1. 首頁
  2. 問答
  3. 聯繫表單安全碼php問題?如何刪除代碼?

聯繫表單安全碼php問題?如何刪除代碼?

2010-02-01 52 views
0

我試圖在這個php中找到一個郵件的安全代碼。 請你能告訴我哪些部分我需要刪除的代碼刪除這個。聯繫表單安全碼php問題?如何刪除代碼?

感謝您的幫助

<?php 
$adminemail = '[email protected]'; // type your actual email address in place of [email protected] 

$usesecimage = ''; // the path to a WSN Links, Gallery, KB or Forum install if you wish to borrow its security image prompt 

$autoresponse = ''; // type the URL of a text file which should be used as the autoresponder body text 

$controlvars = ' thankspage submitteremail ccsubmitter messagetosubmitter '; 
$messagetoadmin = "A user has filled out a form with this content: 


"; 

if (!isset($_POST['messagetosubmitter'])) $messagetosubmitter = "You have submitted a form with the content listed below. Your submission will be reviewed, please be patient in awaiting a response. 


"; 
else $messagetosubmitter = $_POST['messagetosubmitter']; 

while(list($key, $value) = each($_POST)) 
{ 
if (!stristr($controlvars, ' '. $key .' ')) 
{ 
    $messagetoadmin .= $key .': '. $value .' 

'; 
    $messagetosubmitter .= $key .': '. $value .' 

'; 
} 
} 
$submitter = $_POST['submitteremail']; 
if ($submitter == '') $submitter = '[email protected]'; 
if (strstr($submitter, "\n") || strlen($submitter) > 50) die("Begone, foul spammer."); 

if ($usesecimage) 
{ 
$curr_path = getcwd(); 
chdir($usesecimage);  // Go to the WSN directory 
require 'start.php'; 
if (isset($_REQUEST['seed'])) $seed = $_REQUEST['seed']; else $seed = false; 
$correct = securityimagevalue($seed); 
if (strtolower($_POST['securityimage']) != $correct) die("You did not type the value from the image correctly. Press the back button."); 
chdir($curr_path);  // Return to original directory 
} 

    session_start(); 
    if(empty($_POST['TermsOfBusiness'])) 
    { 
    error_reporting(0); 
    echo "You must agree to our Terms of Business. Please <a href='javascript: history.go(-1)'>click here</a> to return to the form"; 
    } 
    elseif(($_SESSION['security_code'] == $_POST['security_code']) && (!empty($_SESSION['security_code']))) { 

     mail("$adminemail, [email protected]", 'Form Submitted: '. stripslashes($_POST['subject']), stripslashes($messagetoadmin), 'From: '. $submitter); 
     unset($_SESSION['security_code']); 

    } else { 
     error_reporting(0); 
     echo "The security code you entered was incorrect, please click the back button on your browser to try again."; 
    } 

if ($_POST['ccsubmitter'] == 'yes') 
{ 
mail($submitteremail, 'Form Submitted: '. stripslashes($_POST['subject']), stripslashes($messagetosubmitter), 'From: '. $adminemail); 
} 
if ($autoresponse != '') 
{ 
$body = geturl($autoresponse); 
mail($submitteremail, 'Re: '. stripslashes($_POST['subject']), stripslashes($body), 'From: '. $adminemail); 
} 
header('Location: '. $_POST['thankspage']); 
// just in case redirect doesn't work 
die('<meta http-eqiv="refresh" content="0;url='. $_POST['thankspage'] .'">'); 

