Calificación:
  • 0 voto(s) - 0 Media
  • 1
  • 2
  • 3
  • 4
  • 5
Formulario de registro
#1
[Imagen: NRGJFwb.png]

En el sitio se estan registrando bots y esta el reCaptcha, le agregue una verificación por email para que ellos no publiquen nada, donde esta la captura pueden lograr pasar.

¿Alguien sabe como editar el codigo para que los bots no pasen?

Codigo de esa parte:
Código PHP:
function signup() {
                    global 
$db$client$uhome$config$captcha;
                    
$reg_limit_ip get_gvar('reg_limit_ip');
                    if (
is_numeric($reg_limit_ip)) {
                            
$res sql_query("select count(*) as num from ".tb()."accounts where ipaddress='{$client['ip']}'");
                            
$row sql_fetch_array($res);
                            if (
$row['num'] >= $reg_limit_ip) {
                                    
c(t('Sorry, only {1} registrations allowed per IP','<strong>'.$reg_limit_ip.'</strong>'));
                                    
stop_here();
                            }
                    }
                    if (
get_gvar('only_invited')) {
                            
$hold 1;
                    }
                    
$email $_GET['email'];
                    if (isset(
$_POST['email'])) {
                            
$email $_POST['email'];
                    }
                    
$iid $_GET['iid'];
                    if (isset(
$_POST['iid'])) {
                            
$iid $_POST['iid'];
                    }
                    if (
strlen($email)) {
                            
$res sql_query("select * from ".tb()."invites where id='$iid' and email='{$email}'");
                            
$invite sql_fetch_array($res);
                            if (
$invite['id']) {
                                    
$hold 0;
                                    
$iid_field '<input type="hidden" name="iid" value="'.$iid.'" />';
                            }
                    }
     
                    if (
$_POST['onpost']) {
                            if (
$hold) {
                                    
c('only invited');
                                    
stop_here();
                            }
                            if (!
get_gvar('disable_recaptcha_reg')) {
                                    
$resp recaptcha_check_answer ($captcha['privatekey'],
                                                                                            
$_SERVER["REMOTE_ADDR"],
                                                                                            
$_POST["recaptcha_challenge_field"],
                                                                                            
$_POST["recaptcha_response_field"]);
     
                                    if (!
$resp->is_valid) {
                                                    
$captchaerror $resp->error;
                                                    
$errors[] = t('Wrong Verification code');
                                    }
                            }
                            if (!
$_POST['agree_rules']) {
                                    
$errors[] = t('You must agree to our rules for signing up');
                            }
                           
                            
//get_r(array('username','password','password2','email','agree','confirm_code','location'));
                            
if (strtolower($_COOKIE['cfm']) != strtolower($_POST['confirm_code'])) {
                                    
$errors[] = t('The string you entered for the code verification did not match what was displayed');
                            }
                            
$_POST['username'] = strtolower($_POST['username']);
                            if (
strlen($_POST['username']) < || strlen($_POST['username']) > 18 || !preg_match("/^[0-9a-z]+$/i",$_POST['username'])) {
                                    
$errors[] = t('Username').': '.t('from 4 to 18 characters, only 0-9,a-z');
                            }
                            if (
preg_match("/</",$_POST['fullname'])) {
                                    
$errors[] = 'Unavailable Full name format';
                            }
     
                            if (!
$_POST['email'] || !$_POST['username'] || !$_POST['password']) {
                                    
$errors[] = t('Please fill in all the required blanks');
                            }
                            
/*
                            else {
                                    for($i=1;$i<=7;$i++) {
                                            $col = 'var'.$i;
                                            $key = 'cf_var'.$i;
                                            $key2 = 'cf_var_value'.$i;
                                            $key3 = 'cf_var_des'.$i;
                                            $key4 = 'cf_var_label'.$i;
                                            $key5 = 'cf_var_required'.$i;
                                            $ctype = get_gvar($key);
                                            if ($ctype != 'disabled' && get_gvar($key5)) {
                                                    if (!strlen($_POST[$col])) {
                                                            $errors[] = t('Please fill in all the required blanks');
                                                    }
                                            }
                                    }
                            }
                            */
                            
if(!preg_match("/^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$/i"$_POST['email'])) {
                                    
