• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 812
  • Last Modified:

CAPTCHA validation question

Hello everyone,

I've found a captcha image validation script which I am using on my email form but I need a slight tweak to it which I cannot figure out and I do not know how to contact the author.

All validation scripts I have come across use several files but I have combined into a single PHP page using the ISSET function.

In the section that creates the form I place the image creation code i.e.

========================= PHP CODE =========================
$val_img = imagecreate(200, 40);
            
            // Allocate 2 colors to the image
            $bg = imagecolorallocate($val_img, 204, 255, 204);
            $textcolor = imagecolorallocate($val_img, 0, 0, 255);
            
            // Create a seed to generate a random number
            srand((double)microtime()*1000000);
            
            // Run the random number seed through the MD5 function
            $seed_string = md5(rand(0,9999));
            
            // Chop the random string down to 5 characters
            
            // This is the validation code we will use
            $val_string = substr($seed_string, 17, 5);
            
            // Print the validation code on the image in white
            $font = imageloadfont('anonymous.gdf');
            imagestring($val_img, $font, 50, 0, $val_string, $textcolor);
            
            // Write the image file to the current directory
            imagejpeg($val_img, "verify.jpg");
            imagedestroy($val_img);
========================= PHP CODE =========================

I the use the image at the end of the email form i.e.

========================= HTML CODE =========================
<img src="verify.jpg" height="40" width="200" alt="validation image" />
========================= HTML CODE =========================

Then there is the input box to enter the text in the image, i.e.

========================= HTML CODE =========================
<input type="text" name="verifycode" size="20" value="" />
========================= HTML CODE =========================

Now here is where the problem occurs. I click the SUBMIT button which reloads the PHP page and the verification process starts. How do I verify that the code entered is correct? Well I first used the following:

========================= PHP CODE =========================
if (isset($_POST['submit'])) { // If the form has been submitted, handle it.

// Validate if submitted by human - use image validation
if ($_POST['verifycode'] == $val_string) {
                  
          $vc = $_POST['verifycode'];
                  
} else {
       $vc = FALSE;
         echo 'Please enter the verification code';
}
========================= PHP CODE =========================

The author's solution which I have been using is to insert a hidden input text in the form, so that I now get:

========================= PHP CODE =========================
<img src="verify.jpg" height="40" width="200" alt="validation image" /><br />
<input type="text" name="verifycode" size="20" value="" />
<input name="validation" type="hidden" value="<?php echo $val_string ?>">
========================= PHP CODE =========================

Then the verification code would be the following:

========================= PHP CODE =========================
if (isset($_POST['submit'])) { // If the form has been submitted, handle it.

// Validate if submitted by human - use image validation
if ($_POST['verifycode'] == trim($_POST['validation'])) {
      
                  $vc = $_POST['verifycode'];
                                    
                  } else {
                        $vc = FALSE;
                        echo 'Please enter the verification code';
                  }
========================= PHP CODE =========================

This works absolutely perfectly but there is a contamination point which makes me very uncomfortable. It is the hidden input text where I print out the value of [PHP]$val_string[/PHP] in an input box and then compare the value of that to the value typed in by the user. You can easily read the code in a source-view of the page and a smart programmer can look for that loophole and autofill my verification box.

Can anyone tell me a solution to this? I want to keep it all on one page.

Thanks for your usual help.
Terry
<?php /* ********************** START CONTENT WRAPPER COLUMN *************************** */ ?>
	<div id="content">
		 
	   <?php /* ******************* START CONTENT CONTAINER WRAPPER COLUMN ***************** */ ?>
	   <div class="width_100">
	    
	    <?php /* **************** START COLUMN 1 ******************** */ ?>
	     <div class="col1 maxheight">
	      <div class="indent_col1b">
	      <?php 
		  list($lakeside_internationalRecords, $lakeside_internationalMetaData) = getRecords(array(
		    'tableName'   => 'lakeside_international',
		    'where'       => 'num="42"',
		    'limit'       => '1',
		  ));
		  $lakeside_internationalRecord = @$lakeside_internationalRecords[0]; // get first record
	        echo $lakeside_internationalRecord['content'] ?>
	      <?php 
		  list($lakeside_internationalRecords, $lakeside_internationalMetaData) = getRecords(array(
		    'tableName'   => 'lakeside_international',
		    'where'       => 'num="19"',
		    'limit'       => '1',
		  ));
		  $lakeside_internationalRecord = @$lakeside_internationalRecords[0]; // get first record
	        echo $lakeside_internationalRecord['content'] ?><br/>
	      </div>
	     </div>
	    <?php /* **************** END COLUMN 1 ********************* */ ?>
 
