Solved

Help with Captcha

Posted on 2010-11-22
6
313 Views
Last Modified: 2012-05-10
I'm trying to implement captcha.  I have put some captcha code on the page this form submits to and it works fine except for the fact the user would need to hit the back button and re-enter all data if the security code is wrong.  How can I have the captcha image verified before it goes to the event-registration-verify.php page when the form is submitted?
<?PHP
include("../campuslife/library/inc/_app_space.php");
require("../lib/inc/hostconfig.php");
require("../lib/inc/siteconfig.php");

opendatabase($dbc,$dbprefix);
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en-US">
<head>
<title><?= $sitetitle ?> - Professional Development Registration</title>
<?PHP require("../lib/inc/meta.php"); ?>
<link type="text/css" rel="stylesheet" href="/lib/css/screen/layout.css" media="screen" />
<link type="text/css" rel="stylesheet" href="/lib/css/screen/content.css" media="screen" />
<link type="text/css" rel="stylesheet" href="/lib/css/screen/theme.css" media="screen" />
<link type="text/css" rel="stylesheet" href="/lib/css/print/all.css" media="print" />
<script type="text/javascript" src="/lib/js/common.js"></script>
<script language="javascript">


function validate_required(field,alerttxt)
{
with (field)
  {
  if (value==null||value=="")
    {
    alert(alerttxt);return false;
    }
  else
    {
    return true;
    }
  }
}

function validate_email(field,alerttxt)
{
with (field)
  {
  apos=value.indexOf("@");
  dotpos=value.lastIndexOf(".");
  if (apos<1||dotpos-apos<2)
    {alert(alerttxt);return false;}
  else {return true;}
  }
}
function checkCaptcha(){
   global $feedback;
   if( $_SESSION['security_code'] == $_POST['security_code'] && !empty($_SESSION['security_code'] ) ) {
		// Insert you code for processing the form here, e.g emailing the submission, entering it into a database. 
		//echo 'Thank you. Your message said "'.$_POST['message'].'"';
		unset($_SESSION['security_code']);
		return true;
   } else {
		// Insert your code for showing an error message here
		$feedback .= 'You entered an invalid security code.<br/>Please try again.';
		return false;
   }
}
function validate_form(thisform){
	
	with (thisform)
	{
	
		
		  if (validate_email(ref11val1,"Not a valid e-mail address!")==false)
			{ref11val1.focus();return false;}
		  if (validate_required(ref1val1,"Please provide information for all the required fields!")==false)
			{ref1val1.focus();return false;}
		  if (validate_required(ref2val1,"Please provide information for all the required fields!")==false)
			{ref2val1.focus();return false;}		   
		  if (validate_required(ref16val1,"Please provide information for all the required fields!")==false)
			{ref16val1.focus();return false;}
		  if (validate_required(ref1val1,"Please provide information for all the required fields!")==false)
			{ref1val1.focus();return false;}
		  
		 		  }
	}
	
}
</script>
</head>
<body id="b_academics">
<?PHP require("../lib/inc/header1.php"); ?>
<?PHP include("../lib/inc/left/nav.php"); ?>
<?PHP require("../lib/inc/header2.php"); ?>
<?PHP include("../lib/inc/left/callouts.php"); ?>
<?PHP require("../lib/inc/header3.php"); ?>
<?PHP require("../lib/inc/header4.php"); ?>
<?PHP
$selectedState = "PA";
$selectedAddressType = "Work Address";
   
    function showOptionsDrop($array, $active, $echo=true){
        $string = '';

        foreach($array as $k => $v){
            $s = ($active == $k)? ' selected="selected"' : '';
            $string .= '<option value="'.$k.'"'.$s.'>'.$v.'</option>'."\n";     
        }