$errors[] = t('Unavailable email address');
                            }
     
                            
$password md5($_POST['password'].'jcow');
                            
$timeline time();
                            
$res sql_query("select * from `".tb()."accounts` where email='{$_POST['email']}'");
                            if (
sql_counts($res)) {
                                    
$errors[] = t('You have registered with this email address before.');
                            }
                            
$res sql_query("select * from `".tb()."accounts` where username='{$_POST['username']}'");
                            if (
sql_counts($res)) {
                                    
$errors[] = t('The Username has already been used');
                            }
     
                            if (!
is_array($errors)) {
    if (
get_gvar('acc_verify') == 1) {
    
$reg_code get_rand(6,'0123456789');
    
$verify_note t('Verification Code: {1}',$reg_code)."\r\n<br />";
    }
    else {
    
$reg_code '';
    
$verify_note '';
    }
    
// member
    
if ($_POST['hide_age']) {
    
$hide_age 1;
    }
    else {
    
$hide_age 0;
    }
    
$newss get_rand(12);
    if (
get_gvar('pm_enabled') || get_gvar('acc_verify')) {
    
$member_disabled 1;
    }
                                    else {
                                            
$member_disabled 0;
                                    }
                                    
sql_query("insert into `".tb()."accounts` (about_me,disabled,gender,location,birthyear,birthmonth,birthday,hide_age,password,email,username,fullname,created,lastlogin,ipaddress,var1,var2,var3,var4,var5,var6,var7,reg_code) values('{$_POST['about_me']}',$member_disabled,'{$_POST['gender']}','{$_POST['location']}','{$_POST['birthyear']}','{$_POST['birthmonth']}','{$_POST['birthday']}','{$hide_age}','$password','".$_POST['email']."','{$_POST['username']}','{$_POST['fullname']}',$timeline,$timeline,'{$client['ip']}','{$_POST['var1']}','{$_POST['var2']}','{$_POST['var3']}','{$_POST['var4']}','{$_POST['var5']}','{$_POST['var6']}','{$_POST['var7']}','{$reg_code}')");
                                    
$uid insert_id();
                                    if (
$uid == 1) {
                                            
sql_query("update ".tb()."accounts set roles='3' where id='$uid'");
                                    }
                                    
sql_query("insert into `".tb()."pages` (uid,uri,type) values($uid,'{$_POST['username']}','u')");
                                    
$page_id insert_id();
                                    if (
$invite['id']>0) {
                                            
sql_query("update ".tb()."invites set status=1 where id='{$invite['id']}'");
                                            
sql_query("insert into `".tb()."friends` (uid,fid,created) values ($uid,{$invite['uid']},".time().")");
                                            
sql_query("insert into `".tb()."friends` (uid,fid,created) values ({$invite['uid']},$uid,".time().")");
                                    }
     
                                    
stream_publish(t('Signed Up','','','',1),'','',$uid,$page_id);
     
                                    
// welcome email
                                    
$welcome_email nl2br(get_text('welcome_email'));
                                    
$welcome_email str_replace('%username%',$_POST['username'],$welcome_email);
                                    
$welcome_email str_replace('%email%',$_POST['email'],$welcome_email);
                                    
$welcome_email str_replace('%password%',$_POST['password'],$welcome_email);
                                    
$welcome_email str_replace('%sitelink%',url(uhome(),h(get_gvar('site_name')) ),$welcome_email);
                                    @
jcow_mail($_POST['email'], 'Welcome to "'.h(get_gvar('site_name')).'"!'$verify_note.$welcome_email);
                                    
$_SESSION['login_cd'] = 3;
                                    
//login
                                    
$_SESSION['uid'] = $uid;
                                    
redirect('account/index/1');
                                    exit;
                                    
