当前位置: 文江博客话题详情

jQuery 验证 +安全映像问题

发布于 2024-10-10 15:54:58 字数 2214 浏览 3 评论 0原文

我在使用 jQuery Validation 插件时遇到一些奇怪的问题。首先是我的代码:

formvalid.js

var v = jQuery("#sendform").validate({
        rules: {
            /* some other rules */
            captcha: {
                required: true,
                remote: "securimage/process.php"
            }
        },            
        messages: {
            /* some other messages */
            captcha: {
        required:"Security code is required",
        remote:"Security code is incorrect!"
        }
        }
    });

process.php

<?php
/* I tried with and without session_start(). 
Both ways works with same probelm (read next)*/
//session_start();
include_once '../securimage/securimage.php';

$securimage = new Securimage();

if ($securimage->check($_GET['captcha']) == false) 
    echo "false";

else
    echo "true";
?>

sendform.php

<?php
include_once 'securimage/securimage.php';

//echo $_POST['captcha'];

$securimage = new Securimage();
//echo "<br/>".$securimage->getCode();

if($_POST['captcha'] && $securimage->check($_POST['captcha']))
{
    //do sending
}
?>

所以,问题是当我检查 安全代码与AJAX请求,ajax工作正常,但是当我发送表单时,$securimage->check($_POST['captcha'])sendform.php 返回 false。然后我尝试禁用远程 capctha 验证,sendform.php 中的 viola $securimage->check($_POST['captcha']) 返回 true!

正如您所看到的,我echo sendform.php 中的一些值,结果是:

案例 #1:AJAX 验证码验证已启用

结果:

echo $_POST['captcha'];               // User_input_value;
echo $securimage->getCode();          // nothing
$securimage->check($_POST['captcha']) // false

案例#2:AJAX 验证码验证已禁用

结果:

echo $_POST['captcha'];               // User_input_value;
echo $securimage->getCode();          // code from image
$securimage->check($_POST['captcha']) // true (if equals)

有人知道如何使其发挥作用吗?

感谢您的任何建议。

原文

I have some strange issue using jQuery Validation plugin. Firs of all here is my code:

formvalid.js

var v = jQuery("#sendform").validate({
        rules: {
            /* some other rules */
            captcha: {
                required: true,
                remote: "securimage/process.php"
            }
        },            
        messages: {
            /* some other messages */
            captcha: {
        required:"Security code is required",
        remote:"Security code is incorrect!"
        }
        }
    });

process.php

<?php
/* I tried with and without session_start(). 
Both ways works with same probelm (read next)*/
//session_start();
include_once '../securimage/securimage.php';

$securimage = new Securimage();

if ($securimage->check($_GET['captcha']) == false) 
    echo "false";

else
    echo "true";
?>

sendform.php

<?php
include_once 'securimage/securimage.php';

//echo $_POST['captcha'];

$securimage = new Securimage();
//echo "<br/>".$securimage->getCode();

if($_POST['captcha'] && $securimage->check($_POST['captcha']))
{
    //do sending
}
?>

So, the problem is when I'm checking security code with AJAX request, ajax works fine, but when I'm send the form, $securimage->check($_POST['captcha']) in sendform.php returns false. Then I tried to disable remote capctha validation and viola $securimage->check($_POST['captcha']) in sendform.php returned true!

As you can see I echo some values in sendform.php and result is:

Case #1: AJAX captcha validation enabled.

Results:

echo $_POST['captcha'];               // User_input_value;
echo $securimage->getCode();          // nothing
$securimage->check($_POST['captcha']) // false

Case #2: AJAX captcha validation disabled.

Results:

echo $_POST['captcha'];               // User_input_value;
echo $securimage->getCode();          // code from image
$securimage->check($_POST['captcha']) // true (if equals)

Anyone know how to make it work?

Thanks for any advice.

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(2

浪漫人生路 2024-10-17 15:54:58

为了防止重置 captch,您应该验证自己,而不是在 process.php 中调用 check() 函数,如下代码所示

<?php
include_once 'securimage.php';
if(!isset($_GET['txtcaptcha']))
    return 'false';


$securimage = new Securimage();
$securecode = $securimage->getCode();

if (strtolower($securecode) != strtolower($_GET['txtcaptcha'])) 
    echo "false";

else
    echo "true";
?>

To prevent resetting captch, you should validate yourself without calling check() function in process.php like below code

<?php
include_once 'securimage.php';
if(!isset($_GET['txtcaptcha']))
    return 'false';


$securimage = new Securimage();
$securecode = $securimage->getCode();

if (strtolower($securecode) != strtolower($_GET['txtcaptcha'])) 
    echo "false";

else
    echo "true";
?>
回复 原文
不语却知心 2024-10-17 15:54:58

几乎相同的 问题 不久前被问过,似乎每次检查后验证码都会重置。

我建议在会话中设置一个标志,在有效的验证码之后,在 process.php 中将其设置为 TRUE,然后检查它而不是 $ secureimage->check($_POST['captcha']) 在您的 sendform.php 中:

if ($securimage->check($_GET['captcha']) == false) {
    $_SESSION['valid'] = FALSE;
    echo "false";
} else {
    $_SESSION['valid'] = TRUE;
    echo "true";
}

并且:

if($_POST['captcha'] && isset($_SESSION['valid']) && $_SESSION['valid']) // set it back to false inside this!

现在这里有两个注意事项:

  • 由于您有两个单独的调用,因此有人可以仍然更改两个调用之间的验证码
  • 因为它只是一个验证码,并且您很可能正在使用它来防止垃圾邮件,所以我不会费心使用我上面发布的技术!实际上我什至不会费心在 sendform.php 中进行另一次验证码检查

当然有人可能会向您发送垃圾邮件,但是如果您确实需要使用 Ajax,那么您必须停止处理验证码jQuery 插件,并在提交表单时验证它,就像原始 文档< /a> 方法。

Almost same question was asked a while ago, it seems that the captcha is resetting after each check.

What I suggest is to have a flag in your session that you would set to TRUE in your process.php after a valid captcha and then checking it instead of $securimage->check($_POST['captcha']) in your sendform.php:

if ($securimage->check($_GET['captcha']) == false) {
    $_SESSION['valid'] = FALSE;
    echo "false";
} else {
    $_SESSION['valid'] = TRUE;
    echo "true";
}

And:

if($_POST['captcha'] && isset($_SESSION['valid']) && $_SESSION['valid']) // set it back to false inside this!

Now here are two notes:

  • Since you are having two separate calls, some one can still change the captcha between the two calls
  • Since it's only a captcha and you most probably is using it to prevent spam, I wouldn't bother using the technique I posted above! actually I wouldn't even bother doing another captcha check in the sendform.php

Of course someone could spam you, but then and if you really need to use Ajax, then you have to stop processing the captcha in the jQuery plugin and just validate it when you submit your form, just like the original documentation approach.

回复 原文
~没有更多了~

关于作者

梦里兽

暂无简介

0 文章
0 评论
338 人气
发私信

相关话题

更多

热门标签

操作系统 程序设计 IT运维 Linux系统管理 JavaScript 服务器应用 solaris C/C++ PHP Shell BSD Vue.js aix Oracle Python HTML 系统管理 HTML5 CSS 前端
更多

推荐作者

烙印

文章 0 评论 0

singlesman

文章 0 评论 0

给自己一个微笑

文章 0 评论 0

独孤求败

文章 0 评论 0

晨钟暮鼓

文章 0 评论 0

我是自愿种绣球花的

文章 0 评论 0

更多

友情链接

文江博客
    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文