如何實現一個非常簡單的安全功能到這個免費的PHP聯繫表格

Question

嘿夥計們我一直在搞亂免費的PHP/HTML聯繫表格我發現：http://www.freecontactform.com/email_form.php這是我想要的網站，我正在做的，但我需要使它更安全一些，所以我要做的就是創建一個額外的盒子並讓它接受4的值。問題是我在實現它時遇到了麻煩。如果安全值是4，我希望表單執行，如果不是，則顯示錯誤消息。我收到了錯誤消息，但它似乎不接受4的值。你能看看我的代碼，並告訴我哪裏出錯了嗎？謝謝。

<?php 
if(isset($_POST['email'])) { 

    // EDIT THE 2 LINES BELOW AS REQUIRED 
    $email_to = "0000000000"; 
    $email_subject = "From the website"; 


    function died($error) { 
     // your error code can go here 
     echo "We are very sorry, but there were error(s) found with the form you submitted. "; 
     echo "These errors appear below.<br /><br />"; 
     echo $error."<br /><br />"; 
     echo "Please go back and fix these errors.<br /><br />"; 
     die(); 
    } 

    // validation expected data exists 
    if(!isset($_POST['first_name']) || 
     !isset($_POST['last_name']) || 
     !isset($_POST['email']) || 
     !isset($_POST['telephone']) || 
     !isset($_POST['security']) || 
     !isset($_POST['comments'])) { 
     died('We are sorry, but there appears to be a problem with the form you submitted.');  
    } 

    $first_name = $_POST['first_name']; // required 
    $last_name = $_POST['last_name']; // required 
    $email_from = $_POST['email']; // required 
    $telephone = $_POST['telephone']; // not required 
    $security = $_POST['security']; 
    $comments = $_POST['comments']; // required 

    $error_message = ""; 
    $email_exp = '/^[A-Za-z0-9._%-]+@[A-Za-z0-9.-]+\.[A-Za-z]{2,4}$/'; 
    if(!preg_match($email_exp,$email_from)) { 
    $error_message .= 'The Email Address you entered does not appear to be valid.<br />'; 
    } 
    $string_exp = "/^[A-Za-z .'-]+$/"; 
    $string_sec = "4"; 
    if(!preg_match($string_exp,$first_name)) { 
    $error_message .= 'The First Name you entered does not appear to be valid.<br />'; 
    } 
    if(!preg_match($string_exp,$last_name)) { 
    $error_message .= 'The Last Name you entered does not appear to be valid.<br />'; 
    } 
    if(strlen($security) < 4) { 
    $error_message .= 'The security passphrase is not correct.'; 
    }if(strlen($comments) > 4) { 
    $error_message .= 'The security passphrase is not correct.<br />'; 
    } 

    if(strlen($comments) < 2) { 
    $error_message .= 'The Comments you entered do not appear to be valid.<br />'; 
    } 
    if(strlen($error_message) > 0) { 
    died($error_message); 
    } 
    $email_message = "Form details below.\n\n"; 

    function clean_string($string) { 
     $bad = array("content-type","bcc:","to:","cc:","href"); 
     return str_replace($bad,"",$string); 
    } 

    $email_message .= "First Name: ".clean_string($first_name)."\n"; 
    $email_message .= "Last Name: ".clean_string($last_name)."\n"; 
    $email_message .= "Email: ".clean_string($email_from)."\n"; 
    $email_message .= "Telephone: ".clean_string($telephone)."\n"; 
    $email_message .= "Comments: ".clean_string($comments)."\n"; 


// create email headers 
$headers = 'From: '.$email_from."\r\n". 
'Reply-To: '.$email_from."\r\n" . 
'X-Mailer: PHP/' . phpversion(); 
@mail($email_to, $email_subject, $email_message, $headers); 
?> 

<!-- include your own success html here --> 


Thank you for contacting us. We will be in touch with you very soon. 
<?php 
} 
?> 

---

的Html我的網站：

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"> 
<html xmlns="http://www.w3.org/1999/xhtml"> 
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> 
<script src="Scripts/swfobject_modified.js" type="text/javascript"></script> 
<head> 
<link rel="stylesheet" type="text/css" media="all" href="css/text.css" /> 
<link rel="stylesheet" type="text/css" media="all" href="css/960.css" /> 
<link rel="stylesheet" type="text/css" media="all" href="css/style.css" /> 
<title>Japonica Flower Shop</title> 
</head> 