if (!function_exists('geturl')) 
{ 
function geturl($url) 
{ 
if (extension_loaded('curl')) 
{ 
    $user_agent = 'Mozilla/4.0 (compatible; MSIE 6.02; PHP)'; 
    $ch = curl_init(); 
    curl_setopt ($ch, CURLOPT_URL, $url); 
    curl_setopt ($ch, CURLOPT_USERAGENT, $user_agent); 
    curl_setopt ($ch, CURLOPT_HEADER, false); 
    curl_setopt ($ch, CURLOPT_RETURNTRANSFER, true); 
    curl_setopt ($ch, CURLOPT_CONNECTTIMEOUT, 15); // timeout after 5 seconds 
    curl_setopt ($ch, CURLOPT_TIMEOUT, 15); // timeout after 5 seconds 
    curl_setopt ($ch, CURLOPT_FOLLOWLOCATION, true); 
    $result = curl_exec ($ch); 
    curl_close ($ch); 
// curl_error($ch); // for debugging 
    return $result; 
} 

if (version_compare("4.3.0", phpversion(), "<")) 
{ 
    $filecontents = @file_get_contents($url); 
} 
else 
{ 
    $fd = @fopen($url, 'rb'); 
    $filecontents = ""; 
    do 
    { 
    $data = @fread($fd, 8192); 
    if (strlen($data) == 0) 
    { 
    break; 
    } 
    $filecontents .= $data; 
    } while(true); 
    @fclose ($fd); 
} 
return $filecontents; 
} 
} 

?>

來源

2010-02-01 brightmist.co.uk

+0

此顯示有什麼錯誤? – CuSS

回答

1

刪除該:)

編輯:ELSEIF ..沒有顯示爲代碼,修正。

elseif(($_SESSION['security_code'] == $_POST['security_code']) && (!empty($_SESSION['security_code']))) { 

     mail("$adminemail, [email protected]", 'Form Submitted: '. stripslashes($_POST['subject']), stripslashes($messagetoadmin), 'From: '. $submitter); 
     unset($_SESSION['security_code']); 

    } else { 
     error_reporting(0); 
     echo "The security code you entered was incorrect, please click the back button on your browser to try again."; 
    }

,這(卡梅倫·康納)

if ($usesecimage) 
{ 
$curr_path = getcwd(); 
chdir($usesecimage);  // Go to the WSN directory 
require 'start.php'; 
if (isset($_REQUEST['seed'])) $seed = $_REQUEST['seed']; else $seed = false; 
$correct = securityimagevalue($seed); 
if (strtolower($_POST['securityimage']) != $correct) die("You did not type the value from the image correctly. Press the back button."); 
chdir($curr_path);  // Return to original directory 
}

所以,你的文件應該保持這樣的:

<?php 
$adminemail = '[email protected]'; // type your actual email address in place of [email protected] 

$usesecimage = ''; // the path to a WSN Links, Gallery, KB or Forum install if you wish to borrow its security image prompt 

$autoresponse = ''; // type the URL of a text file which should be used as the autoresponder body text 

$controlvars = ' thankspage submitteremail ccsubmitter messagetosubmitter '; 
$messagetoadmin = "A user has filled out a form with this content: 


"; 

if (!isset($_POST['messagetosubmitter'])) $messagetosubmitter = "You have submitted a form with the content listed below. Your submission will be reviewed, please be patient in awaiting a response. 


"; 
else $messagetosubmitter = $_POST['messagetosubmitter']; 

while(list($key, $value) = each($_POST)) 
{ 
if (!stristr($controlvars, ' '. $key .' ')) 
{ 
    $messagetoadmin .= $key .': '. $value .' 

'; 
    $messagetosubmitter .= $key .': '. $value .' 

'; 
} 
} 
$submitter = $_POST['submitteremail']; 
if ($submitter == '') $submitter = '[email protected]'; 
if (strstr($submitter, "\n") || strlen($submitter) > 50) die("Begone, foul spammer."); 

    session_start(); 
    if(empty($_POST['TermsOfBusiness'])) 
    { 
    error_reporting(0); 
    echo "You must agree to our Terms of Business. Please <a href='javascript: history.go(-1)'>click here</a> to return to the form"; 
    } 

