新增人机验证

api/submit.php

@@ -1,5 +1,6 @@
 <?php
 header('content-type:application/json');
+session_start();
 include('../config.php');
 include('../includes/function.php');
 $confessor = htmlspecialchars($_POST['name']);
@@ -13,7 +14,11 @@ if (empty($confessor) || empty($contact) || empty($ta) || empty($introduction) |
     exit('{"code":-3,"msg":"表单未填写完整或存在错误！"}');
 }
 
-if ($timestamp - time() > 5 || time() - $timestamp > 5) {
+if ($_SESSION['vcode'] != md5($_POST['vCode'] . $VERIFICATION_KEY) && $IMAGE_VERIFICATION) {
+    exit('{"code":-2,"msg":"抱歉，人机验证失败","result":""}');
+}
+
+if ($timestamp - time() > 60 || time() - $timestamp > 60) {
     exit('{"code":-5,"msg":"提交失败！请检查您的系统时间！"}');
 }
 

api/vcode.php

@@ -0,0 +1,20 @@
+<?php
+session_start();
+include('../config.php');
+$img = imagecreatetruecolor(60, 30);
+$black = imagecolorallocate($img, 0x00, 0x00, 0x00);
+$green = imagecolorallocate($img, 0x00, 0xFF, 0x00);
+$white = imagecolorallocate($img, 0xFF, 0xFF, 0xFF);
+imagefill($img, 0, 0, $white);
+
+$code = rand(1000, 9999);
+$_SESSION['vcode'] = md5($code . $VERIFICATION_KEY);
+
+imagestring($img, 5, 8, 8, $code, $black);
+for ($i = 0; $i < 100; $i++) {
+    imagesetpixel($img, rand(0, 60), rand(0, 30), $black);
+    imagesetpixel($img, rand(0, 60), rand(0, 30), $green);
+}
+header("content-type: image/png");
+imagepng($img);
+imagedestroy($img);

config.php

@@ -15,6 +15,10 @@ $ADMIN_USER="kagamine";
 $ADMIN_PASS="kagamine1234";
 //是否开启伪静态（请先配置伪静态规则后再开启，否则可能导致404）
 $REWRITE=false;
+//是否开启提交验证
+$IMAGE_VERIFICATION=true;
+//随便一个字符串
+$VERIFICATION_KEY="KAGAMINE YES!"
 /*
 伪静态规则
 当前只支持nginx，apache规则的话...实在不会写，热心的童鞋可以帮忙写一下啊（谢谢各位大佬了）

pages/submit.php

@@ -44,6 +44,37 @@ if ($templateMode) {
     </div>
     <script>
         function submit() {
+            url = $("#url").val();
+            if (<?php if ($IMAGE_VERIFICATION) echo 'true';
+                else echo 'false'; ?>) {
+                imageVerification(function(answer) {
+                    request(answer)
+                })
+            } else {
+                request('0000');
+            }
+        }
+
+
+        function imageVerification(callback) {
+            mdui.dialog({
+                title: '请输入图片中的验证码',
+                content: '<center><div class="mdui-row"> <div class="mdui-col-xs-9"> <div class="mdui-textfield"> <input class="mdui-textfield-input" id="answer" type="text" placeholder="请输入您的答案" /></div> </div> <div class="mdui-col-xs-3"> <img style="position: relative;top:15px" id="vcode" src="/api/vcode.php" /> </div> </div></center>',
+                modal: true,
+                buttons: [{
+                        text: '取消'
+                    },
+                    {
+                        text: '确认',
+                        onClick: function(inst) {
+                            callback($('#answer').val());
+                        }
+                    }
+                ]
+            });
+        }
+
+        function request(vCode) {
             $("#submitbtn").attr("disabled", true);
             var contact = $("#qq").val();
             var name = $("#name").val();
@@ -72,7 +103,8 @@ if ($templateMode) {
                     taName: taName,
                     image: image,
                     introduceTA: introduceTA,
-                    toTA: toTA
+                    toTA: toTA,
+                    vCode:vCode
                 },
                 dataType: 'text',
                 success: function(data) {