//redirect(url('member/login'),t('Congratulations! You have successfully signed up. You can now login with your account'));
                            
}
                            else {
                                    foreach (
$errors as $error) {
                                            
$error_msg .= '<li>'.$error.'</li>';
                                    }
                                    
sys_notice(t('Errors').':<ul>'.$error_msg.'</ul>');
                            }
                    }
     
                   
                    if (
$hold) {
                            
c(t('Sorry, only invited people can sign up'));
                            
stop_here();
                    }
     
                    
set_title('Signup');
                            if (
get_gvar('pm_enabled')) {
                                    
c('<strong>'.t('Join Us').'</strong><br />
                                    '
.t('Membership pricing').':<ul>');
                                    if (
$pm_1m get_gvar('pm_1m')) {
                                            
c('<li>'.$pm_1m.' '.get_gvar('pm_currency').' '.t('Per month').'</li>');
                                    }
                                    if (
$pm_3m get_gvar('pm_3m')) {
                                            
c('<li>'.$pm_3m.' '.get_gvar('pm_currency').' '.t('Per Annua').'</li>');
                                    }
                                    if (
$pm_12m get_gvar('pm_12m')) {
                                            
c('<li>'.$pm_12m.' '.get_gvar('pm_currency').' '.t('Per Yeal').'</li>');
                                    }
                                    
c('</ul>');
                                    
section_close(t('Paid membership'));
                            }
                                            
c('
    <script>
    $(document).ready( function(){
            objrow = $("tr.row1 td::first-child");
            objrow.attr("valign","top");
            objrow.attr("align","right");
            });
    </script>
                    <form method="post" action="'
.url('member/signup').'" >
    <table class="stories">
    <tr class="table_line1">
    <td colspan="2">'
.t('Passport').'</td>
    </tr>
    <tr class="row1">
    <td>*'
.t('Email Address').'</td>
    <td>
                                            <input type="text" size="20" name="email" value="'
.h($_REQUEST['email']).'" class="fpost" style="width:180px" />
                                            <br /><span class="sub">('
.$invite_msg.t("We won't display your Email Address.").')</span>
    </tr>
    <tr class="row1">
    <td>*'
.t('Username').'/'.t('Nickname').'</td><td>
                                            <input type="text" size="18" class="fpost" name="username" value="'
.h($_REQUEST['username']).'" style="width:180px" /><br />
                                            <span class="sub">('
.t('4 to 18 characters, made up of 0-9,a-z').')</span>
    </tr>
    <tr class="row1">
    <td>*'
.t('Password').'</td><td>
                                            <input type="password" name="password"  class="fpost" value="'
.h($_REQUEST['password']).'" style="width:180px" />
    </tr>
    '
);
    
