From 622d177fe5a6412745054edddbc98c6a21c0bbe5 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E5=8F=99=E8=BF=B0=E3=80=81=E5=88=AB=E7=A6=BB?=
 <93301500+xushubieli@users.noreply.github.com>
Date: Tue, 25 Mar 2025 14:43:36 +0800
Subject: [PATCH] =?UTF-8?q?=E8=A1=A8=E5=8D=95=E6=B7=BB=E5=8A=A0=E9=AA=8C?=
 =?UTF-8?q?=E8=AF=81=E7=A0=81=E5=8A=9F=E8=83=BD?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 src/apps/diy.php                | 8 ++++++++
 src/theme/apps/post_diyform.htm | 9 ++++++++-
 2 files changed, 16 insertions(+), 1 deletion(-)

diff --git a/src/apps/diy.php b/src/apps/diy.php
index b0aaab60..c56b6e22 100755
--- a/src/apps/diy.php
+++ b/src/apps/diy.php
@@ -38,6 +38,14 @@ if ($action == 'post') {
             exit();
         }
         $addvar = $addvalue = '';
+        //验证码校验
+        $validate = empty($validate) ? '' : strtolower(trim($validate));
+        $svali = strtolower(GetCkVdValue());
+        if ($validate=='' || $validate != $svali) {
+            ResetVdValue();
+            ShowMsg('验证码不正确', '-1');
+            exit();
+        }
         if (!empty($dede_fields)) {
             $link = $_SERVER['HTTP_REFERER'];
             $date = GetDateTimeMk(time());
diff --git a/src/theme/apps/post_diyform.htm b/src/theme/apps/post_diyform.htm
index c7b5adfb..610dd0a5 100644
--- a/src/theme/apps/post_diyform.htm
+++ b/src/theme/apps/post_diyform.htm
@@ -27,7 +27,14 @@
 				<table class="table mb-0">
 					<?php echo $postform;?>
 					<tr>
-						<td align="center">
+						<td>验证码</td>
+						<td>
+							<input type="text" name="validate" class="form-control admin-input-lg">
+							<img src="/apps/vdimgck.php" onclick="this.src='/apps/vdimgck.php?tag='+Math.random();" style="cursor:pointer">
+						</td>
+					</tr>
+					<tr>
+						<td colspan="2" align="center">
 							<button type="submit" name="submit" class="btn btn-success btn-sm">提交</button>
 							<button type="reset" name="reset" class="btn btn-outline-success btn-sm">重置</button>
 						</td>