dtevhgk028372 2012-12-19 04:30
浏览 89
已采纳

将CAPTCHA与表单集成

I am trying to integrate a captchia code with using a form. What I have is a basic format to where I was able to get the captcha part working on its own php page. Also I was able to display a form in its own php page. The problem I am having is I'm not sure how to get both parts working together.

This is a snipit of what I have:

<?php
session_start();
    if (isset($_POST['captcha'])) {
        $_SESSION['captcha'] = rand(0, 99999999999);
        } else {
            if ($_SESSION['captcha']!==$_POST['captcha']) {
            echo 're-enter a new captcha!';
            $_SESSION['captcha'] = rand(0, 99999999999);
        }
    }
?>

    <form action="formx.php" method="POST">
            <ul>
                <li>
                    Username:<br>
                    <input type"text" name="username">
                </li>
                <li>
                    Password:<br>
                    <input type="password" name="password">
                </li>
                <li>
                    Password again:<br>
                    <input type="password" name="password2">
                </li>
                <li>
                    Email:<br>
                    <input type="text" name="email">
                </li>
                <li>
                    <input type="submit" name="captcha" value="submit">
                </li>
            </ul>
    </form>
  • 写回答

3条回答 默认 最新

  • doubo6658 2012-12-19 04:55
    关注

    If you walk through it, you are probably missing a couple steps:

    if ($_SERVER['REQUEST_METHOD']!='POST')  //If initial load, load up captcha into session
    $_SESSION['captcha'] = rand(0,9999999999);
else{//Means form was submitted
    if (isset($_POST['captcha'])) {//Check if they entered
        if ($_SESSION['captcha']!==$_POST['captcha']) {//check if ! correct, reissue new captcha
            echo 're-enter a new captcha!';
            $_SESSION['captcha'] = rand(0, 99999999999);
        }else{
            //Everything was good, handle data
        }
    }else{//Nothing was entered, give them new captcha
        echo 'please enter the captcha!';
        $_SESSION['captcha'] = rand(0, 99999999999);
    }

}

    Now the tricky part comes when you display this to the user. If you put: 

    <li>
    Please type <?=$_SESSION['captcha']?>:<br/>
    <input type="submit" name="captcha" value="submit">
</li>

    bots will be able to bypass this. So you need to figure out how to over come this problem. Simply displaying the number and telling them to enter is good and will deter VERY basic bots. Obfuscating it (<span>1</span><span>2</span>) may make it a little more difficult, but bots can still parse it and bypass it. Saving it as a Javascript variable and then checking against it may also work, but again, can be bypassed if the bot is smart enough. An iframe may work, an image may work, user-agent parsing may help, etc etc etc. All these things would work, but it is up to you on how you want to implement it and how secure you want it.

    Personally, while I am a fan of Recaptcha as it is usually very easy to implement and requires minimal coding on my end. I also use the GD and TrueType libraries to make captcha images, but this does require a lot more programming than it may be worth if you can use Recaptcha. Finally, I do like Javascript math problems that are loaded after the page loads, which bots have a harder time loading and figuring out what is going on.

    After all is said and done, do whatever you want. If you get stuck, post your code and we can help you out.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(2条)

报告相同问题?

悬赏问题

  • ¥15 孟德尔随机化怎样画共定位分析图
  • ¥18 模拟电路问题解答有偿速度
  • ¥15 CST仿真别人的模型结果仿真结果S参数完全不对
  • ¥15 误删注册表文件致win10无法开启
  • ¥15 请问在阿里云服务器中怎么利用数据库制作网站
  • ¥60 ESP32怎么烧录自启动程序
  • ¥50 html2canvas超出滚动条不显示
  • ¥15 java业务性能问题求解(sql,业务设计相关)
  • ¥15 52810 尾椎c三个a 写蓝牙地址
  • ¥15 elmos524.33 eeprom的读写问题