Link to home
Start Free TrialLog in
Avatar of goski
goski

asked on

PHP CAPTCHA script

I am trying to implement the CAPTCHA script found at:  

http://www.white-hat-web-design.co.uk/articles/php-captcha.php

I have the security code displaying but do not know were to put the code that compares the code entered against the code display.

I am having a little problem figuring out were to put the following code:
 
<?php
   session_start();
   if(($_SESSION['security_code'] == $_POST['security_code']) && (!empty($_SESSION['security_code'])) ) {
      // Insert you code for processing the form here, e.g emailing the submission, entering it into a database.
      unset($_SESSION['security_code']);
   } else {
      // Insert your code for showing an error message here
   }
?>
 
 
My HTML code looks like this:
 
<form method="POST"  onsubmit="return validatecontactus(document.Contact_Us);" language="JavaScript" name="Contact_Us" action="http://www.sabrewingconsulting.com/danasapparel/formmail.php">
              <p class="class3"><BR>
                Tell us what you think about our web site, our products, our organization,
                or anything else that comes to mind. &nbsp We welcome all of your comments and suggestions.
                <input type="hidden" Name="recipient" value="ron@sabrewingconsulting.com" enctype="TEXT/PRE">
                <input type="hidden" Name="subject" value="Dana's Apparel Inquiry">
                <input type="hidden" name="redirect" value="http://www.danasapparel.com/contact_us_thank_you.html">
                <input type="hidden" Name="env_report" value="REMOTE_HOST,REMOTE_ADDR,HTTP_USER_AGENT">
              </p>
 
I use JavaScript to validate the required fields on the form.  It looks like this.
 
<!--
 
function validatecontactus(contact)
{
 var fieldtofocus = ""
 var alert_text = ""
 
 if(contact.comments.value == "")
 {
 alert_text += "Please enter your comments in the Text area.\n";
 if(fieldtofocus == "") {eval("contact.comments.focus();");fieldtofocus = "filled";}
 }
 
 if(contact.fullname.value == "")
 {
 alert_text += "Please enter your full name.\n";
 if(fieldtofocus == "") {eval("contact.name.focus();");fieldtofocus = "filled";}
 }
 
 if(contact.email.value == "")
 {
 alert_text += "An email is required.\n";
 if(fieldtofocus == "") {eval("contact.email.focus();");fieldtofocus = "filled";}
 }
 
 if(fieldtofocus == "filled")
 {
 alert("Required Fields:\n" + alert_text);
 return false;
 }
 else
 {
 return true;
 }
}
 
//-->
Avatar of jopie916
jopie916

I would put it just above the <form> tag...

P.S. It's nice to use Javascript to validate the form for user experience, but to be secure you must sanitize it in PHP also. Put that part in the area commented
"// Insert you code for processing the form here, e.g emailing the submission, entering it into a database."
before the actual code that does the emailing.
You also need to modify your form onsubmit because the form is never actually being submitted to anything.


First of all you need to have a submit button to submit and process the form. You can have it one by assig this simpla syntax within the form tag.

<input type="submit" name="formsubmit" value="Send" />

So, an user can click on "Send" to submit the form. Then, in the very page where you post your form to, you should check if the form is submitted successfully and do CAPTCHA check.

You can do this as the following:

if(isset($_POST['formsubmit']))
{
       //form is submitted.
       //Add your code here
       if(($_SESSION['security_code'] == $_POST['security_code']) &amp;&amp;   (!empty($_SESSION['security_code'])) ) {
      // Insert you code for processing the form here, e.g emailing the submission, entering it into a database.
      unset($_SESSION['security_code']);
       }
    else {
      // Insert your code for showing an error message here
      }
}


Don't forget to add a textfield for the user to enter CAPTCHA security code. It should be as the following:

<input type="text" name="security_code" />

__________
I hope it can help you, if you need more help feel free to write.
Shadow_Shooter.

Avatar of goski

ASKER

I have been slow to respond because I was out of town for a long weekend.

It seems that my explanation was incomplete.  The HTML that I included in my original post was only the "form" tag.  The attached file includes the entire form page.  I'm still unsure where to add the code that validates the CAPTCHA entry against the CAPTCHA image.  Any ideas?
contact.txt
ASKER CERTIFIED SOLUTION
Avatar of jopie916
jopie916

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Analysis based on Formmail version 8.05, downloaded from HotScripts http://www.hotscripts.com/Detailed/29699.html
Avatar of goski

ASKER

I have abandoned the CaptchaSecurityImages.php solution that I could not get to work.  I have implemented the verifyimg.php from tectite.com.  It works fine if I enter all of the required fields and enter the correct CAPTCHA code.

However, if I enter the code incorrectly, I get a page that says
 "An error occurred while processing the form .

Your entry did not match the image

Your form submission was processed by (8.05), available from www.tectite.com."

So, I click the BACK button and enter the correct code.  Then I get a page with the following error:

"An error occurred while processing the form .

Please contact us directly since this form is not working .
We apologize for any inconvenience this error may have caused.

Your form submission was processed by (8.05), available from www.tectite.com. "

It seems like things get messed up if I use the BACK button.  But, there is no other way to get back to my contact form.

Any ideas?
Avatar of goski

ASKER

I ran another test as I describe in the last post to see what happens when I enter the wrong CAPTCHA code.  Only this time, when I hit the back button, I reloaded the page then entered the correct CAPTCHA code.  It worked fine.  BTW, I am using Firefox 3.0 as a browser.

I tried the same scenerio posted above with IE 7.0 and do not have any problems using the back button.
Avatar of goski

ASKER

I found that I had to use the fmbadhandler.php script to resolve the Firefox issue.  It can be found on the tectite.com site.  I'm close to resolving this issue.  Most of my answers to the formmail.php issues that I've had can be answered on the tectite.com forum.
Avatar of goski

ASKER

I actually abandoned the solution that I posted here after jopie916 pointed out that formmail.php version 8.05 had captcha built in.  It took a while to get it working but the forum at tectite.com was great to work with.