<body> 
<div class="container_12" id="topContent"> 
    <div class="grid_4"> 
    <h1>Japonica Flower Shop</h1> 
    <h2>For Fresh Flowers</h2> 
    <h3>Secret Garden Centre, Keynsham</h3> 
    </div> 
    <div class="grid_8" id="rightTopContent"> <a href="index.html">home</a> | <a href="">gallery</a> | <a href="aboutus.html">about us</a> | <a href="http://blankwebsiteblog.blogspot.co.uk/">blog</a> | <a href="#">contact</a> </div> 
</div> 
<div class="clear">&nbsp;</div> 
<div class="container_12"> 
    <div class="grid_4"> 
    <ul class="gallery"> 
     <li class="active"> 
     <table border="1" width ="100%" 
cellpadding="40" align="center"> 
      <tr> 

      <td cell valign="top" width ="300"><font color="black" face="Georgia, Arial, Garamond" > 
      <form name="contactform" method="post" action="send_form_email.php"> 
       <table width="450px"> 
        </tr> 

       <tr> 
       <p style="font-family:Helvetica;color:black;font-size:15px;">Fill out this form to send us a email, we aim to reply as soon as possible. </p> 
        <td valign="top"><label for="first_name">First Name *</label></td> 
        <td valign="top"><input type="text" name="first_name" maxlength="50" size="30"></td> 
       </tr> 
       <tr> 
        <td valign="top""><label for="last_name">Last Name *</label></td> 
        <td valign="top"><input type="text" name="last_name" maxlength="50" size="30"></td> 
       </tr> 
       <tr> 
        <td valign="top"><label for="email">Email Address *</label></td> 
        <td valign="top"><input type="text" name="email" maxlength="80" size="30"></td> 
       </tr> 
       <tr> 
        <td valign="top"><label for="telephone">Telephone Number</label></td> 
        <td valign="top"><input type="text" name="telephone" maxlength="30" size="30"></td> 
       </tr> 
       <tr> 
        <td valign="top"><label for="comments">Comments *</label></td> 
        <td valign="top"><textarea name="comments" maxlength="1000" cols="25" rows="6"></textarea></td> 
       </tr> 

       <tr> 
        <td valign="top"><label for="security">Security Passphrase</label></td> 
        <td valign="top"><input type="number" name="security" maxlength="30" size="30"> 
        <img src="./images/security.png" title="passphrase problem!" alt="1" align"left"> 
        </td> 
       <tr> 
        <td colspan="2" style="text-align:center"><input type="submit" value="Submit"> 
        <a href="http://www.freecontactform.com/email_form.php">Email Form</a></td> 
       </tr> 
       </table> 
      </form> 
      &nbsp; 
      </p></td> 

      <td><p style="font-family:Helvetica;color:black;font-size:15px;">Japonica Flowershop, 
Whitegate Nursieries, 
The Secret Garden Centre, 
Stockwood Hill, 
Keynsham, 
Bristol, 
BS312AN, 
Tel; 07848401140 
</p> 
<p style="font-family:Helvetica;color:black;font-size:15px;"> 
Opening Hours 10-4 closed Monday and Thursday 
</p> 
</p><img src="./images/bonnet.png" title="Come on In!" alt="1" align"left"></td> 
      <br /> 

       </font> 
       </td> 
      </tr> 
     </table> 
     </li> 
    </ul> 
    </div> 
    <!-- end grid_4 --> 
    <div class="grid_8"> 
    <div id="main_image"></div> 
    </div> 
</div> 
<div class="clear">&nbsp;</div> 
<div class="container_16"> 
    <div class="grid_2"> 
    <p>&nbsp;</p> 
    </div> 
    <div id="footer"><a href="index.html">home</a> | <a href="">gallery</a> | <a href="aboutus.html">about us</a> | <a href="http://blankwebsiteblog.blogspot.co.uk/">blog</a> | <a href="#">contact</a></div> 
</div> 
<div class="grid_2"> 
    <p>&nbsp;</p> 
</div> 
</div> 
</div> 
</body> 
</html> 

Answer 1

你沒有使用你$string_sec = "4";設立的。

if(strlen($security) < 4) { 
    $error_message .= 'The security passphrase is not correct.'; 
} 
if(strlen($comments) > 4) { 
    $error_message .= 'The security passphrase is not correct.<br />'; 
} 

這一切正在做的是檢查是否的$security的長度小於4。要測試是否$security不等於$string_sec，所以用這個：

if ($security != $string_sec) { 
    $error_message .= 'The security passphrase is not correct.'; 
} 

我不知道你與測試strlen($comments)做什麼，你可能希望把它拿出來？

Answer 2

在你的代碼行：

if(strlen($security) < 4) { 

似乎是錯誤的$安全的長度將是一個

要驗證它，你需要比較精確的數值。