Help with Captcha

I'm trying to implement captcha.  I have put some captcha code on the page this form submits to and it works fine except for the fact the user would need to hit the back button and re-enter all data if the security code is wrong.  How can I have the captcha image verified before it goes to the event-registration-verify.php page when the form is submitted?

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "">
<html lang="en-US">
<title><?= $sitetitle ?> - Professional Development Registration</title>
<?PHP require("../lib/inc/meta.php"); ?>
<link type="text/css" rel="stylesheet" href="/lib/css/screen/layout.css" media="screen" />
<link type="text/css" rel="stylesheet" href="/lib/css/screen/content.css" media="screen" />
<link type="text/css" rel="stylesheet" href="/lib/css/screen/theme.css" media="screen" />
<link type="text/css" rel="stylesheet" href="/lib/css/print/all.css" media="print" />
<script type="text/javascript" src="/lib/js/common.js"></script>
<script language="javascript">

function validate_required(field,alerttxt)
with (field)
  if (value==null||value=="")
    alert(alerttxt);return false;
    return true;

function validate_email(field,alerttxt)
with (field)
  if (apos<1||dotpos-apos<2)
    {alert(alerttxt);return false;}
  else {return true;}
function checkCaptcha(){
   global $feedback;
   if( $_SESSION['security_code'] == $_POST['security_code'] && !empty($_SESSION['security_code'] ) ) {
		// Insert you code for processing the form here, e.g emailing the submission, entering it into a database. 
		//echo 'Thank you. Your message said "'.$_POST['message'].'"';
		return true;
   } else {
		// Insert your code for showing an error message here
		$feedback .= 'You entered an invalid security code.<br/>Please try again.';
		return false;
function validate_form(thisform){
	with (thisform)
		  if (validate_email(ref11val1,"Not a valid e-mail address!")==false)
			{ref11val1.focus();return false;}
		  if (validate_required(ref1val1,"Please provide information for all the required fields!")==false)
			{ref1val1.focus();return false;}
		  if (validate_required(ref2val1,"Please provide information for all the required fields!")==false)
			{ref2val1.focus();return false;}		   
		  if (validate_required(ref16val1,"Please provide information for all the required fields!")==false)
			{ref16val1.focus();return false;}
		  if (validate_required(ref1val1,"Please provide information for all the required fields!")==false)
			{ref1val1.focus();return false;}
<body id="b_academics">
<?PHP require("../lib/inc/header1.php"); ?>
<?PHP include("../lib/inc/left/nav.php"); ?>
<?PHP require("../lib/inc/header2.php"); ?>
<?PHP include("../lib/inc/left/callouts.php"); ?>
<?PHP require("../lib/inc/header3.php"); ?>
<?PHP require("../lib/inc/header4.php"); ?>
$selectedState = "PA";
$selectedAddressType = "Work Address";
    function showOptionsDrop($array, $active, $echo=true){
        $string = '';

        foreach($array as $k => $v){
            $s = ($active == $k)? ' selected="selected"' : '';
            $string .= '<option value="'.$k.'"'.$s.'>'.$v.'</option>'."\n";     