        if($echo)   echo $string;
        else        return $string;
    }
   
   	$states_arr = array('AL'=>"Alabama",'AK'=>"Alaska",'AZ'=>"Arizona",'AR'=>"Arkansas",'CA'=>"California",'CO'=>"Colorado",'CT'=>"Connecticut",'DE'=>"Delaware",'DC'=>"District Of Columbia",'FL'=>"Florida",'GA'=>"Georgia",'HI'=>"Hawaii",'ID'=>"Idaho",'IL'=>"Illinois", 'IN'=>"Indiana", 'IA'=>"Iowa",  'KS'=>"Kansas",'KY'=>"Kentucky",'LA'=>"Louisiana",'ME'=>"Maine",'MD'=>"Maryland", 'MA'=>"Massachusetts",'MI'=>"Michigan",'MN'=>"Minnesota",'MS'=>"Mississippi",'MO'=>"Missouri",'MT'=>"Montana",'NE'=>"Nebraska",'NV'=>"Nevada",'NH'=>"New Hampshire",'NJ'=>"New Jersey",'NM'=>"New Mexico",'NY'=>"New York",'NC'=>"North Carolina",'ND'=>"North Dakota",'OH'=>"Ohio",'OK'=>"Oklahoma", 'OR'=>"Oregon",'PA'=>"Pennsylvania",'RI'=>"Rhode Island",'SC'=>"South Carolina",'SD'=>"South Dakota",'TN'=>"Tennessee",'TX'=>"Texas",'UT'=>"Utah",'VT'=>"Vermont",'VA'=>"Virginia",'WA'=>"Washington",'WV'=>"West Virginia",'WI'=>"Wisconsin",'WY'=>"Wyoming");
	
	$addresstype_arr = array('Work Address'=>"Work Address",'Home Address'=>"Home Address");
	
	$source_arr = array('Harrisburg University email'=>"Harrisburg University email",'Email from Professional Assocation'=>"Email from Professional Assocation",'Friend or Colleague'=>"Friend or Colleague",'Social Network'=>"Social Network",'Web search'=>"Web search",'Mailing'=>"Mailing",'News Post'=>"News Post",'Other'=>"Other");
	
	$program_arr = array('Entrepreneurship Club Thermacore Presentation'=>"Entrepreneurship Club Thermacore Presentation",'ISSA Meeting'=>"ISSA Meeting",'Commencement 2011'=>"Commencement 2011",'BarCamp 2011'=>"BarCamp 2011",'Social Media Summit 2011'=>"Social Media Summit 2011");
	
	
	$regtype_arr = array('By Credit'=>"By Credit",'By Phone'=>"By Phone");
	
