PHP:将类实例传递到另一个页面?
我正在尝试实现一个验证码系统,我通过谷歌找到了一个很好且非常简单的类,它可以满足我的要求。
它是这样的:
$captcha = new Captcha();
$prefix = mt_rand();
$image = $captcha->generate($prefix);
然后我在表单中添加图像:
<img src="<?php echo $image; ?>" />
<input name="captcha" type="text" value="Type the security code from above" />
到目前为止它工作正常,但我不知道如何检查提交的代码是否与验证码匹配。 在文档中,它说我必须这样做:
$correct = $captcha_instance->check($prefix, $_POST['captcha']);
但问题是提交表单后 $captcha 和 $prefix 消失了...
我该如何做表单提交到下一页后传递这些变量?
I'm trying to implement a captcha system, and I found a nice and very simple class trough google that does what I want.
it's something like:
$captcha = new Captcha();
$prefix = mt_rand();
$image = $captcha->generate($prefix);
then I add the image in the form:
<img src="<?php echo $image; ?>" />
<input name="captcha" type="text" value="Type the security code from above" />
it works fine so far, but I don't know how to check if the submitted code matches the captcha.
In the documentation, it says I have to do it with:
$correct = $captcha_instance->check($prefix, $_POST['captcha']);
but the problem is that after the form is submitted $captcha and $prefix are gone...
How do I pass these variables after the form is submitted to the next page?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(4)
这是一个非常糟糕的主意 - 在您的表单标记中,如果您有隐藏字段
captcha_answer并且您将其值传递给$captchaInstance->check( ),那么你就违背了验证码的目的。验证码的目的是区分机器人和人类,但通过下载验证码解决机器人中的源代码并从源代码中获取value="{answer}"来读取值非常简单。相反,你应该使用这个:
然后在你的检查器中你这样做:
事实上,我认为这个类会更好,因为只有静态方法,但这是我的意见。无论如何,这种方式意味着所有数据仅存储在服务器端,因此他们不能仅查看验证码答案的源。
That's a very bad idea - in your form tag, if say you have hidden field
captcha_answerand you're passing the value of that to$captchaInstance->check(), then you defeat the purpose of a captcha. Captcha's are to sort out robots from humans, but its so simple to read a value by downloading the source in the captcha solving bot and just getting thevalue="{answer}"out of the source.Instead, you should use this:
Then in your checker you do this:
In fact, I think this class would be better as only having static methods, but that's my opinion. Anyway, this way means that all the data is only stored server-side so they can't just view source for captcha answer.
您可能想在会话中设置它,然后在发布时,您需要检查会话中的值
希望这有帮助
You might want to set it in the session and then when it's posted, you need to check with the value in the session
Hope this helps
您希望编组该实例并将其保存在会话中,因为 HTTP 是无状态的。然后您可以在第二页上对其进行解组。
但是:
我见过的大多数 PHP 验证码系统不需要此功能,而是检查功能应该独立工作,并且通常比较来自存储的会话和 POST 变量的数据。
You want to marshall that instance and save it in a session, since HTTP is stateless. You can then demarshall it on the second page.
However:
Most PHP captcha system I've seen do not need this functionality, rather the check function should work independently and usually compares the data from a stored session and a POST variable.
IIS 7.x 中生成 CAPTCHA 图像所需的处理程序映射是什么?唯一有效的似乎是通配符,从安全角度来看这是荒谬的。根据 http://www 上的锁定指南加强 ColdFusion 的安全性.adobe.com/products/coldfusion/whitepapers/pdf/91025512_cf9_lockdownguide_wp_ue.pdf,他们建议删除此通配符映射,但这似乎破坏了验证码。
What is the handler mapping needed in IIS 7.x to produce CAPTCHA images? The only one that works seems to be the wildcard, which is ridiculous from a security point of view. In tightening the security of ColdFusion according to the lock-down guide at http://www.adobe.com/products/coldfusion/whitepapers/pdf/91025512_cf9_ lockdownguide_wp_ue.pdf, they recommend to remove this wildcard mapping, but that seems to break CAPTCHA.