 
 
	    <?php /* **************** START COLUMN 2 ******************** */ ?>
	    <div class="col2"><img alt="" src="<?php echo $url;?>/images/spacer.gif" width="12" height="1" /></div>
	    <?php /* **************** END COLUMN 2 ********************* */ ?>
	   
 
 
	    <?php /* **************** START COLUMN 3 ******************** */ ?>
	    <?php // Start column 3 with main content ?>
	    <div class="col3 maxheight">
	    <div class="indent_col3">
		<div class="headline1">Contact us</div>
		<br/>
		<div id="form_wrapper">
		
		<?php
		if (isset($_POST['submit'])) { // If the form has been submitted, handle it.
 
 
			// Validate if submitted by human - use image validation
			if ($_POST['verifycode'] == trim($_POST['validation'])) { 
			
			$vc = $_POST['verifycode'];
			
			
			} else { 
				$vc = FALSE;
				echo '<p><font color="red" size="+1">Please enter the verification code</font></p>';
			}
 
			// lookup email alias 
			$emailAlias = $_POST['emailto']; 
			$escapedAlias = mysql_real_escape_string($_POST['emailto']); 
 
		
			$query = "SELECT * FROM cmsb_lakeside_contact_directory WHERE rcptid='$escapedAlias' LIMIT 1";
			$result = mysql_query ($query);
			$record = mysql_fetch_array ($result, MYSQL_BOTH);
			
			if (record) {
			
			$sendto = $record[email];
			$recipient = $record[recipient];
			
			} else {			
			echo "An error has occurred and your message cannot be sent. Please telephone the hotel instead at Tel: + 44 (0)1252 838000. We apologise for the inconvenience.";
			}
 
 
			// Define field name in the event that register_globals is disabled
			$email = $_POST['email'];
			
		
			// Validate email address
			if (!empty($_POST['email'])) { 
		
				function check_email_address($email) {
		
		
					// **************************************************************************************
					// This first section checks that the FORMAT of the email address conforms with RFC 2822
					// **************************************************************************************
		
					 // First, we check that there's one @ symbol, and that the lengths are right
					 if (!ereg("^[^@]{1,64}@[^@]{1,255}$", $email)) {
					 // Email invalid because wrong number of characters in one section, or wrong number of @ symbols.
					 return false;
					}
		
					 // Split it into sections to make life easier
					 $email_array = explode("@", $email);
					 $local_array = explode(".", $email_array[0]);
					 for ($i = 0; $i < sizeof($local_array); $i++) {
						if (!ereg("^(([A-Za-z0-9!#$%&'*+/=?^_`{|}~-][A-Za-z0-9!#$%&'*+/=?^_`{|}~\.-]{0,63})|(\"[^(\\|\")]{0,62}\"))$", $local_array[$i])) 
						{
						return false;
						}
					 }
		
					 if (!ereg("^\[?[0-9\.]+\]?$", $email_array[1])) { // Check if domain is IP. If not, it should be valid domain name
					 $domain_array = explode(".", $email_array[1]);
							 if (sizeof($domain_array) < 2) {
							 return false; // Not enough parts to domain
							 }
						 for ($i = 0; $i < sizeof($domain_array); $i++) {
							 if (!ereg("^(([A-Za-z0-9][A-Za-z0-9-]{0,61}[A-Za-z0-9])|([A-Za-z0-9]+))$", $domain_array[$i])) {
							 return false;
							 }
						 }
					 }
					// **************************************************************************************
					// End RFC 2822 format checks
					// **************************************************************************************
		
