<form action="form.php" method="post">
Favorite Food: <input type="text" id="favorite_food" name="favorite_food" value="" size="40" />
<br /><br />
<?php
require_once('recaptchalib.php');
$publickey = "your public key goes here...";
$privatekey = "your private key goes here...";
echo recaptcha_get_html($publickey, $error);
?>
<br />
<input type="submit" value="Submit" />
</form>
<br />
<?php
if ($_POST["favorite_food"]) { //checks to see if the form has been submitted
$response = recaptcha_check_answer($privatekey, // captcha's function to validate input
$_SERVER["REMOTE_ADDR"],
$_POST["recaptcha_challenge_field"],
$_POST["recaptcha_response_field"]);
if ($response->is_valid) {
$fav_food = $_POST['favorite_food'];
printf("<script>location.href='success.php?fav_food=$fav_food';</script>");
} else {
# set the error code in GREEN!
echo "<p style='color: #95ca05; font-size: larger; font-family: 'tempus sans itc';>You entered the Captcha incorrectly.</p><br /><br />";
}
}
?>
success.php
Your favorite food is: <?php echo($_GET['fav_food']);?>
For this to work you need recaptchalib.php, form.php, and success.php to be in the same directory and your respective private and public keys set.
Have a question about something in this article? You can receive help directly from the article author. Sign up for a free trial to get started.
Comments (2)
Commented:
Unless you are Yahoo! or similar, you won't have enough traffic to justify the use of an Image-based CAPTCHA, even ignoring the fairness angle. Why not use a text-based CAPTCHA? It is just as easy to add to your website, loads faster, doesn't discriminate against older folks who don't see so well, and lets people in quicker while baffling the limited logical capabilities of spammer's software.
I own a number of websites that use text-based CAPTCHA to submit Contact Us forms. I never have a problem with spam. Never. And my CAPTCHA is so simple: just copy three random digits into a text field. It can even be done by copy and paste. And if a spammer breaks it, all I have to do is change it a little. Add a digit, move the location of the field, almost any change keeps spammers out.
So simple, so fair.
David Spector
Author
Commented:If you read the "Accessibility" piece in the "Guidelines" section at http://www.captcha.net/ you would see that these CAPTCHAs keep in mind the visually impaired and Section 508 in the United States.
Now, for your first comment about violating civil rights of an identified group, you are assuming the site is under the jurisdiction of the United States of America. Experts-Exchange has global members who write web-applications that may never fall under US jurisdiction thereby rendering the 'civil rights of an identified group' irrelevant.
Your second comment concerning not having enough traffic to justify usage of an image-based CAPTCHA is a statement showing a completely benighted idea of why a CAPTCHA is used. It makes no difference on how vulnerable a website is or isn't based on how much traffic a website generates. How about a form that takes user input and inserts it into a database? You could have a nightmare if a bot exploits that form by submitting thousands of records. Or how about a poll where users vote? It would lead to erroneous poll results.
"And if a spammer breaks it, all I have to do is change it a little." <shakes head> You have to be kidding right? If a spammer breaks it, depending on your web application, you may have to 'change it a little'... and then do a complete overhaul on your application's back-end! Just changing it a little doesn't fix the vulnerability or the damage done in the first attack.
With all respect,
patsmitty