将CAPTCHA与表单集成 [英] Integrate CAPTCHA with a form

问题描述

我正在尝试使用表单来集成验证码代码。我所拥有的是一种基本格式，在这里我能够使验证码部分在其自己的php页面上工作。我也能够在其自己的php页面中显示表单。我遇到的问题是我不确定如何使两个部分协同工作。

这是我所拥有的东西的缩影：

  <？php 
 session_start（）; 
 if（isset（$ _ POST ['captcha']））{
 $ _SESSION ['captcha'] = rand（0，99999999999）; 
}否则{
 if（$ _SESSION ['captcha']！== $ _ POST ['captcha']）{
 echo'重新输入新的验证码！'; 
 $ _SESSION [’captcha’] = rand（0，99999999999）; 
} 
} 
？> 
 
< form action = formx.php method = POST> 
< ul> 
< li> 
用户名：< br> 
<输入类型文本 name =用户名> 
< / li> 
< li> 
密码：< br> 
<输入类型=密码 name =密码> 
< / li> 
< li> 
再次输入密码：< br> 
< input type = password name = password2> 
< / li> 
< li> 
电子邮件：< br> 
< input type = text name = email> 
< / li> 
< li> 
< input type = submit name =验证码 value =提交> 
< / li> 
< / ul> 
< / form> 
  

解决方案

如果逐步浏览，可能会丢失几个步骤：

  if（$ _SERVER ['REQUEST_METHOD']！='POST'）//如果是初始加载，请加载验证码进入会话
 $ _SESSION ['captcha'] = rand（0,9999999999）; 
 else {//表示已提交
 if（isset（$ _ POST ['captcha']））{//检查是否输入了
 if（$ _SESSION ['captcha']！ == $ _ POST ['captcha']）{//检查是否！正确，重新发出新的验证码
 echo重新输入新的验证码！； 
 $ _SESSION [’captcha’] = rand（0，99999999999）; 
} else {
 //一切都很好，可以处理数据
} 
} else {//没有输入任何内容，请给他们新的验证码
 echo'请输入验证码！'; 
 $ _SESSION [’captcha’] = rand（0，99999999999）; 
} 
 
} 
  

现在，棘手的部分是当您显示给用户。如果您输入：

 < li> 
请输入<？= $ _ SESSION [‘captcha’]？>：< br /> 
< input type = submit name =验证码 value =提交> 
< / li> 
  

机器人将能够绕过此操作。因此，您需要弄清楚如何解决这个问题。只需显示数字并告诉他们输入即可，这会阻止非常基础的机器人。对其进行混淆（ 1 2 ）可能会使它更加困难，但是机器人仍然可以对其进行解析并绕过它。将其另存为Javascript变量，然后对其进行检查也可能有效，但是再次说明，如果漫游器足够聪明，则可以绕过它。 iframe可能会起作用，图像可能会起作用，用户代理解析可能会有所帮助，等等，等等。所有这些事情都可以起作用，但是要由您自己决定如何实现它以及如何安全。 >

就我个人而言，我还是Recaptcha的粉丝，因为它通常很容易实现，并且对我的代码要求最少。我还使用GD和TrueType库制作验证码图像，但这确实比需要使用Recaptcha进行的编程要多得多。最后，我喜欢页面加载后加载的Javascript数学问题，这些bot很难加载并弄清楚发生了什么。

完成，做任何你想做的。如果您遇到困难，请发布代码，我们会为您提供帮助。

I am trying to integrate a captchia code with using a form. What I have is a basic format to where I was able to get the captcha part working on its own php page. Also I was able to display a form in its own php page. The problem I am having is I'm not sure how to get both parts working together.

This is a snipit of what I have:

<?php
session_start();
    if (isset($_POST['captcha'])) {
        $_SESSION['captcha'] = rand(0, 99999999999);
        } else {
            if ($_SESSION['captcha']!==$_POST['captcha']) {
            echo 're-enter a new captcha!';
            $_SESSION['captcha'] = rand(0, 99999999999);
        }
    }
?>

    <form action="formx.php" method="POST">
            <ul>
                <li>
                    Username:<br>
                    <input type"text" name="username">
                </li>
                <li>
                    Password:<br>
                    <input type="password" name="password">
                </li>
                <li>
                    Password again:<br>
                    <input type="password" name="password2">
                </li>
                <li>
                    Email:<br>
                    <input type="text" name="email">
                </li>
                <li>
                    <input type="submit" name="captcha" value="submit">
                </li>
            </ul>
    </form> 

解决方案

If you walk through it, you are probably missing a couple steps:

if ($_SERVER['REQUEST_METHOD']!='POST')  //If initial load, load up captcha into session
    $_SESSION['captcha'] = rand(0,9999999999);
else{//Means form was submitted
    if (isset($_POST['captcha'])) {//Check if they entered
        if ($_SESSION['captcha']!==$_POST['captcha']) {//check if ! correct, reissue new captcha
            echo 're-enter a new captcha!';
            $_SESSION['captcha'] = rand(0, 99999999999);
        }else{
            //Everything was good, handle data
        }
    }else{//Nothing was entered, give them new captcha
        echo 'please enter the captcha!';
        $_SESSION['captcha'] = rand(0, 99999999999);
    }

}

Now the tricky part comes when you display this to the user. If you put:

<li>
    Please type <?=$_SESSION['captcha']?>:<br/>
    <input type="submit" name="captcha" value="submit">
</li>

bots will be able to bypass this. So you need to figure out how to over come this problem. Simply displaying the number and telling them to enter is good and will deter VERY basic bots. Obfuscating it (<span>1</span><span>2</span>) may make it a little more difficult, but bots can still parse it and bypass it. Saving it as a Javascript variable and then checking against it may also work, but again, can be bypassed if the bot is smart enough. An iframe may work, an image may work, user-agent parsing may help, etc etc etc. All these things would work, but it is up to you on how you want to implement it and how secure you want it.

Personally, while I am a fan of Recaptcha as it is usually very easy to implement and requires minimal coding on my end. I also use the GD and TrueType libraries to make captcha images, but this does require a lot more programming than it may be worth if you can use Recaptcha. Finally, I do like Javascript math problems that are loaded after the page loads, which bots have a harder time loading and figuring out what is going on.

After all is said and done, do whatever you want. If you get stuck, post your code and we can help you out.

这篇关于将CAPTCHA与表单集成的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！