		
					// **************************************************************************************
					//          The following portion checks the TLD it against registered domains
					// **************************************************************************************
					  // gets domain name
					  list($username,$domain)=split('@',$email);
					  // checks for if MX records in the DNS
					  $mxhosts = array();
					  if(!getmxrr($domain, $mxhosts))
					  {
					    // no mx records, ok to check domain
					    if (!fsockopen($domain,25,$errno,$errstr,30))
					    {
					      return false;
					    }
					    else
					    {
					      return true;
					    }
					  }
					  else
					  {
					    // mx records found
					    foreach ($mxhosts as $host)
					    {
					      if (fsockopen($host,25,$errno,$errstr,30))
					      {
						return true;
					      }
					    }
					    return false;
					  }
					// **************************************************************************************
					//                               TLD registry checks ends
					// **************************************************************************************
		
				} // Ends check_email_address function
		
		
					 if (check_email_address($email)) {
					 //echo $email . ' is a valid email address.';	// Debug
					 $em = $_POST['email'];
					 
					 
					 } else {
					 $em = FALSE;
					 echo '<p><font color="red" size="+1"> '.$email . ' is not a valid email address!</font></p>';
					 }
		
			} else 
			
				{ echo '<p><font color="red" size="+1">You forgot to enter your email address!</font></p>'; 
			
			} // Ends if email address is not empty
		
		
		
				// Validate addressee email
				if (empty($sendto)) { 
					$st = FALSE;
					echo '<p><font color="red" size="+1">Please select a department from the drop down list...</font></p>';
		
				} else {
					$st = $sendto;
				}
 
 
				// Validate name
				if (empty($_POST['fullname'])) { 
					$n = FALSE;
					echo '<p><font color="red" size="+1">You forgot to enter your name!</font></p>';
				} else {
					$n = $_POST['fullname'];
				}
					
			
				// Validate message
				if (empty($_POST['message'])) { 
					$m = FALSE;
					echo '<p><font color="red" size="+1">You forgot write your message!</font></p>';
				} else {
					$m = $_POST['message'];
				}
			
			
			if ($em && $st && $n && $m && $vc) { // if all validates do the following
			
				// Build email message and transmit
 
				// First set up some variables for recipient, subject, and date/time received
				$to = $sendto;  // Recipient
				$subject = "Message received via your website";  // Subject
				$oh = (int) date ("Z") / 3600;	// time offset to GMT
				$date = date("d M Y g:i:s a ", mktime (date ("H") - $oh)). " GMT"; // Date and time in the form yyyy-mm-dd hh:mm:ss
 
 
				// Set up conditionals for optional fields
				$addr1 = $_POST['addr1'];
				$addr2 = $_POST['addr2'];
				$city = $_POST['city'];
				$country = $_POST['country'];
				$postalcode = $_POST['postalcode'];
		
				// Compose body of email
				$message = "Following is a message received for ".$recipient. " sent via the Lakeside International Hotel website on ".$date."\n\n";
				$message .= "From: ".$n." (".$email.")\n";
 
				if (($addr1) && (! $addr2)) {
				$message .=  "Address: ".$addr1."\n"; 
				} elseif (($addr1) && ($addr2)) {
				$message .=  "Address: ".$addr1.", ".$addr2."\n";
				} else {
				$message .=  "Address: None provided\n";}
 
				if ($city) {
				$message .= "City: ".$city."\n";
				} else { }
 
				if (($country) && (! $postalcode)) {
				$message .= "Country: ".$country."\n";
				} elseif($country && $postalcode) {
				$message .= "Country: ".$country." ".$postalcode."\n";
				} else { }
				$message .= "\nMessage:\n ".$m."\n";
			
			
				// Headers
				$headers = 'From: '.$n.'<'.$email . ">\r\n" .
				    'Reply-To: '.$email . "\r\n" .
				    'X-Mailer: PHP/' . phpversion();
 
 
				// send email
				mail($to, $subject, $message, $headers);
			