        if($echo)   echo $string;
        else        return $string;
   	$states_arr = array('AL'=>"Alabama",'AK'=>"Alaska",'AZ'=>"Arizona",'AR'=>"Arkansas",'CA'=>"California",'CO'=>"Colorado",'CT'=>"Connecticut",'DE'=>"Delaware",'DC'=>"District Of Columbia",'FL'=>"Florida",'GA'=>"Georgia",'HI'=>"Hawaii",'ID'=>"Idaho",'IL'=>"Illinois", 'IN'=>"Indiana", 'IA'=>"Iowa",  'KS'=>"Kansas",'KY'=>"Kentucky",'LA'=>"Louisiana",'ME'=>"Maine",'MD'=>"Maryland", 'MA'=>"Massachusetts",'MI'=>"Michigan",'MN'=>"Minnesota",'MS'=>"Mississippi",'MO'=>"Missouri",'MT'=>"Montana",'NE'=>"Nebraska",'NV'=>"Nevada",'NH'=>"New Hampshire",'NJ'=>"New Jersey",'NM'=>"New Mexico",'NY'=>"New York",'NC'=>"North Carolina",'ND'=>"North Dakota",'OH'=>"Ohio",'OK'=>"Oklahoma", 'OR'=>"Oregon",'PA'=>"Pennsylvania",'RI'=>"Rhode Island",'SC'=>"South Carolina",'SD'=>"South Dakota",'TN'=>"Tennessee",'TX'=>"Texas",'UT'=>"Utah",'VT'=>"Vermont",'VA'=>"Virginia",'WA'=>"Washington",'WV'=>"West Virginia",'WI'=>"Wisconsin",'WY'=>"Wyoming");
	$addresstype_arr = array('Work Address'=>"Work Address",'Home Address'=>"Home Address");
	$source_arr = array('Harrisburg University email'=>"Harrisburg University email",'Email from Professional Assocation'=>"Email from Professional Assocation",'Friend or Colleague'=>"Friend or Colleague",'Social Network'=>"Social Network",'Web search'=>"Web search",'Mailing'=>"Mailing",'News Post'=>"News Post",'Other'=>"Other");
	$program_arr = array('Entrepreneurship Club Thermacore Presentation'=>"Entrepreneurship Club Thermacore Presentation",'ISSA Meeting'=>"ISSA Meeting",'Commencement 2011'=>"Commencement 2011",'BarCamp 2011'=>"BarCamp 2011",'Social Media Summit 2011'=>"Social Media Summit 2011");
	$regtype_arr = array('By Credit'=>"By Credit",'By Phone'=>"By Phone");
<div class="quicklinks">
		<h3>Quick Links</h3>
			<li><a href="../campuslife/directions.php">Directions and Parking</a></li>
            <li><a href="">RSVP for an Admissions Event or Campus Visit </a></li>
			<li><a href="../academics/professional/prof-dev-registration.php">Register for Professional Development Courses </a></li>		
			<li><a href="">Register for 			             Non-Degree Courses  </a></li>		
<h2>Register to Attend Free Events at Harrisburg University</h2>
<p>Please complete this form to reserve your seat for free events hosted by Harrisburg University that are open to the community—such as panel discussions, movie nights or guest lectures.<br />
<p>Completing the form helps the University with its planning and to accommodate guests. Do not use this form to register for admissions events, student orientation events, non-degree classes, or professional development training. Quick links allowing you to register for those classes and events are found to the right.<br />
<br />
<form method="post" action="event-registration-verify.php" name="pdreg" id="pdreg" enctype="application/x-www-form-urlencoded" onsubmit="return checkCaptcha;">
<tr><td><strong>First Name*:</strong> </td><td>
<input name="ref1type1" type="hidden" id="ref1type1" value="C-FNAME" />
<input name="ref1val1" type="text" id="ref1val1" size="40" value="<?php echo("$sFirstName");?>" />
</td><td><tr><td><strong>Last Name*:</strong> </td><td> 
<input name="ref2type1" type="hidden" id="ref2type1" value="C-LNAME" />
<input name="ref2val1" type="text" id="ref2val1" size="40" value="<?php echo("$sLastName");?>" />
<tr><td>Title: </td><td> 
<input name="ref3type1" type="hidden" id="ref3type1" value="C-TITLE" />
<input name="ref3val1" type="text" id="ref3val1" size="40" value="<?php echo("$sTitle");?>" />
</td><td><tr><td>Employer: </td><td> 
<input name="ref4type1" type="hidden" id="ref4type1" value="employer" />
<input name="ref4val1" type="text" id="ref4val1" size="40" value="<?php echo("$sEmployer");?>" />
<tr><td>Number of Attendees you are RSVPing for? : </td><td>
<input name="ref20type1" type="hidden" id="ref20type1" value="rsvp" />
<input name="ref20val1" type="text" id="ref20val1" size="10" value="<?php echo("$srsvp");?>" />
<tr><td>Address 1: </td><td>
<input name="ref7type1" type="hidden" id="ref7type1" value="C-ADDR" />
<input name="ref7val1" type="text" id="ref7val1" size="40" value="<?php echo("$sAddress1");?>" />
</td><td><tr><td>Address 2: </td><td>
<input name="ref8type1" type="hidden" id="ref8type1" value="address2" />
<input name="ref8val1" type="text" id="ref8val1" size="40" value="<?php echo("$sAddress2");?>" />
<tr><td>City: </td><td> 
<input name="ref9type1" type="hidden" id="ref9type1" value="C-CITY" />
<input name="ref9val1" type="text" id="ref9val1" size="40" value="<?php echo("$sCity");?>" />
</tr></td><td><tr><td>State: </td><td>
<input name="ref13type1" type="hidden" id="ref13type1" value="C-STATE" />
<select name="ref13val1" id="ref13val1">
	<option value="" selected></option>
	<?php showOptionsDrop($states_arr, $selectedState, true); ?>