?>
<div class="quicklinks">
		<h3>Quick Links</h3>
		<ul>
			<li><a href="../campuslife/directions.php">Directions and Parking</a></li>
            <li><a href="https://portal.harrisburgu.edu/ics/Admissions/Home.jnz?portlet=Request_a_Campus_Visit">RSVP for an Admissions Event or Campus Visit </a></li>
			<li><a href="../academics/professional/prof-dev-registration.php">Register for Professional Development Courses </a></li>		
			<li><a href="https://myhu.harrisburgu.edu/ics/Admissions/Home.jnz?portlet=Apply_For_Admissions_2008-12-01T15-09-31-797&screen=Begin%2f%2fa5538df8-2f09-4cf6-8fc7-dc81ded76bf3&screenType=next%27">Register for 			             Non-Degree Courses  </a></li>		
		</ul>
</div>
<h2>Register to Attend Free Events at Harrisburg University</h2>
<p>Please complete this form to reserve your seat for free events hosted by Harrisburg University that are open to the community—such as panel discussions, movie nights or guest lectures.<br />
<p>Completing the form helps the University with its planning and to accommodate guests. Do not use this form to register for admissions events, student orientation events, non-degree classes, or professional development training. Quick links allowing you to register for those classes and events are found to the right.<br />
<br />
<form method="post" action="event-registration-verify.php" name="pdreg" id="pdreg" enctype="application/x-www-form-urlencoded" onsubmit="return checkCaptcha;">
<table><tbody>
<tr><td><strong>First Name*:</strong> </td><td>
<input name="ref1type1" type="hidden" id="ref1type1" value="C-FNAME" />
<input name="ref1val1" type="text" id="ref1val1" size="40" value="<?php echo("$sFirstName");?>" />
</td><td><tr><td><strong>Last Name*:</strong> </td><td> 
<input name="ref2type1" type="hidden" id="ref2type1" value="C-LNAME" />
<input name="ref2val1" type="text" id="ref2val1" size="40" value="<?php echo("$sLastName");?>" />
<tr><td>Title: </td><td> 
<input name="ref3type1" type="hidden" id="ref3type1" value="C-TITLE" />
<input name="ref3val1" type="text" id="ref3val1" size="40" value="<?php echo("$sTitle");?>" />
</td><td><tr><td>Employer: </td><td> 
<input name="ref4type1" type="hidden" id="ref4type1" value="employer" />
<input name="ref4val1" type="text" id="ref4val1" size="40" value="<?php echo("$sEmployer");?>" />
</td></tr>
<tr><td>Number of Attendees you are RSVPing for? : </td><td>
<input name="ref20type1" type="hidden" id="ref20type1" value="rsvp" />
<input name="ref20val1" type="text" id="ref20val1" size="10" value="<?php echo("$srsvp");?>" />
<tr><td>Address 1: </td><td>
<input name="ref7type1" type="hidden" id="ref7type1" value="C-ADDR" />
<input name="ref7val1" type="text" id="ref7val1" size="40" value="<?php echo("$sAddress1");?>" />
</td><td><tr><td>Address 2: </td><td>
<input name="ref8type1" type="hidden" id="ref8type1" value="address2" />
<input name="ref8val1" type="text" id="ref8val1" size="40" value="<?php echo("$sAddress2");?>" />
</td></tr>
<tr><td>City: </td><td> 
<input name="ref9type1" type="hidden" id="ref9type1" value="C-CITY" />
<input name="ref9val1" type="text" id="ref9val1" size="40" value="<?php echo("$sCity");?>" />
</tr></td><td><tr><td>State: </td><td>
<input name="ref13type1" type="hidden" id="ref13type1" value="C-STATE" />
<select name="ref13val1" id="ref13val1">
	<option value="" selected></option>
	<?php showOptionsDrop($states_arr, $selectedState, true); ?>
</select>
</td></tr>

<tr><td>Zip: </td><td> 
<input name="ref10type1" type="hidden" id="ref10type1" value="C-ZIP" />
<input name="ref10val1" type="text" id="ref10val1" size="40" value="<?php echo("$sZip");?>" />
</td><td>&nbsp;&nbsp;&nbsp;</td></tr>
<tr><td>Address Type: </td><td>
<input name="ref14type1" type="hidden" id="ref14type1" value="addrtype" />
<select name="ref14val1" id="ref14val1">
	<?php showOptionsDrop($addresstype_arr, $selectedAddressType, true); ?>
</select>
</td><td>&nbsp;&nbsp;&nbsp;</td></tr>

<tr><td colspan="4">&nbsp;</td></tr>
<tr><td><strong>E-mail*:</strong> </td><td colspan="3">
<input name="ref11type1" type="hidden" id="ref11type1" value="C-EMAIL" />
<input name="ref11val1" type="text" id="ref11val1" size="40" value="<?php echo("$sEmailAddress");?>" />
</td></tr>
<tr><td colspan="4">&nbsp;</td></tr>
<tr>
  <td>How did you learn about this event?</td>
  <td colspan="3">
<input name="ref15type1" type="hidden" id="ref15type1" value="source" />
<select name="ref15val1" id="ref15val1">
	<option value="" selected>-- Select --</option>
	<?php showOptionsDrop($source_arr, $selectedSource, true); ?>
</select>
&nbsp;&nbsp;Other: 
<input name="ref12type1" type="hidden" id="ref12type1" value="sourceother" />
<input name="ref12val1" type="text" id="ref12val1" size="20" value="<?php echo("$sSourceOther");?>" />
</td>
</tr>