			
				// Display message to webpage
				echo "Dear ". $n;
				echo '<div style="padding-left:10px;padding-top:15px">';
				echo "<p>Thank you for emailing ". $recipient.".</p>";
				echo "<p>We hope to reply within 24 working hours, however if you urgently require assistance, please telephone us at +44 (0)1252 838000.</p>";
				echo "<p>A copy of this message has been sent to you.</p>";
				echo '</div>';
				echo "<br />";
				echo "<p><i>Sincerely,</i></p>";
				echo "<i>".$recipient."</i>";
				echo "<br /><br />";
 
			
				// send copy of email to sender
				$subj = "Re enquiry to ".$recipient;
				$msg = "Following is a copy the message which you sent to ".$recipient. " on ".$date."\n\n";
				$msg .= "To: ";
				$msg .= $recipient;
				$msg .= "\n";
				$msg .= "From: ";
				$msg .= $n;
				$msg .= " (".$email.")\n";
				$msg .= "Message: ".$m."\n";
 
				// Sender
				$to = 'From: '.$recipient.'<'.$to . ">\r\n" .
				    'Reply-To: '.$to . "\r\n" .
				    'X-Mailer: PHP/' . phpversion();
 
				mail($email,$subj,$msg,$to);
			
			} else { 
			
				echo '<p id="error"><img id="error" src="'.$url.'/images/icon_error.gif" width="50" height="50" border="0" alt="Error!">Please <a href="JavaScript:history.back()">go back</a> correct the errors and submit again</p>';
			
			}
			// end validate conditional
 
		} else { // Make form to be displayed
		?>
 
		
		<?php  /* ************ CREATE VALIDATION IMAGE ******************** */
		
		// author David Picella http://ezinearticles.com/?Step-By-Step:-Add-Image-Validation-To-Your-Website-Form&id=269426
		// Create an image where width=200 pixels and height=40 pixels
		$val_img = imagecreate(200, 40);
		
		// Allocate 2 colors to the image
		$bg = imagecolorallocate($val_img, 204, 255, 204);
		$textcolor = imagecolorallocate($val_img, 0, 0, 255);
		
		// Create a seed to generate a random number
		srand((double)microtime()*1000000);
		
		// Run the random number seed through the MD5 function
		$seed_string = md5(rand(0,9999));
		
		// Chop the random string down to 5 characters
		
		// This is the validation code we will use
		$val_string = substr($seed_string, 17, 5);
		
		// Print the validation code on the image in white
		$font = imageloadfont('anonymous.gdf');
		imagestring($val_img, $font, 50, 0, $val_string, $textcolor);
		
		// Write the image file to the current directory
		imagejpeg($val_img, "verify.jpg");
		imagedestroy($val_img);
		
		/* ************ VALIDATION IMAGE CREATED ******************** */ ?>
				
		<div style="font-style:italic;font-size:82.5%;font-weight:400;padding-bottom:15px;">Fields in <b>bold</b> must be completed</div>
 
 
				<form name="contact" action="<?php echo $_SERVER['PHP_SELF'];?>" method="post">
 
 
					<div class="field_wrapper">
						<div class="form_name_mandatory">To:</div>
						<div class="form_name_input">
							<?php // Select email contact from drop down box ?>
							
							<select size="1" name="emailto">
							  <option value="">Select a department ...</option>
							<?php foreach ($lakeside_contact_directoryRecords as $record): ?>							
							<option value="<?php echo $record['rcptid'] ?>"><?php echo $record['recipient'] ?></option>
							<?php   endforeach;?>
						</select>
						</div>
					</div>
 
 
 
					<div class="field_wrapper">
						<div class="form_name_mandatory">From:</div>
						<div class="form_name_input"><input type="text" name="fullname" size="50" value="" /></div>
					</div>
 
					<div class="field_wrapper">
						<div class="form_name_mandatory">Email:</div>
						<div class="form_name_input"><input type="text" name="email" size="50" value="" /></div>
					</div>
 
					<div class="field_wrapper">
						<div class="form_name">Address:</div>
						<div class="form_name_input"><input type="text" name="addr1" size="50" value="" /></div>
					</div>
 
					<div class="field_wrapper">
						<div class="form_name">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</div>
						<div class="form_name_input"><input type="text" name="addr2" size="50" value="" /></div>
					</div>
 
					<div class="field_wrapper">
						<div class="form_name">City:</div>
						<div class="form_name_input"><input type="text" name="city" size="40" value="" /></div>
					</div>
 