/*
    c('
    <tr class="table_line1">
    <td colspan="2">'.t('Personal info').'</td>
    </tr>
    <tr class="row1">
    <td>*'.t('Full Name').'</td><td>
                                            <input type="text" size="20" name="fullname" value="'.h($_REQUEST['fullname']).'"  class="fpost" style="width:180px" />
    </td>
    </tr>
    <tr class="row1">
    <td>*'.t('Birth').'</td><td>
                                            <select name="birthyear" class="fpost">
                                            ');
                                            $year_from = date("Y",time()) - 8;
                                            $year_to = date("Y",time()) - 100;
                                            if ($_REQUEST['birthyear'])
                                                    $yearkey = $_REQUEST['birthyear'];
                                            else
                                                    $yearkey = $year_from - 12;
                                            for ($i=$year_from;$i>$year_to;$i--) {
                                                    $selected = '';
                                                    if ($yearkey == $i)
                                                            $selected = 'selected';
                                                    c('<option value="'.$i.'" '.$selected.'>'.$i.'</option>');
                                            }
                                            if ($row['hide_age']) $hide_age = 'checked';
                                            c('
                                            </select>
                                            <select name="birthmonth" class="fpost">');
                                            for ($i=1;$i<13;$i++) {
                                                    if ($i<10)$j='0'.$i;else $j=$i;$iss='';
                                                    if ($_REQUEST['birthmonth'] == $j) $iss='selected';
                                                    c('<option value="'.$j.'" '.$iss.' >'.$j.'</option>');
                                            }
                                            c('</select>
                                            <select name="birthday" class="fpost">');
                                            for ($i=1;$i<=31;$i++) {
                                                    if ($i<10)$j='0'.$i;else $j=$i;$iss='';
                                                    if ($_REQUEST['birthday'] == $j) $iss='selected';
                                                    c('<option value="'.$j.'" '.$iss.'>'.$j.'</option>');
                                            }
                                            c('</select><br />
                                             <input type="checkbox" name="hide_age" value="1" '.$hide_age.' />'.t('Hide my age').'
                                            </td></tr>');
                                            if ($_REQUEST['gender'] == 1) {
                                                    $gender1 = 'checked';
                                            }
                                            elseif ($_REQUEST['gender'] == 2) {
                                                    $gender2 = 'checked';
                                            }
                                            else {
                                                    $gender0 = 'checked';
                                            }
                                            c('
                                            <tr class="row1"><td>*'.t('Gender').'</td><td>
                                            <input type="radio" name="gender" value="1" '.$gender1.' />'.t('Male').'
                                            <input type="radio" name="gender" value="0" '.$gender0.' />'.t('Female').'
                                            <input type="radio" name="gender" value="2" '.$gender2.' />'.t('Hide').'
                                            </td></tr>');
                                           
                                            c('<tr class="row1"><td>*'.t('Come from').'</td><td>
                                            <select name="location" class="inputText">');
                                            $locations = explode("\r\n",get_text('locations'));
                                            $_REQUEST['location'] = trim($_REQUEST['location']);
                                            foreach($locations as $location) {
                                                    if ($_REQUEST['location'] == trim($location)) {
                                                            $selected = 'selected';
                                                    }
                                                    else {
                                                            $selected = '';
                                                    }
                                                    c('<option value="'.$location.'" '.$selected.' >'.$location.'</option>');
                                            }
                                            c('</select>
    </td>
    </tr>
    <tr class="row1">
    <td>'.t('About me').'</td><td>
                                            <textarea rows="5" name="about_me">'.htmlspecialchars($client['about_me']).'</textarea>
    </td>
    </tr>
                            ');
                           
                           
                                            // custom fields
                                            $profile = array();
                                            for($i=1;$i<=7;$i++) {
                                                    $col = 'var'.$i;
                                                    $key = 'cf_var'.$i;
                                                    $key2 = 'cf_var_value'.$i;
                                                    $key3 = 'cf_var_des'.$i;
                                                    $key4 = 'cf_var_label'.$i;
                                                    $key5 = 'cf_var_required'.$i;
                                                    $ctype = get_gvar($key);
                                                    $value = get_gvar($key2);
                                                    $des = get_gvar($key3);
                                                    $label = get_gvar($key4);
                                                    $required = get_gvar($key5);
                                                    if ($required) $required = '*';
                                                    if ($ctype != 'disabled') {
                                                            if ($ctype == 'text') {
                                                                    if (strlen($profile[$col])) {
                                                                            $value = htmlspecialchars($profile[$col]);
                                                                    }
                                                                    if (strlen($_POST[$col])) {
                                                                            $value = h($_POST[$col]);
                                                                    }
                                                                    c('<tr class="row1"><td>
                                                                    '.$required.$label.'</td><td><input type="text" name="'.$col.'" value="'.$value.'" />
                                                                    <br /><span class="sub">'.$des.'</span></td></tr>');
                                                            }
                                                            elseif ($ctype == 'textarea') {
                                                                    if (strlen($profile[$col])) {
                                                                            $value = htmlspecialchars($profile[$col]);
                                                                    }
                                                                    if (strlen($_POST[$col])) {
                                                                            $value = h($_POST[$col]);
                                                                    }
                                                                    c('<tr class="row1"><td>'.$required.$label.'</td><td>
                                                                    <textarea rows="3" name="'.$col.'" />'.$value.'</textarea><br />
                                                                    <br /><span class="sub">'.$des.'</span></td></tr>');
                                                            }
                                                            elseif ($ctype == 'select_box') {
                                                                    $tarr = explode("\r\n",$value);
                                                                    c('<tr class="row1">
                                                                    <td>'.$label.'</td><td>
                                                                    <select name="'.$col.'">
                                                                    ');
                                                                    if (strlen($_POST[$col])) {
                                                                            $value = h($_POST[$col]);
                                                                    }
                                                                    foreach ($tarr as $val) {
                                                                            if ($val == $value) {
                                                                                    $selected = 'selected';
                                                                            }
                                                                            else {
                                                                                    $selected = '';
                                                                            }
                                                                            c('<option value="'.$val.'" '.$selected.'>'.$val.'</option>');
                                                                    }
                                                                    c('</select><br /><span class="sub">'.$des.'</span></td></tr>');
                                                            }
                                                    }
                                            }
                           