if ($_POST['ccsubmitter'] == 'yes') 
{ 
mail($submitteremail, 'Form Submitted: '. stripslashes($_POST['subject']), stripslashes($messagetosubmitter), 'From: '. $adminemail); 
} 
if ($autoresponse != '') 
{ 
$body = geturl($autoresponse); 
mail($submitteremail, 'Re: '. stripslashes($_POST['subject']), stripslashes($body), 'From: '. $adminemail); 
} 
header('Location: '. $_POST['thankspage']); 
// just in case redirect doesn't work 
die('<meta http-eqiv="refresh" content="0;url='. $_POST['thankspage'] .'">'); 

if (!function_exists('geturl')) 
{ 
function geturl($url) 
{ 
if (extension_loaded('curl')) 
{ 
    $user_agent = 'Mozilla/4.0 (compatible; MSIE 6.02; PHP)'; 
    $ch = curl_init(); 
    curl_setopt ($ch, CURLOPT_URL, $url); 
    curl_setopt ($ch, CURLOPT_USERAGENT, $user_agent); 
    curl_setopt ($ch, CURLOPT_HEADER, false); 
    curl_setopt ($ch, CURLOPT_RETURNTRANSFER, true); 
    curl_setopt ($ch, CURLOPT_CONNECTTIMEOUT, 15); // timeout after 5 seconds 
    curl_setopt ($ch, CURLOPT_TIMEOUT, 15); // timeout after 5 seconds 
    curl_setopt ($ch, CURLOPT_FOLLOWLOCATION, true); 
    $result = curl_exec ($ch); 
    curl_close ($ch); 
// curl_error($ch); // for debugging 
    return $result; 
} 

if (version_compare("4.3.0", phpversion(), "<")) 
{ 
    $filecontents = @file_get_contents($url); 
} 
else 
{ 
    $fd = @fopen($url, 'rb'); 
    $filecontents = ""; 
    do 
    { 
    $data = @fread($fd, 8192); 
    if (strlen($data) == 0) 
    { 
    break; 
    } 
    $filecontents .= $data; 
    } while(true); 
    @fclose ($fd); 
} 
return $filecontents; 
} 
} 

?>

來源

2010-02-01 15:08:56 CuSS

+0

對不起,這根本不起作用 我收到此消息 Warning:session_start()[function.session-start]:無法發送會話緩存限制器 - 已發送的頭文件(輸出開始於/home/blahblahblah.co.uk /public/mailer.php:1)在/home/blahblahblah.co.uk/public/mailer.php在線36 警告:無法修改標題信息 - 已經發送的標題(輸出開始於/home/blahblahblah.co .uk/public/mailer.php:1)在/home/blahblahblah.co.uk/public/mailer.php在線52 –

+0

這是一個普通的字符集錯誤,你使用的是mac還是win? – CuSS

4

二進制搜索方法可以在這裏使用,其像這樣開始:

  1. 刪除文件的下半部分;檢查:是否包含「安全碼」?
  2. 否:刪除文件的上半部分;檢查:是否包含「安全碼」?
  3. 否:重新測試假設:您確定安全代碼位於此文件中嗎?

一旦你找到哪一半「安全碼」是:

  1. 刪除一半文件的下半部分;檢查:是否包含「安全碼」?
  2. 否:刪除頂部該文件一半的一半;檢查:是否包含「安全碼」?
  3. 否:重新測試假設:您確定安全代碼位於此文件的這一半中嗎?

重複,直到你找到一個你感興趣的行(或線)。

來源

2010-02-01 15:10:09 geocar

1

擴大對CUSS的答案。這是不必要的,因爲好。

if ($usesecimage) 
{ 
$curr_path = getcwd(); 
chdir($usesecimage);  // Go to the WSN directory 
require 'start.php'; 
if (isset($_REQUEST['seed'])) $seed = $_REQUEST['seed']; else $seed = false; 
$correct = securityimagevalue($seed); 
if (strtolower($_POST['securityimage']) != $correct) die("You did not type the value from the image correctly. Press the back button."); 
chdir($curr_path);  // Return to original directory 
}

來源

2010-02-01 15:14:53

+0

謝謝:) 給你;) – CuSS

相關問題

 相關問題