					<div class="field_wrapper">
						<div class="form_name">Country:</div>
						<div class="form_name_input">
							<!-- start of drop down country selection list -->
							<!-- generated via http://javascript.about.com/ Script Generator -->
							<select name="country" size="1">
							<option>Afghanistan</option><option>&Aring;land Islands</option><option>Albania</option><option>Algeria</option><option>American Samoa</option><option>Andorra</option><option>Angola</option><option>Anguilla</option><option>Antarctica</option><option>Antigua and Barbuda</option><option>Argentina</option><option>Armenia</option><option>Aruba</option><option >Australia</option><option>Austria</option><option>Azerbaijan</option><option>Bahamas</option><option>Bahrain</option><option>Bangladesh</option><option>Barbados</option><option>Belarus</option><option>Belgium</option><option>Belize</option><option>Benin</option><option>Bermuda</option><option>Bhutan</option><option>Bolivia</option><option>Bosnia and Herzegovina</option><option>Botswana</option><option>Bouvet Island</option><option>Brazil</option><option>British Indian Ocean territory</option><option>Brunei Darussalam</option><option>Bulgaria</option><option>Burkina Faso</option><option>Burundi</option><option>Cambodia</option><option>Cameroon</option><option>Canada</option><option>Cape Verde</option><option>Cayman Islands</option><option>Central African Republic</option><option>Chad</option><option>Chile</option><option>China</option><option>Christmas Island</option><option>Cocos (Keeling) Islands</option><option>Colombia</option><option>Comoros</option><option>Congo</option><option>Congo, Democratic Republic</option><option>Cook Islands</option><option>Costa Rica</option><option>C&ocirc;te d'Ivoire (Ivory Coast)</option><option>Croatia (Hrvatska)</option><option>Cuba</option><option>Cyprus</option><option>Czech Republic</option><option>Denmark</option><option>Djibouti</option><option>Dominica</option><option>Dominican Republic</option><option>East Timor</option><option>Ecuador</option><option>Egypt</option><option>El Salvador</option><option>Equatorial Guinea</option><option>Eritrea</option><option>Estonia</option><option>Ethiopia</option><option>Falkland Islands</option><option>Faroe Islands</option><option>Fiji</option><option>Finland</option><option >France</option><option>French Guiana</option><option>French Polynesia</option><option>French Southern Territories</option><option>Gabon</option><option>Gambia</option><option>Georgia</option><option >Germany</option><option>Ghana</option><option>Gibraltar</option><option>Greece</option><option>Greenland</option><option>Grenada</option><option>Guadeloupe</option><option>Guam</option><option>Guatemala</option><option>Guinea</option><option>Guinea-Bissau</option><option>Guyana</option><option>Haiti</option><option>Heard and McDonald Islands</option><option>Honduras</option><option>Hong Kong</option><option>Hungary</option><option>Iceland</option><option>India</option><option>Indonesia</option><!-- copyright Felgall Pty Ltd --><option>Iran</option><option>Iraq</option><option>Ireland</option><option>Israel</option><option>Italy</option><option>Jamaica</option><option>Japan</option><option>Jordan</option><option>Kazakhstan</option><option>Kenya</option><option>Kiribati</option><option>Korea (north)</option><option>Korea (south)</option><option>Kuwait</option><option>Kyrgyzstan</option><option>Lao People's Democratic Republic</option><option>Latvia</option><option>Lebanon</option><option>Lesotho</option><option>Liberia</option><option>Libyan Arab Jamahiriya</option><option>Liechtenstein</option><option>Lithuania</option><option>Luxembourg</option><option>Macao</option><option>Macedonia, Former Yugoslav Republic Of</option><option>Madagascar</option><option>Malawi</option><option>Malaysia</option><option>Maldives</option><option>Mali</option><option>Malta</option><option>Marshall Islands</option><option>Martinique</option><option>Mauritania</option><option>Mauritius</option><option>Mayotte</option><option>Mexico</option><option>Micronesia</option><option>Moldova</option><option>Monaco</option><option>Mongolia</option><option>Montserrat</option><option>Morocco</option><option>Mozambique</option><option>Myanmar</option><option>Namibia</option><option>Nauru</option><option>Nepal</option><option>Netherlands</option><option>Netherlands Antilles</option><option>New Caledonia</option><option >New Zealand</option><option>Nicaragua</option><option>Niger</option><option>Nigeria</option><option>Niue</option><option>Norfolk Island</option><option>Northern Mariana Islands</option><option>Norway</option><option>Oman</option><option>Pakistan</option><option>Palau</option><option>Palestinian Territories</option><option>Panama</option><option>Papua New Guinea</option><option>Paraguay</option><option>Peru</option><option>Philippines</option><option>Pitcairn</option><option>Poland</option><option>Portugal</option><option>Puerto Rico</option><option>Qatar</option><option>R&eacute;union</option><option>Romania</option><option>Russian Federation</option><option>Rwanda</option><option>Saint Helena</option><option>Saint Kitts and Nevis</option><option>Saint Lucia</option><option>Saint Pierre and Miquelon</option><option>Saint Vincent and the Grenadines</option><option>Samoa</option><option>San Marino</option><option>Sao Tome and Principe</option><!-- copyright Felgall Pty Ltd --><option>Saudi Arabia</option><option>Senegal</option><option>Serbia and Montenegro</option><option>Seychelles</option><option>Sierra Leone</option><option>Singapore</option><option>Slovakia</option><option>Slovenia</option><option>Solomon Islands</option><option>Somalia</option><option>South Africa</option><option>South Georgia and the South Sandwich Islands</option><option>Spain</option><option>Sri Lanka</option><option>Sudan</option><option>Suriname</option><option>Svalbard and Jan Mayen Islands</option><option>Swaziland</option><option>Sweden</option><option>Switzerland</option><option>Syria</option><option>Taiwan</option><option>Tajikistan</option><option>Tanzania</option><option>Thailand</option><option>Togo</option><option>Tokelau</option><option>Tonga</option><option>Trinidad and Tobago</option><option>Tunisia</option><option>Turkey</option><option>Turkmenistan</option><option>Turks and Caicos Islands</option><option>Tuvalu</option><option>Uganda</option><option>Ukraine</option><option>United Arab Emirates</option><option  selected="selected">United Kingdom</option><option >United States of America</option><option>Uruguay</option><option>Uzbekistan</option><option>Vanuatu</option><option>Vatican City</option><option>Venezuela</option><option>Vietnam</option><option>Virgin Islands (British)</option><option>Virgin Islands (US)</option><option>Wallis and Futuna Islands</option><option>Western Sahara</option><option>Yemen</option><option>Zaire</option><option>Zambia</option><option>Zimbabwe</option></select>
							<!-- end of drop down country selection list -->
						</div>
					</div>
 
