Ajax / PHP联系表验证码失败

Question

大家好，我早些时候发布了一个主题，该主题通过使用$ _SESSION而不是$ _COOKIE来解决了上一个问题，但是当我输入正确的验证码时，仍然表示输入的是错误的。 我去了一个网站，并用随机文本生成了一个随机的MD5哈希，这是我应该做的吗？

我不知道出了什么问题，但这就是我的问题：

HTML表单：

<form id="ajax-contact-form" action="javascript:alert('success!');">
<label>Name:*</label><INPUT class="textbox" type="text" name="name" value=""><br />

<label>E-Mail:*</label><INPUT class="textbox" type="text" name="email" value=""><br />

<label>Telephone:</label><INPUT class="textbox" type="text" name=telephone" value="" /><br />

<INPUT class="textbox" type="hidden" name="subject" value="Contact Form" >

<label>Message:*</label><TEXTAREA class="textbox" NAME="message" ROWS="5" COLS="25"></TEXTAREA><br />
<tr>
<label>Image  Verification:*</label>
        <input type="text"  name="verify" style="width:200px;" /><img src="verification.php?<?php echo rand(0,9999);?>" width="50"  height="24" align="absbottom" />


<label>&nbsp;</label><INPUT class="button" type="submit" name="submit" value="Send Message">
</form>

contactform.php：

<?php
/*
Credits: Bit Repository
URL: http://www.bitrepository.com/
*/

include 'config.php';

   error_reporting (E_ALL ^ E_NOTICE);

   $post = (!empty($_POST)) ? true : false;

  if($post)
{
include 'functions.php';

$name = stripslashes($_POST['name']);
$email = trim($_POST['email']);
$telephone = stripslashes($_POST['telephone']);
$subject = stripslashes($_POST['subject']);
$message = stripslashes($_POST['message']);
$verify = stripslashes($_POST['verify']);


$error = '';

// Check name

if(!$name)
{
$error .= 'Please enter your name.<br />';
}

// Check email

if(!$email)
{
$error .= 'Please enter an e-mail address.<br />';
}

if($email && !ValidateEmail($email))
{
$error .= 'Please enter a valid e-mail address.<br />';
}

// Check message (length)

if(!$message || strlen($message) < 15)
{
$error .= "Please enter your message. It should have at least 15 characters.<br />";
}

// Check Verification code
if(md5($verify).'098f6bcd4621d373cade4e832627b4f6' !=  $_SESSION['contact_verify'])
{
$error .= 'Image Verification failed.<br />';
}





//Send the Name, Email, Telephone, and Message in a formateed version.
 $email_message = "The following message was sent to you in your contact form on   domain.com\n\n";

function clean_string($string) {
  $bad = array("content-type","bcc:","to:","cc:","href");
  return str_replace($bad,"",$string);
}
$email_message .= "Name: ".clean_string($name)."\n";
$email_message .= "Email: ".clean_string($email)."\n";
$email_message .= "Telephone: ".clean_string($telephone)."\n";
$email_message .= "Message: ".clean_string($message)."\n";

if(!$error)
{
$mail = mail(WEBMASTER_EMAIL, $subject, $email_message,
 "From: ".$name." <".$email.">\r\n"
."Reply-To: ".$email."\r\n"
."X-Mailer: PHP/" . phpversion());


if($mail)
{
echo 'OK';
}

}
else
{
echo '<div class="notification_error">'.$error.'</div>';
}

}
?>

任何我的Verification.php文件：

<?php
//Declare in the header what kind of file this is
header('Content-type: image/jpeg');

//A nice small image that's to the point 
$width = 50;
$height = 24;

//Here we create the image with the sizes declared above and save it to a  variable my_image
$my_image = imagecreatetruecolor($width, $height);

//Let's give our image a background color.  White sound ok to everyone?
imagefill($my_image, 0, 0, 0xFFFFFF);

//Now we're going to add some noise to the image by placing pixels  randomly all over the image
for ($c = 0; $c < 40; $c++){
$x = rand(0,$width-1);
$y = rand(0,$height-1);
imagesetpixel($my_image, $x, $y, 0x000000);
}

$x = rand(1,10);
$y = rand(1,10);

$rand_string = rand(1000,9999);
imagestring($my_image, 5, $x, $y, $rand_string, 0x000000);

/*
We're going to store a ****** in the user's browser so we can call to it
later and confirm they entered the correct verification. The
"decipher_k2s58s4" can be anything you want.  It's just our personal
code to be added to the end of the captcha value stored in the ******
as an encrypted string
*/
$_SESSION['contact_verify'] = (md5($rand_string).'098f6bcd4621d373cade4e832627b4f6');

imagejpeg($my_image);
imagedestroy($my_image);
?>

Answer 1

我相信您的verification.php没有session_start();

添加session_start(); 作为该页面的第一行，请先查看该代码是否与您的原始代码一起使用，然后再进行编辑。

唯一不需要这样做的是在PHP文件中添加了require_once或include 。 这是因为脚本将从调用它的文件中继承它。 您是如何从HTML调用它的，这意味着它不是。

每个文件都需要具有session_start（）; 否则他们不能使用$_SESSION变量。

旁注：您还应该在您的verification.php脚本中添加错误报告，这样您就可以看到问题；）

Answer 2

这似乎是不正确的：

if(md5($verify).'098f6bcd4621d373cade4e832627b4f6' ...

我怀疑您要附加$verify的md5以及其他哈希值。 尝试：

if(md5($verify) !=  $_SESSION['contact_verify']) {
     $error .= 'Image Verification failed.<br />';
}