Javascript 这种注释表单验证方式安全吗?
我想在wordpress文章评论中的评论表单中添加验证,但我找不到更改提交表单的方法(这样我就可以在评论发布提交时验证它)。我发现了一个为用户登录添加验证码的方法,所以我接受了它,并将其添加到我的评论表单中 我基本上只在我的评论表单中添加了短代码Javascript 这种注释表单验证方式安全吗?,javascript,php,jquery,wordpress,forms,Javascript,Php,Jquery,Wordpress,Forms,我想在wordpress文章评论中的评论表单中添加验证,但我找不到更改提交表单的方法(这样我就可以在评论发布提交时验证它)。我发现了一个为用户登录添加验证码的方法,所以我接受了它,并将其添加到我的评论表单中 我基本上只在我的评论表单中添加了短代码 function mytheme_image_captcha( $args ){ // Adds an argument to the shortcode to record the type of form (Contact us, Req
function mytheme_image_captcha( $args ){
// Adds an argument to the shortcode to record the type of form (Contact us, Request a Visit, Refer a Friend...) - [fuel-spam-guard form="Contact Us"]
extract( shortcode_atts( array( 'form' => '' ), $args ) );
// Create an array to hold the image library
$captchas = array(
esc_html__( 'Heart', 'mytheme') => "fa-heart",
esc_html__( 'House', 'mytheme') => "fa-home",
esc_html__( 'Star', 'mytheme') => "fa-star",
esc_html__( 'Car', 'mytheme') => "fa-car",
esc_html__( 'Cup', 'mytheme') => "fa-coffee",
esc_html__( 'Flag', 'mytheme') => "fa-flag",
esc_html__( 'Key', 'mytheme') => "fa-key",
esc_html__( 'Truck', 'mytheme') => "fa-truck",
esc_html__( 'Tree', 'mytheme') => "fa-tree",
esc_html__( 'Plane', 'mytheme') => "fa-plane"
);
$choice = array_rand( $captchas, 3);
foreach($choice as $key) {
$choices[$key] = $captchas[$key];
}
// Pick a number between 0-2 and use it to determine which array item will be used as the answer
$human = rand(0,2);
ob_start(); ?>
<div class="captcha-image">
<p><?php _e('Please prove you are human by selecting the', 'mytheme'); ?> <span><?php echo $choice[$human]; ?></span> <?php esc_html_e('.', 'mytheme'); ?></p>
<?php
$i = -1;
foreach($choices as $title => $image) {
$i++;
if($i == $human) { $value = "tn_human"; } else { $value = "bot"; };
echo '<label><input type="radio" name="tn_captcha" value="'. $value .'"/><i class="fa '. $image .'"></i></label>';
}
?>
</div>
<div style="display:none">
<input type="text" name="tn_honeypot">
<input type="hidden" name="FormType" value="<?php echo $form ?>"/>
<input type="hidden" name="wplicic_exists" value="true"/>
</div>
<?php // more code
$result = ob_get_contents(); // get everything in to $result variable
ob_end_clean();
return $result;
}
add_shortcode('contact_captcha', 'mytheme_image_captcha');
现在我的问题是:这有多安全
这能阻止机器人评论吗
我觉得这不是验证wordpress评论的万无一失的方法
我发现了一个有效的captcha插件,但是它有一个基于类型的captcha(3+\uuu=7类型captcha),客户端要求提供一个基于图像点击的captcha,而我找不到一个可以在评论上使用的免费的
任何关于安全性的建议都是有帮助的。这种情况的最佳实践是使用PHP库将验证码插入表单中。这是最好的实践,因为你不必为了使用验证码的短代码而获取整个插件 我最近使用过它,它的工作方式正是我想要的 您必须为条目插入HTML元素,如下所示:
<?php
$commenter = wp_get_current_commenter();
$req = get_option( 'require_name' );
$aria_req = ( $req ? " aria-required='true'" : '' );
$fields = array(
'author' =>
'<div class="comment_fields"><p class="comment-form-author"><input id="author" name="author" type="text" placeholder="' . esc_html__( 'Name', 'mytheme' ) . '" value="' . esc_attr( $commenter['comment_author'] ) .
'" size="30"' . $aria_req . ' /></p></div>',
'captcha' => (!is_user_logged_in()) ? do_shortcode('[contact_captcha]') : '',
);
$comment_field = '<p class="comment-form-comment"><textarea id="comment" name="comment" placeholder="' . esc_html__( 'Your Comment', 'mytheme' ) . '" cols="45" rows="6" aria-required="true"></textarea></p>';
comment_form(array(
'fields' => $fields,
'comment_field' => $comment_field,
'comment_notes_after' => '',
'id_submit' => 'comment-submit',
'title_reply' => esc_html__( 'Leave a comment', 'mytheme' ),
'title_reply_to' => esc_html__( 'Leave a reply to %s.', 'mytheme' ),
'cancel_reply_link' => esc_html__( 'Cancel reply', 'mytheme' ),
'label_submit' => esc_html__( 'Submit', 'mytheme' ),
'comment_notes_before' => ''
)); ?>
<input class="membership-form" type="text" name="captcha_code" size="10" maxlength="6" required>
<img style="margin-left: 34%;margin-top: 1%;" id="captcha" src="http://darpe.me/wp/wp-content/plugins/custom-register/securimage/securimage_show.php" alt="CAPTCHA Image" />
<a href="#" onclick="document.getElementById('captcha').src = 'http://darpe.me/wp/wp-content/plugins/custom-register/securimage/securimage_show.php?' + Math.random(); return false">[ Different Image ]</a>
有100个免费的基于图像的验证码可用。你搜索过了吗?我搜索过了,但我找不到一条评论是免费的,并且有相对好的收视率。请留下收视率。。。你先试试看。我也不是在寻找图像验证码的类型。没有输入,只有点击。我在图片验证码下找到的都是我贴的那个…怎么了?他们提供了一个简单而漂亮的点击式解决方案。我来看看。谢谢
<input class="membership-form" type="text" name="captcha_code" size="10" maxlength="6" required>
<img style="margin-left: 34%;margin-top: 1%;" id="captcha" src="http://darpe.me/wp/wp-content/plugins/custom-register/securimage/securimage_show.php" alt="CAPTCHA Image" />
<a href="#" onclick="document.getElementById('captcha').src = 'http://darpe.me/wp/wp-content/plugins/custom-register/securimage/securimage_show.php?' + Math.random(); return false">[ Different Image ]</a>
include_once $_SERVER['DOCUMENT_ROOT'] . '/wp/wp-content/plugins/YOUR-PLUGIN-PATH/securimage/securimage.php';
if (!is_wp_error($errors)) $errors = new WP_Error;
$securimage = new Securimage();
if ($securimage->check($_POST['captcha_code']) == false) {
// the code was incorrect
// you should handle the error so that the form processor doesn't continue
// or you can use the following code if there is no validation or you do not know how
$errors->add('chaptcha_error', 'The security code entered was incorrect. Please try again!');
}