 
					<div class="field_wrapper">
						<div class="form_name">Postal Code:</div>
						<div class="form_name_input"><input type="text" name="postalcode" size="20" value="" /></div>
					</div>
 
					<div class="field_wrapper">
						<div class="form_name_mandatory">Message:</div>
						<div class="form_name_input"><textarea name="message" rows="" cols=""></textarea></div>
					</div>
 
					<div style="text-align:center; display: block; width: 500px; padding-bottom: 20px;">
						<img src="verify.jpg" height="40" width="200" alt="validation image" /><br />
						<span style="color:#ff0000">Please type the verification code above in the box below:</span><br />
						<input type="text" name="verifycode" size="20" value="" />
						<input name="validation" type="hidden" value="<?php echo $val_string ?>">
					</div>
 
 
 
					<div style="width:100%; clear:left; text-align:center"></div>
 
					<input type="submit" name="submit" class="groovybutton" value="Send Email" title="Send email" onMouseOver="goLite(this.form.name,this.name)" onMouseOut="goDim(this.form.name,this.name)" />
				</form>
<?php
} // End isset conditional
?>
		</div>		
	    </div>															
	    </div>
		<div class="clear"></div>	
	    <?php /* **************** END COLUMN 3 ********************* */ ?>
 
 
	   
	   </div>
	   <?php /* ******************* END CONTENT CONTAINER WRAPPER COLUMN ***************** */ ?>

Open in new window

0
terry_ally
Asked:
terry_ally
  • 4
  • 2
  • 2
  • +1
1 Solution
 
lazypeopleCommented:
I know this doesnt answer your question but it is easier than managing your own script. I use http://recaptcha.net/ it has an api it also give audio which is a nice feature and it is used quite widly.

