mercredi 4 février 2015

Calculate two random numbers for preventing spamming of register members in PHP

I would like to design a simple webpage for registering of the members.


Everything I almost done but I want to set a question about anti-spamming, by using the calculation of random numbers.


The problem is the random numbers are changed while I clicked the button "submit" of POST method, so the answer will incorrect forever, how can I fix it? Thanks.


Here is my code:



$rand1 = rand(0, 99);
$rand2 = rand(0, 99);

echo "<html> 
        <head><title>Member Registation</title></head>
            <body>
                <form action='memberReg.php' method='POST'>
                    <br />Please enter your name:<br/>
                    Username: <input type='text' name='username' class='form'/><br/>
                    <br />Please enter your password <br/>(At least 8 characters, maximum 20 characters):<br/>
                    Password: <input type='password' name='password' class='form'/><br /><br/>
                    Confirm password: <br/><input type='password' name='confirmPW' class='form'/><br/>
                    <br/>Please fill in the answer into textbox:<br/>
                    <br/>$rand1 + $rand2 = <input type='text' name='answer' class='form'/><br/>
                    <br/><input type='submit' value='Register' class='button'/><br/>
                    <br/><a href = memberLogin.php>Go Back</a>
                </form>
            </body>
    </html>";

if(isset($_POST["answer"])&&isset($_POST["username"])&&isset($_POST["password"])&&isset($_POST["confirmPW"])){

    $username = mysql_real_escape_string($_POST["username"]);
    $password = mysql_real_escape_string($_POST["password"]);
    $passConfirm = mysql_real_escape_string($_POST["confirmPW"]);
    $answer = mysql_real_escape_string($_POST["answer"]);

    if($username == "" || $password == "" || $passConfirm == ""|| $answer == ""){
        echo "Username/Password/Confirm password/Answer cannot be null.";
        return;
    }elseif($answer != ($rand1+$rand2)){
        echo "The answer is incorrect, please edit.";
        return;
    }elseif($username==$password||$username==$passConfirm){
        echo "Password/Confirm password cannot be the same with username, please check.";
        return;
    }elseif($password!=$passConfirm){
        echo "Confirm Password is not be same with password, please check.";
        return;
    }elseif((strlen($password) < 8||strlen($password) > 20)){
        echo "Password's length did not meet the standard, please change it.";
        return;
    }elseif((strlen($passConfirm) < 8||strlen($passConfirm) > 20)){
        echo "Password's length did not meet the standard, please change it.";
        return;
    }else{
        if($regApplicant->register($username, $password)){
            echo "Register Successfully. You can go back and Login";
        }else{
            echo "The username is already exist. Please change it.<br>";
            return;
        }
    }
}

Publié par à
Libellés :

Aucun commentaire:

Enregistrer un commentaire

Inscription à : Publier les commentaires (Atom)