    */                     
            
c($iid_field);
                            if (!
get_gvar('disable_recaptcha_reg')) {
                                    
c('<tr class="row1">
                                    <td>'
.t('Image verification').'</td><td>
                                    '
.recaptcha_get_html($captcha['publickey'],$captchaerror).'
                                    </td>
     
     
                                    </tr>'
);
                            }
                           
                            
c('
                            <tr class="row2">
                            <td colspan="2"><strong>'
.t('Rules & Conditions').'</strong>
                            <div style="width:700px;height:100px;overflow:scroll;border:white 2px solid;padding:5px;">
                            '
.nl2br(h(get_text('rules_conditions'))).'
                            </div></td>
                            </tr>
                            <tr class="row2">
                            <td colspan="2" align="center">
                            <input type="hidden" name="g" value="'
.h($_REQUEST['g']).'" />
                            <input type="hidden" name="onpost" value="1" />
                            <input type="checkbox" name="agree_rules" value="1" checked /> '
.t('I have read, and agree to abide by the Rules & Conditions.').'
                                                    <input type="submit" style="background:#5BA239;color:white;font-size:1.5em;font-weight:bold" value="'
.t('Signup Now').'" />
                                                    </td></tr>
     
                                                   
                            </table>
                    </form>
                            '
);
            } 
WWW
#2
Puedes poner una pregunta de seguridad.
WWW


Posibles temas similares...
Tema Autor Respuestas Vistas Último mensaje
  Bootstrap Formulario Basico cmascreativo.ml 5 102 08-10-2018, 06:53 AM
Último mensaje: Boreas
Bombilla [Tutorial] Aprender AJAX – Procesar un Formulario con XMLHttpRequest amner 1 398 14-03-2017, 03:07 PM
Último mensaje: Carlos Mendoza
  Como enviar un formulario por correo con php Rolando Sanchez 1 1,513 04-02-2016, 09:16 PM
Último mensaje: jfuentes7
  Formulario de inicio de session con html5 luis.ml 0 1,703 16-08-2015, 12:52 AM
Último mensaje: luis.ml
  Como seleccionar el último registro de una tabla en MySQL imgur 3 10,444 25-01-2015, 02:24 AM
Último mensaje: garcon
  PHP: Registro y Logeo en MD5 sin base de datos maxposter021 8 1,412 18-01-2015, 10:07 AM
Último mensaje: jorge_e_c2012
  Validar registro jlgarduza 3 1,157 05-12-2014, 09:30 PM
Último mensaje: AbaddonOrmuz
  Cómo hacer un formulario con validación en HTML5 imgur 0 511 19-11-2014, 10:24 PM
Último mensaje: imgur
  Sistema de login y registro para tu web ! losox 32 4,037 24-12-2012, 10:31 PM
Último mensaje: esteban
  (tuto) como crear un formulario de contacto con php y html Glock977 8 3,599 01-12-2012, 03:51 PM
Último mensaje: Drod



Usuarios navegando en este tema: 3 invitado(s)