Thanks
Ben
0
 
terry_allyAuthor Commented:
Thanks, I'll bear this in mind. In my script I am also validating lots of other inputs, so I need more than a turnkey solution.
0
 
lazypeopleCommented:
its a plug and play api that can be intergrated in to any form :)

ben
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
Cornelia YoderArtistCommented:
Anything in a hidden input can be seen by the user or a bot.

Here is a very nice tutorial on creating a captcha that you can use as a model...

http://jmhoule314.blogspot.com/
0
 
terry_allyAuthor Commented:
Hi yodercm,

I've tried using a session on the same page and it does not work. Can you have a look at the code I posted and make a recommendation on how I can make the adjustment?

Terry
0
 
Ray PaseurCommented:
We cannot write your code for you, but we can show you examples of what works.  The code snippet contains the EXACT captcha code I have used with success.

There are three parts: A script called "captcha_number.php", a segment that goes into every form you want to protect, and a segment that goes into the action script.

If you use these, you will find them easy to integrate and very effective.  Going forward for the long term, I would recommend recaptcha, but this gives you a working example that is concise and easy to implement today.

Best regards, ~Ray
<?php // CAPTCHA_NUMBER.PHP GENERATES A PICTURE OF A NUMBER
 $data	= base64_decode($_GET['dt']);
 $im	= imagecreate(46,13);
 $bg	= imagecolorallocate($im, 255,255,255);
 $gray	= imagecolorallocate($im, 188,188,188);
 $text	= imagecolorallocate($im, 178,34,34);  // firebrick
 imagestring($im,5,4,0,$data,$text);
 imageline($im,4,12,38,0,$gray);
 imagepng($im);
 imagedestroy($im);
?>
 
 
 
 
 
 
<html> <!-- GOES IN THE FORM SCRIPT -->
Type
<img style="display:inline;" src=captcha_number.php?dt=<?php $x = mt_rand(1000,10000); echo base64_encode($x);?> />
here:
<input type=hidden name='_newMd5' value="<?=md5($x)?>" />
&nbsp;
<input name="_newCode" type="text" maxlength="64" size="6" autocomplete="off" />
 
 
 
 
 
 
 
<?php // GOES IN THE ACTION SCRIPT
$newCode	= $_POST["_newCode"];
$newMd5		= $_POST["_newMd5"];
$newCode	= md5($newCode);
if ($newCode != $newMd5)
{
	die('Security code number did not match');
}

Open in new window

0
 
Cornelia YoderArtistCommented:
Hi Terry,

I think if you read and understand the tutorial I pointed you to, you will be able to work out why your current code isn't doing what you want and be able to get it sorted out.  In there you will find how to validate the captcha number without compromise.
0
 
terry_allyAuthor Commented:
Hi Ray,

I didn't expect you to write my code for me, so if I gave you that impression, please accept that it is not so.

There are a couple of things which I explained previously which you might have overlooked.  In all the examples I get, they include separate files, one for the code and the other for the form. I've integrated both into a single file. When the page loads and the submit button has not been clicked then it prints the form. If the submit button has been clicked it does not load the form but goes ahead to validate the data posted from the form.

For some reason I cannot get the value of the $newCode carried over in order to validate the whether the value entered for _newCode is the same as $newCode.

This is why, I asked whether someone could have a look at my code and tell me where I went wrong.

Can you shed any light?
0
 
terry_allyAuthor Commented:
Hello again Ray,

I successfully integrated your solution and it works well.

Thanks.
0
 
Ray PaseurCommented:
Good.  Glad you got it working, and thanks for the points. ~Ray
0

Featured Post

Upgrade your Question Security!

Add Premium security features to your question to ensure its privacy or anonymity. Learn more about your ability to control Question Security today.

  • 4
  • 2
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now