<tr><td>Zip: </td><td> 
<input name="ref10type1" type="hidden" id="ref10type1" value="C-ZIP" />
<input name="ref10val1" type="text" id="ref10val1" size="40" value="<?php echo("$sZip");?>" />
<tr><td>Address Type: </td><td>
<input name="ref14type1" type="hidden" id="ref14type1" value="addrtype" />
<select name="ref14val1" id="ref14val1">
	<?php showOptionsDrop($addresstype_arr, $selectedAddressType, true); ?>

<tr><td colspan="4">&nbsp;</td></tr>
<tr><td><strong>E-mail*:</strong> </td><td colspan="3">
<input name="ref11type1" type="hidden" id="ref11type1" value="C-EMAIL" />
<input name="ref11val1" type="text" id="ref11val1" size="40" value="<?php echo("$sEmailAddress");?>" />
<tr><td colspan="4">&nbsp;</td></tr>
  <td>How did you learn about this event?</td>
  <td colspan="3">
<input name="ref15type1" type="hidden" id="ref15type1" value="source" />
<select name="ref15val1" id="ref15val1">
	<option value="" selected>-- Select --</option>
	<?php showOptionsDrop($source_arr, $selectedSource, true); ?>
<input name="ref12type1" type="hidden" id="ref12type1" value="sourceother" />
<input name="ref12val1" type="text" id="ref12val1" size="20" value="<?php echo("$sSourceOther");?>" />

<tr><td colspan="4">&nbsp;</td></tr>
  <td><strong>Event*:</strong> </td>
<input name="ref16type1" type="hidden" id="ref16type1" value="program" />
<select name="ref16val1[]" multiple="multiple" id="ref16val1" style="width:200px" >
	<option value="" selected>-- Select --</option>
	<?php showOptionsDrop($program_arr, $selectedProgram, true); ?>
<tr><td><img src="CaptchaSecurityImages.php" /></td></tr>
<tr><td>Security Code: 
<input id="security_code" name="security_code" type="text" /></td>
<tr><td colspan="4">&nbsp;</td></tr>
<table width="100%"><tbody>

if (!$submitted) { ?>
<tr align="center" height="50px"><td bgcolor="#DBCDA8"><br /><input type="submit" name="submit" id="submit" value="Submit Registration" /><br />&nbsp;</td></tr>
<? } ?>

Harrisburg University respects your privacy rights. The University will never sell, rent, loan, trade or lease your personal information to any third party. Questions?  Please call 717.901.5146 or email  <a href=""></a> </p>
<?PHP require("../lib/inc/footer.php"); ?>

Open in new window

Who is Participating?
It is generally best to have forms not post to themselves. If you do then clicking reload can cause funny behavior.  
Instead, continue to have your form post to the verify page, but redirect back to the form if there was a captcha validation error.

// event-registration-verify.php
if ($_GET['userCaptchaValue'] != $knownCaptchaValue) {
    header("Location: event-registration.php");
    die; // exit the script so the header can perform the redirect

for more user friendlyness, add ?reason=captcha to your redirect location so you can reload the form with a friendly error message.
you can not use the back button and expect to keep Session - include the captcha code to check the "image" or "text" on the same page. and post to itself or as you are- posting to the next page. - In the next page (error page) clear the the text manually imput by the user and allow them to reenter it
you could use ajax to check the captcha. You could do it on on_blur of the entry box and use a onsubmit handler on the form that will not let the form submit unless it has received back that the captcha was correct.
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

Simply change the form action to the current page and place the verification code from event-registration-verify.php within the current document and if it passes the verification end with a
<?php header(location,url);?>
Ray PaseurCommented:
I won't make it through all 200+ lines of your code up there, but I've recently seen a very nice example of what you want to do.  So I will describe it for you, and then if I have time, I will come back and post a code example.

1. Test for the Captcha Cookie
2. If Captcha Cookie is not set, perform Captcha processing
3. If Captcha processing works, set Captcha Cookie with lifetime of zero (end of browser)
4. If Captcha Cookie is set, perform Form-input processing.

There are no redirects needed.

As far as keeping the client data so that forms do not need to be filled in over and over again, that is a pretty well understood design pattern.  You can stage the data in variables that are either set to NULL or to the value from the form.  Then you can echo those variables in to the value= attribute of the form input tags.  If you need an example, please post a Q here about "keeping the values of form input" and you'll get good answers from the community, I'm sure.
jasonbrandt3Author Commented:
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.