Javascript 这种注释表单验证方式安全吗？_Javascript_Php_Jquery_Wordpress_Forms

Javascript 这种注释表单验证方式安全吗？

javascript php jquery wordpress forms

Javascript 这种注释表单验证方式安全吗？,javascript,php,jquery,wordpress,forms,Javascript,Php,Jquery,Wordpress,Forms,我想在wordpress文章评论中的评论表单中添加验证，但我找不到更改提交表单的方法（这样我就可以在评论发布提交时验证它）。我发现了一个为用户登录添加验证码的方法，所以我接受了它，并将其添加到我的评论表单中我基本上只在我的评论表单中添加了短代码 function mytheme_image_captcha( $args ){ // Adds an argument to the shortcode to record the type of form (Contact us, Req

我想在wordpress文章评论中的评论表单中添加验证，但我找不到更改提交表单的方法（这样我就可以在评论发布提交时验证它）。我发现了一个为用户登录添加验证码的方法，所以我接受了它，并将其添加到我的评论表单中

我基本上只在我的评论表单中添加了短代码

function mytheme_image_captcha( $args ){

    // Adds an argument to the shortcode to record the type of form (Contact us, Request a Visit, Refer a Friend...) - [fuel-spam-guard form="Contact Us"]
    extract( shortcode_atts( array( 'form' => '' ), $args ) );

    // Create an array to hold the image library
    $captchas = array(
        esc_html__( 'Heart', 'mytheme') => "fa-heart",
        esc_html__( 'House', 'mytheme') => "fa-home",
        esc_html__( 'Star', 'mytheme')  => "fa-star",
        esc_html__( 'Car', 'mytheme')   => "fa-car",
        esc_html__( 'Cup', 'mytheme')   => "fa-coffee",
        esc_html__( 'Flag', 'mytheme')  => "fa-flag",
        esc_html__( 'Key', 'mytheme')   => "fa-key",
        esc_html__( 'Truck', 'mytheme') => "fa-truck",
        esc_html__( 'Tree', 'mytheme')  => "fa-tree",
        esc_html__( 'Plane', 'mytheme') => "fa-plane"
    );

    $choice = array_rand( $captchas, 3);
    foreach($choice as $key) {
        $choices[$key] = $captchas[$key];
    }

    // Pick a number between 0-2 and use it to determine which array item will be used as the answer
    $human = rand(0,2);

    ob_start(); ?>

        <div class="captcha-image">

            <p><?php _e('Please prove you are human by selecting the', 'mytheme'); ?> <span><?php echo $choice[$human]; ?></span> <?php esc_html_e('.', 'mytheme'); ?></p>

            <?php
            $i = -1;
            foreach($choices as $title => $image) {
                $i++;
                if($i == $human) { $value = "tn_human"; } else { $value = "bot"; };
                echo  '<label><input type="radio" name="tn_captcha" value="'. $value .'"/><i class="fa '. $image .'"></i></label>';
            }
            ?>

        </div>
        <div style="display:none">
            <input type="text" name="tn_honeypot">
            <input type="hidden" name="FormType" value="<?php echo $form ?>"/>
            <input type="hidden" name="wplicic_exists" value="true"/>
        </div>

    <?php    // more code
    $result = ob_get_contents(); // get everything in to $result variable
    ob_end_clean();
    return $result;
}

add_shortcode('contact_captcha', 'mytheme_image_captcha');

现在我的问题是：这有多安全

这能阻止机器人评论吗

我觉得这不是验证wordpress评论的万无一失的方法

我发现了一个有效的captcha插件，但是它有一个基于类型的captcha（3+\uuu=7类型captcha），客户端要求提供一个基于图像点击的captcha，而我找不到一个可以在评论上使用的免费的

任何关于安全性的建议都是有帮助的。

这种情况的最佳实践是使用PHP库将验证码插入表单中。这是最好的实践，因为你不必为了使用验证码的短代码而获取整个插件

我最近使用过它，它的工作方式正是我想要的

您必须为条目插入HTML元素，如下所示：

<?php

    $commenter = wp_get_current_commenter();
    $req = get_option( 'require_name' );
    $aria_req = ( $req ? " aria-required='true'" : '' );

    $fields =  array(
      'author' =>
        '<div class="comment_fields"><p class="comment-form-author"><input id="author" name="author" type="text" placeholder="' . esc_html__( 'Name', 'mytheme' ) . '" value="' . esc_attr( $commenter['comment_author'] ) .
        '" size="30"' . $aria_req . ' /></p></div>',
        'captcha' => (!is_user_logged_in()) ? do_shortcode('[contact_captcha]') : '',

    );

    $comment_field = '<p class="comment-form-comment"><textarea id="comment" name="comment" placeholder="' . esc_html__( 'Your Comment', 'mytheme' ) . '" cols="45" rows="6" aria-required="true"></textarea></p>';

    comment_form(array(
        'fields'                => $fields,
        'comment_field'         => $comment_field,
        'comment_notes_after'   => '',
        'id_submit'             => 'comment-submit',
        'title_reply'           => esc_html__( 'Leave a comment', 'mytheme' ),
        'title_reply_to'        => esc_html__( 'Leave a reply to %s.', 'mytheme' ),
        'cancel_reply_link'     => esc_html__( 'Cancel reply', 'mytheme' ),
        'label_submit'          => esc_html__( 'Submit', 'mytheme' ),
        'comment_notes_before'  => ''
    )); ?>

<input class="membership-form" type="text" name="captcha_code" size="10" maxlength="6" required>

<img style="margin-left: 34%;margin-top: 1%;" id="captcha" src="http://darpe.me/wp/wp-content/plugins/custom-register/securimage/securimage_show.php" alt="CAPTCHA Image" />

<a href="#" onclick="document.getElementById('captcha').src = 'http://darpe.me/wp/wp-content/plugins/custom-register/securimage/securimage_show.php?' + Math.random(); return false">[ Different Image ]</a>

有100个免费的基于图像的验证码可用。你搜索过了吗？我搜索过了，但我找不到一条评论是免费的，并且有相对好的收视率。请留下收视率。。。你先试试看。我也不是在寻找图像验证码的类型。没有输入，只有点击。我在图片验证码下找到的都是我贴的那个…怎么了？他们提供了一个简单而漂亮的点击式解决方案。我来看看。谢谢

<input class="membership-form" type="text" name="captcha_code" size="10" maxlength="6" required>

<img style="margin-left: 34%;margin-top: 1%;" id="captcha" src="http://darpe.me/wp/wp-content/plugins/custom-register/securimage/securimage_show.php" alt="CAPTCHA Image" />

<a href="#" onclick="document.getElementById('captcha').src = 'http://darpe.me/wp/wp-content/plugins/custom-register/securimage/securimage_show.php?' + Math.random(); return false">[ Different Image ]</a>

include_once $_SERVER['DOCUMENT_ROOT'] . '/wp/wp-content/plugins/YOUR-PLUGIN-PATH/securimage/securimage.php';

if (!is_wp_error($errors))  $errors = new WP_Error;
$securimage = new Securimage();

if ($securimage->check($_POST['captcha_code']) == false) {
    // the code was incorrect
    // you should handle the error so that the form processor doesn't continue

    // or you can use the following code if there is no validation or you do not know how
    $errors->add('chaptcha_error', 'The security code entered was incorrect. Please try again!');
}