: image/jpeg');
$text = $_SESSION['secure'];
$font_size = 20;
$img_width = 110;
$img_height = 40;
$img = imagecreate($img_width, $img_height);
imagecolorallocate($img, 255, 255, 255);
$txt_color = imagecolorallocate($img, 0, 0, 0);
for($x = 1; $x <= 50; $x++){
$x1 = rand(1, 100);
$y1 = rand(1, 100);
$x2 = rand(1, 100);
$y2 = rand(1, 100);
imageline($img, $x1, $y1, $x2, $y2, $txt_color);
}
imagettftext($img, $font_size, 0, 15, 30, $txt_color, 'NautilusPompiliusRegular.ttf', $text);
imagejpeg($img);
?>
联系方式.php
<?php
session_start();
$_SESSION['secure'] = rand(1000, 9999);
$to = '***';/*Change it to the site owners email.*/
$subject = 'New customer!';
$contact_name = $_POST['contact_name'];
$contact_email = $_POST['contact_email'];
$contact_message = $_POST['contact_message'];
$contact_captcha = $_POST['contact_captcha'];
$headers = 'From: '. $contact_name . "'r'n" . 'Reply-To: '. $contact_email . "'r'n" . 'X-Mailer: PHP/' . phpversion();
$result = "";
if($_SESSION['secure'] === $contact_captcha){
mail($to, $subject, $contact_message, $headers);
$result = "Your message was successfully sent.";
}else{
$result = "Error. Some field values are too long. Try again.";
}
echo '
<!DOCTYPE html>
<html lang="en">...'
<div class="form-group">
<div class="col-sm-2 control-div"><img src="generate.php" /></div>
<div class="col-sm-10">
<input type="text" class="form-control" name="contact_captcha" placeholder="Enter the value from the img." value="" maxlength="5" required>
</div>
</div>
<div class="form-group">
<div class="col-sm-10 col-sm-offset-2">
<input name="submit" type="submit" value="Send" class="btn btn-primary">
</div>
</div>
</div>';
注意:我不destroy_session(),生成.php是单独的文件(我在两个文件中启动会话)。当我不使用 if/else 语句时,它可以工作。
嗯,首先你应该始终检查你是否有 $_POST,因为当你提交帖子时,你会改变会话值
所以你的代码应该看起来像
session_start();
if($_POST) {
$to = '***';/*Change it to the site owners email.*/
$subject = 'New customer!';
$contact_name = $_POST['contact_name'];
$contact_email = $_POST['contact_email'];
$contact_message = $_POST['contact_message'];
$contact_captcha = $_POST['contact_captcha'];
$headers = 'From: '. $contact_name . "'r'n" . 'Reply-To: '. $contact_email . "'r'n" . 'X-Mailer: PHP/' . phpversion();
$result = "";
if($_SESSION['secure'] === $contact_captcha){
mail($to, $subject, $contact_message, $headers);
$result = "Your message was successfully sent.";
}else{
$_SESSION['secure'] = rand(1000, 9999); // Change capcha because it is wrong
$result = "Error. Some field values are too long. Try again.";
}
} else {
$_SESSION['secure'] = rand(1000, 9999);
}
// Show the html after
由于您尚未粘贴所有html,因此我不是100%将表单包装在<form method="post" action="?">...</form>中。
@Martin Andreev 是正确的,尽管您需要检查 $_POST 参数,否则它每次都会重新制作 _SESSION 美元。
session_start();
if(isset($_POST['contact_captcha']) && isset($_SESSION['secure'])) {
$to = '***';/*Change it to the site owners email.*/
$subject = 'New customer!';
$contact_name = $_POST['contact_name'];
$contact_email = $_POST['contact_email'];
$contact_message = $_POST['contact_message'];
$contact_captcha = $_POST['contact_captcha'];
$headers = 'From: '. $contact_name . "'r'n" . 'Reply-To: '. $contact_email . "'r'n" . 'X-Mailer: PHP/' . phpversion();
$result = "";
if($_SESSION['secure'] === $contact_captcha){
mail($to, $subject, $contact_message, $headers);
$result = "Your message was successfully sent.";
} else {
$result = "Error. Some field values are too long. Try again."
}
}
$_SESSION['secure'] = rand(1000, 9999);
//html
如果您没有结果,则 var_dump() $_POST 和 $_SESSION 如果会话为空白,您可能需要在浏览器上查看您的服务器设置和 cookie。
编辑:删除 === 并使其 == 它可能是一个严格的类型问题:
if($_SESSION['secure'] == $contact_captcha){
当您var_dump两者时,它们需要具有相同的类型才能使用 ===
即 $_POST['contact_captcha'] 是一个字符串?在var_dump()上有哪些类型?
var_dump($_SESSION['secure']);
string(1) "1"
var_dump($contact_captcha);
int(1)