问题
I am analyzing the suspicious activity of my audience, adding those IP addresses to my blacklist.
I do not seek to block users, nor do I block content, I would not care much if there was a false positive, because I am simply looking to integrate an additional step for those antecedents, adding a CAPTCHA to make life a bit difficult for spammers and malicious users.
So what I want to achieve is the following:
- If the user's IP is on the black list, show the captcha
This would be my captcha code, which I have called image.php
$_SESSION['code_captcha'] = '';
$chars = array();
$imageWidth = 0;
$imageHeight = 0;
for ($i = 0; $i < $charsLength; $i++) {
//rest of the code of the captcha image...
I do not add all the captcha code, because the only thing that interests us is to know how to retrieve the values of the image.php and, it is as follows: $_SESSION['code_captcha']
If the user is between those conditions, I am going to show him a template where the captcha image will be displayed and the form where the text must be entered in the imput field to validate access to the page.
<input name="code_captcha" type="text">
Now my question is this:
- How to show CAPTCHA code if visitor's ip is blacklisted?
But the user must be verified only once, because if the user passes the test, the validation of the Captcha code must be saved in a SESSION, to avoid that the Captcha code is shown again or appears when visiting another URL or when reloading the page, only in the event that the user closes the browser will they have to re-enter the CAPTCHA code.
This is my code that blocks access by IP that is blacklisted.
<?php
session_start();
$FILE_PATH = 'blocked_ips.txt';
function IP_ADDRESS() {
$IP_ADDRESS = '';
if (getenv('HTTP_CLIENT_IP'))
$IP_ADDRESS = getenv('HTTP_CLIENT_IP');
else if(getenv('HTTP_CF_CONNECTING_IP'))
$IP_ADDRESS = getenv('HTTP_CF_CONNECTING_IP');
else if(getenv('HTTP_X_REAL_IP'))
$IP_ADDRESS = getenv('HTTP_X_REAL_IP');
else if(getenv('HTTP_X_CLUSTER_CLIENT_IP'))
$IP_ADDRESS = getenv('HTTP_X_CLUSTER_CLIENT_IP');
else if(getenv('HTTP_X_FORWARDED_FOR'))
$IP_ADDRESS = getenv('HTTP_X_FORWARDED_FOR');
else if(getenv('HTTP_X_FORWARDED'))
$IP_ADDRESS = getenv('HTTP_X_FORWARDED');
else if(getenv('HTTP_FORWARDED_FOR'))
$IP_ADDRESS = getenv('HTTP_FORWARDED_FOR');
else if(getenv('HTTP_FORWARDED'))
$IP_ADDRESS = getenv('HTTP_FORWARDED');
else if(getenv('REMOTE_ADDR'))
$IP_ADDRESS = getenv('REMOTE_ADDR');
else
$IP_ADDRESS = 'UNKNOWN';
return $IP_ADDRESS;
}
$BLACK_LIST = file($FILE_PATH);
/*var_dump($_SESSION['code_captcha']);
if(isset($_POST) && isset($_POST["code_captcha"]) && $_POST["code_captcha"]!=$_SESSION["code_captcha"]) {
echo "Captcha 1 1";
} else {
echo "Captcha 2 2";
}*/
foreach (array_values($BLACK_LIST) AS $IP_BLOCKED){
if (trim($IP_BLOCKED) == IP_ADDRESS()){
var_dump($_SESSION['code_captcha']);
if(isset($_POST) && isset($_POST["code_captcha"]) && $_POST["code_captcha"]!=$_SESSION["code_captcha"]) {
echo "Captcha 1";
} else {
echo "Captcha 2";
}
echo '<form action="#" method="post" autocomplete="off" enctype="multipart/form-data">
<img src="image.php"/>
<input name="code_captcha" type="text">
<input type="submit" value="Validar" formnovalidate>
</form>';
//print "<CENTER> YOU HAVE BEEN BANNED ! </CENTER>";
exit;
}
}
echo 'Authorized ip 1 !';
?>
Based on my code, could you explain to me how to achieve my goal, please, that the help is based on my code that I am familiar with.
回答1:
I notice that you are using the same captcha code system from a previous question and, to which I have answered:
- Error the session of the captcha code is always true
As I had mentioned in my answer, already saved the session where you have verified the user correctly, you can use the following above the if, which blocks access to the application.
if (!isset($_SESSION['captcha_check'])) {
}
The code is as follows:
if (!isset($_SESSION['captcha_check'])) {
foreach (array_values($BLACK_LIST) AS $IP_BLOCKED){
if (trim($IP_BLOCKED) == IP_ADDRESS()){
$message = NULL;
if (isset($_POST) && isset($_POST['validate_captcha'])) {
if(empty($_POST["code_captcha"]) || $_POST["code_captcha"] != $_SESSION["code_captcha"]) {
$message = "The characters entered are incorrect";
} else {
$_SESSION['captcha_check'] = true;
header("Location: url...");
}
if($message!="") { echo '<div class="error">'.$message.'</div>'; }
}
echo '<form action="#" method="post" autocomplete="off" enctype="multipart/form-data">
<img src="image.php"/>
<input name="code_captcha" type="text">
<input name="validate_captcha" type="submit" value="Validar" formnovalidate>
</form>';
exit;
}
}
}
echo 'Authorized ip 1 !';
来源:https://stackoverflow.com/questions/65673590/how-to-allow-access-to-the-web-page-when-validating-captcha