<tr><td colspan="4">&nbsp;</td></tr>
<tr>
  <td><strong>Event*:</strong> </td>
  <td>
<input name="ref16type1" type="hidden" id="ref16type1" value="program" />
<select name="ref16val1[]" multiple="multiple" id="ref16val1" style="width:200px" >
	<option value="" selected>-- Select --</option>
	<?php showOptionsDrop($program_arr, $selectedProgram, true); ?>
</select>
<tr><td><img src="CaptchaSecurityImages.php" /></td></tr>
<tr><td>Security Code: 
<input id="security_code" name="security_code" type="text" /></td>
</tr>
<tr><td colspan="4">&nbsp;</td></tr>
</tbody></table>
<table width="100%"><tbody>

<?php 
if (!$submitted) { ?>
<tr align="center" height="50px"><td bgcolor="#DBCDA8"><br /><input type="submit" name="submit" id="submit" value="Submit Registration" /><br />&nbsp;</td></tr>
<? } ?>
</tbody></table>


</form>
<p>
Harrisburg University respects your privacy rights. The University will never sell, rent, loan, trade or lease your personal information to any third party. Questions?  Please call 717.901.5146 or email  <a href="mailto:Connect@HarrisburgU.edu">Connect@HarrisburgU.edu</a> </p>
<?PHP require("../lib/inc/footer.php"); ?>
</body>
</html>

Open in new window

0
Comment
Question by:jasonbrandt3
6 Comments
 
LVL 6

Expert Comment

by:r3nder
ID: 34188930
you can not use the back button and expect to keep Session - include the captcha code to check the "image" or "text" on the same page. and post to itself or as you are- posting to the next page. - In the next page (error page) clear the the text manually imput by the user and allow them to reenter it
Thanks
R3nder
0
 
LVL 17

Expert Comment

by:jrm213jrm213
ID: 34189446
you could use ajax to check the captcha. You could do it on on_blur of the entry box and use a onsubmit handler on the form that will not let the form submit unless it has received back that the captcha was correct.
0
 
LVL 7

Expert Comment

by:rgranlund
ID: 34189893
Simply change the form action to the current page and place the verification code from event-registration-verify.php within the current document and if it passes the verification end with a
<?php header(location,url);?>
0
IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 
LVL 2

Accepted Solution

by:
benschwartz earned 500 total points
ID: 34191063
It is generally best to have forms not post to themselves. If you do then clicking reload can cause funny behavior.  
Instead, continue to have your form post to the verify page, but redirect back to the form if there was a captcha validation error.

// event-registration-verify.php
if ($_GET['userCaptchaValue'] != $knownCaptchaValue) {
    header("Location: event-registration.php");
    die; // exit the script so the header can perform the redirect
}


for more user friendlyness, add ?reason=captcha to your redirect location so you can reload the form with a friendly error message.
0
 
LVL 108

Expert Comment

by:Ray Paseur
ID: 34196660
I won't make it through all 200+ lines of your code up there, but I've recently seen a very nice example of what you want to do.  So I will describe it for you, and then if I have time, I will come back and post a code example.

1. Test for the Captcha Cookie
2. If Captcha Cookie is not set, perform Captcha processing
3. If Captcha processing works, set Captcha Cookie with lifetime of zero (end of browser)
4. If Captcha Cookie is set, perform Form-input processing.

There are no redirects needed.

As far as keeping the client data so that forms do not need to be filled in over and over again, that is a pretty well understood design pattern.  You can stage the data in variables that are either set to NULL or to the value from the form.  Then you can echo those variables in to the value= attribute of the form input tags.  If you need an example, please post a Q here about "keeping the values of form input" and you'll get good answers from the community, I'm sure.
0
 

Author Closing Comment

by:jasonbrandt3
ID: 34240466
Great!
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Suggested Solutions

Author Note: Since this E-E article was originally written, years ago, formal testing has come into common use in the world of PHP.  PHPUnit (http://en.wikipedia.org/wiki/PHPUnit) and similar technologies have enjoyed wide adoption, making it possib…
Part of the Global Positioning System A geocode (https://developers.google.com/maps/documentation/geocoding/) is the major subset of a GPS coordinate (http://en.wikipedia.org/wiki/Global_Positioning_System), the other parts being the altitude and t…
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…
The viewer will learn how to look for a specific file type in a local or remote server directory using PHP.

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now