2012-05-05 10 views
0

ログインシステムにreCAPTCHAを挿入できない場合は、reCAPTCHA内に何も挿入しなくても正しいユーザー名とパスワードを入力できるようです。ログインユーザーの例は、次のとおりです。 - username = steven password = stevenphpログイン時のreCAPTCHAのトラブル

以下は、ログインページのサイトとコード、そしてスタッフエリアのページコードへのリンクです。

http://newmedia.leeds.ac.uk/ug10/cs10dw/workspace1/login.php

誰も助けいただければ幸いです。

<?php require_once("includes/connection.php"); ?> 
<?php require_once("includes/functions.php"); ?> 
<?php 


    include_once("includes/form_functions.php"); 

    // START FORM PROCESSING 
    if (isset($_POST['submit'])) { // Form has been submitted. 
     $errors = array(); 

     // perform validations on the form data 
     $required_fields = array('username', 'password'); 
     $errors = array_merge($errors, check_required_fields($required_fields, $_POST)); 

     $fields_with_lengths = array('username' => 30, 'password' => 30); 
     $errors = array_merge($errors, check_max_field_lengths($fields_with_lengths, $_POST)); 

     $username = trim(mysql_prep($_POST['username'])); 
     $password = trim(mysql_prep($_POST['password'])); 
     $hashed_password = sha1($password); 

     if ($_POST) { 
     require_once($_SERVER['DOCUMENT_ROOT'] . '/recaptcha/recaptchalib.php'); 
     $privatekey ="6LcHbc0SAAAAAOs2d7VnzV7RtedMkLs306ekQPUP"; 
     $resp = recaptcha_check_answer ($privatekey, 
          $_SERVER['REMOTE_ADDR'], 
          $_POST['recaptcha_challenge_field'], 
          $_POST['recaptcha_response_field']); 
     $str_result = ""; 
     if (!$resp->is_valid) { 
      // What happens when the CAPTCHA was entered incorrectly 
      $message = "The reCAPTCHA wasn't entered correctly. Go back and try it again. (reCAPTCHA said: " . $resp->error . ")"; 
      // Add a redirect to an error page or just put an exit(); here 

     } 

    } 




     if (empty($errors)) { 
      // Check database to see if username and the hashed password exist there. 
      $query = "SELECT * "; 
      $query .= "FROM users "; 
      $query .= "WHERE username = '{$username}' "; 
      $query .= "AND hashed_password = '{$hashed_password}' "; 

      $result_set = mysql_query($query); 
      confirm_query($result_set); 
      if (mysql_num_rows($result_set) == 1) { 
       // username/password authenticated 
       // and only 1 match 
       $found_user = mysql_fetch_array($result_set); 
       redirect_to("staff.php"); 
      } else { 
       // username/password combo was not found in the database 
       $message = "<h1> Username or password is incorrect. </h1><br /> 
      "; 
      } 
     } 
    } 
?> 
<?php include("includes/header.php"); ?> 
<table id="structure"> 
    <tr> 
     <td id="navigation"> 
      <a href="index.php">Return to public site</a> 
     </td> 
     <td id="page"> 
      <h2>Staff Login</h2> 
      <?php if (!empty($message)) {echo "<p class=\"message\">" . $message . "</p>";} ?> 
      <?php if (!empty($errors)) { display_errors($errors); } ?> 
      <form action="login.php" method="post"> 
      <table> 
       <tr> 
        <td>Username:</td> 
        <td><input type="text" name="username" maxlength="30" value="<?php echo htmlentities($username); ?>" /></td> 
       </tr> 
       <tr> 
        <td>Password:</td> 
        <td><input type="password" name="password" maxlength="30" value="<?php echo htmlentities($password); ?>" /></td> 
       </tr> 
       <tr> 

    <?php 
    require_once($_SERVER['DOCUMENT_ROOT'] . '/recaptcha/recaptchalib.php'); 
    $publickey = "6LcHbc0SAAAAABQAnCHSHGhSuSXkZ2d1MoBa4xw2"; 
    echo recaptcha_get_html($publickey); 
?> 

        <td colspan="2"><input type="submit" name="submit" value="Login" /></td> 
       </tr> 
      </table> 

      </form> 
     </td> 
    </tr> 
</table> 
<?php include("includes/footer.php"); ?> 

* STAFFページ*

<?php require_once("includes/functions.php"); ?> 

<?php include("includes/header.php"); ?> 
<table id="structure"> 
    <tr> 
     <td id="navigation">&nbsp; 

     </td> 
     <td id="page"> 
      <h2>Staff Menu</h2> 

      <ul> 
       <li><a href="content.php">Manage Website Content</a></li> 
       <li><a href="new_user.php">Add Staff User</a></li> 
       <li><a href="logout.php">Logout</a></li> 
      </ul> 
     </td> 
    </tr> 
</table> 
<?php include("includes/footer.php"); ?> 

答えて

0

これを試してみてください:返信用

// if ($_POST) { // Don't need this 

     require_once($_SERVER['DOCUMENT_ROOT'] . '/recaptcha/recaptchalib.php'); 
     $privatekey ="6LcHbc0SAAAAAOs2d7VnzV7RtedMkLs306ekQPUP"; 
     $resp = recaptcha_check_answer ($privatekey, 
          $_SERVER['REMOTE_ADDR'], 
          $_POST['recaptcha_challenge_field'], 
          $_POST['recaptcha_response_field']); 
     $str_result = ""; 
     if (!$resp->is_valid) { 
      // What happens when the CAPTCHA was entered incorrectly 
      $message = "The reCAPTCHA wasn't entered correctly. Go back and try it again. (reCAPTCHA said: " . $resp->error . ")"; 
      echo $message; 
      exit(); 

     } 

    //} 
+0

感謝を!しかし、変更を加えた後、私はまだ同じ問題を抱えています。 recaptchaに関係なくアカウントにログインする。 – Dave

+0

私は私の答えを編集しました。代わりにそれを試してください。 – seanbreeden

+0

素晴らしい作品です、ありがとうございます! – Dave

0

キャプチャチェックは、スタッフのページにリダイレクトする前に実行する必要があります。