以下でお手伝いできますか?
Joomla1.5サイトでユーザー登録を使い始めました...
スパムボットがサイトに登録されています
サイトのキャプチャを使用しましたが-http ://www.white-hat-web-design.co.uk/blog/php-captcha-security-images/
登録ページのリンクでの(検証なしの)動作-http://www.mycarhelpline.com/index.php?option= com_user&view=register& Itemid=79
ただし、登録ページで同じことが検証されていません。
検証コード
session_start();
if( isset($_POST['submit'])) {
if( $_SESSION['security_code'] == $_POST['security_code'] &&
!empty($_SESSION['security_code'] ) ) {
// Insert you code for processing the form here, e.g emailing the
submission, entering it into a database.
echo 'Thank you. Your message said "'.$_POST['message'].'"';
unset($_SESSION['security_code']);
} else {
// Insert your code for showing an error message here
echo 'Sorry, you have provided an invalid security code';
}
} else {
}
Joomlaのどのファイル/行(controller.php、default.php、view.html.php)にこのコードを入れる必要がありますか。異なる行の異なるファイルで順列/組み合わせを試しましたが、機能しません。
Pl提案
こんにちは-変更を加えても機能しません。実際、controller.phpにサーバーエラーが表示されます-完全なコードをここに配置します
function register_save()
{
global $mainframe;
// Check for request forgeries
JRequest::checkToken() or jexit( 'Invalid Token' );
session_start();
if( isset($_POST['submit'])) {
if( $_SESSION['security_code'] == $_POST['security_code'] && !empty($_SESSION['security_code'] ) ) {
// Insert you code for processing the form here, e.g emailing the submission, entering it into a database.
echo 'Thank you.';
unset($_SESSION['security_code']);
} else {
// Insert your code for showing an error message here
echo 'Sorry, you have provided an invalid security code';
}
} else {
// Get required system objects
$user = clone(JFactory::getUser());
$pathway =& $mainframe->getPathway();
$config =& JFactory::getConfig();
$authorize =& JFactory::getACL();
$document =& JFactory::getDocument();
// If user registration is not allowed, show 403 not authorized.
$usersConfig = &JComponentHelper::getParams( 'com_users' );
if ($usersConfig->get('allowUserRegistration') == '0') {
JError::raiseError( 403, JText::_( 'Access Forbidden' ));
return;
}
// Initialize new usertype setting
$newUsertype = $usersConfig->get( 'new_usertype' );
if (!$newUsertype) {
$newUsertype = 'Registered';
}
// Bind the post array to the user object
if (!$user->bind( JRequest::get('post'), 'usertype' )) {
JError::raiseError( 500, $user->getError());
}
// Set some initial user values
$user->set('id', 0);
$user->set('usertype', $newUsertype);
$user->set('gid', $authorize->get_group_id( '', $newUsertype, 'ARO' ));
$date =& JFactory::getDate();
$user->set('registerDate', $date->toMySQL());
// If user activation is turned on, we need to set the activation information
$useractivation = $usersConfig->get( 'useractivation' );
if ($useractivation == '1')
{
jimport('joomla.user.helper');
$user->set('activation', JUtility::getHash( JUserHelper::genRandomPassword()) );
$user->set('block', '1');
}
// If there was an error with registration, set the message and display form
if ( !$user->save() )
{
JError::raiseWarning('', JText::_( $user->getError()));
$this->register();
return false;
}
// Send registration confirmation mail
$password = JRequest::getString('password', '', 'post', JREQUEST_ALLOWRAW);
$password = preg_replace('/[\x00-\x1F\x7F]/', '', $password); //Disallow control chars in the email
UserController::_sendMail($user, $password);
// Everything went fine, set relevant message depending upon user activation state and display message
if ( $useractivation == 1 ) {
$message = JText::_( 'REG_COMPLETE_ACTIVATE' );
} else {
$message = JText::_( 'REG_COMPLETE' );
}
$this->setRedirect('*********', $message);
}