Solved

reCaptcha Form sending out regardless

Posted on 2012-03-16
13
394 Views
Last Modified: 2012-03-26
I added recatpcha to this beta website. Tested it and all appeared to go good until I realized that you can type in anything in the recaptcha field and the form will submit.  Does anyone know how to fix that.  This is my first official do-hicky like this and I don't know why it doesn't work.

p.s.  Yes, I realize that when we go live, I will have to do it all over again.
0
Comment
Question by:nsitedesigns
  • 8
  • 5
13 Comments
 
LVL 53

Expert Comment

by:COBOLdinosaur
ID: 37730759
The most likely cause is a failure in validation on the server side.  However without any code to look at, all we can do is speculate.


Cd&
0
 

Author Comment

by:nsitedesigns
ID: 37731198
sorry, forgot to include url

http://kleiberconstruction2.info/contact.html
0
 
LVL 53

Expert Comment

by:COBOLdinosaur
ID: 37737833
The way I read it, the form gets submitted if the the submit button is clicked, I don't see anything that prevent it, or validates the captcha before submission.

IMO this is not a good way to do captcha, everything should be in the form handler on the server side.

Cd&
0
 

Author Comment

by:nsitedesigns
ID: 37738534
these directions were from the recapta site.  Can you please provide me with a site that shows how you would recommend it be added to a website.
0
 
LVL 53

Expert Comment

by:COBOLdinosaur
ID: 37738894
I question the need for recaptcha, unless your site is being overrun with robots, a very simple implementation is all that's needed; and would be more user friendly.  Making the image unreadable does not make it much more effective against robots and does make thing more difficult for users.

Try a simple all server side implementation Like this


Cd&
0
 

Author Comment

by:nsitedesigns
ID: 37749387
I do not understand this portion of your white-hat sample code.  What does it mean, place it where the form is submitted to?

Place the following in the code where the form is submitted to. This code
will check what the user has typed matches the code in the image.
session_start();
if(($_SESSION['security_code'] == $_POST['security_code']) && (!empty($_SESSION['security_code'])) ) {
      // Insert you code for processing the form here, e.g emailing the submission, entering it into a database.
      unset($_SESSION['security_code']);
} else {
      // Insert your code for showing an error message here
}
0
What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

 

Author Comment

by:nsitedesigns
ID: 37749397
Also,  I put the code into a row immediately above the submit button, yet it appears above the form.  How do I move it down?
<form action="/gdform.php" method="post"> 
      
      <input type="hidden" name="subject" value="Form Submission" /> 
      <input type="hidden" name="redirect" value="thankyou.html" />
   
  <table width="93%" border="1" cellpadding="14" cellspacing="1">
    <tr>
      <td valign="top">Full Name</td>
      <td valign="top" bgcolor="#f9e5c2"><input name="1_Name" type="text" id="1_Name" size="60" /></td>
      </tr>
    <tr>
      <td valign="top">Address 1 </td>
      <td valign="top"><input name="5_Address1" type="text" id="Address1" size="60" /></td>
      </tr>
    <tr>
      <td valign="top">Address 2</td>
      <td valign="top" bgcolor="#f9e5c2"><input name="6_Address2" type="text" id="Address2" size="60" /></td>
      </tr>
    <tr>
      <td valign="top">City </td>
      <td valign="top"><input name="7_City" type="text" id="City" size="33" /></td>
      </tr>
    <tr>
      <td valign="top">State</td>
      <td valign="top" bgcolor="#f9e5c2"><input name="8_State" type="text" id="8_State" size="4" /></td>
      </tr>
    <tr>
      <td valign="top">Zip Code</td>
      <td valign="top"><input name="9_Zip" type="text" id="9_Zip" size="10" /></td>
      </tr>
    <tr>
      <td valign="top">Phone
        (Night)</td>
      <td valign="top" bgcolor="#f9e5c2"><input name="4_Phone_Night" type="text" id="4_Phone_Night" size="15" /></td>
      </tr>
    <tr>
      <td valign="top">Phone (Day)</td>
      <td valign="top"><input name="3_Phone_Day" type="text" id="3_Phone_Day" size="15" /></td>
      </tr>
    <tr>
      <td valign="top">Email</td>
      <td valign="top" bgcolor="#f9e5c2"><input name="2_Email" type="text" size="60" id="2_Email" /></td>
      </tr>
    <tr>
      <td valign="top">Comments</td>
      <td valign="top"><textarea name="Comments" cols="50" rows="10" id="Comments"></textarea></td>
      </tr>
    <tr>
      <img src="CaptchaSecurityImages.php" alt="" />
Security Code:
<input id="security_code" name="security_code" type="text" />
    </tr>
    
  </table>
<p>
<input type="Submit" name="Submit" value="Submit" id="Submit"/>
                &nbsp;&nbsp;&nbsp;<input type="reset" name="Reset" value="Reset" id="Reset" />
      </p>
  </form>

Open in new window

0
 
LVL 53

Accepted Solution

by:
COBOLdinosaur earned 500 total points
ID: 37749708
The place for the code is your server side PHP code for the form handler. Before you process the form you check the captcha.

As for the position in relation to the table. That has more to do with the badly written HTML than with the CAPTCHA


Cd&
0
 

Author Comment

by:nsitedesigns
ID: 37749732
Pardon me for saying this but, I guess telling me my html is poorly written isn't really giving me direction as to how to reposition this code so it is in the right spot. The previous captcha code I tried to implement was placed in a table row and it sat exactly where I wanted it to be.
0
 

Author Comment

by:nsitedesigns
ID: 37749744
So, I place the code below on the CaptchaSecurityImages.php page?  If so, where on this page do I put it.  Please advise.  I don't really know php.
0
 
LVL 53

Expert Comment

by:COBOLdinosaur
ID: 37749775
You have a row with no cells.  The browser is just trying to guess what the invalid code is supposed to do.

Generally when someone is implementing something like CAPTCHA they have a skill level that does not require a lot of basics.  If I assumed the wrong skill level I appologize.


Cd&
0
 

Author Comment

by:nsitedesigns
ID: 37765772
I am pretty familiar with html and as i mentioned earlier, I do not know php.  I was lead to believe that adding a captcha code was going to be a walk in the park.  That hasn't been the case.  It's been hours that I have been trying to figure this out.  I am cutting bait and calling it a loss.
0
 

Author Closing Comment

by:nsitedesigns
ID: 37765792
I am giving you points because you attempted to help me but I was still unable to figure it out.  I guess as you mentioned, my skill levels are way below what is needed to do this very simple process.
0

Featured Post

Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

Join & Write a Comment

Boost your ability to deliver ambitious and competitive web apps by choosing the right JavaScript framework to best suit your project’s needs.
Is your Office 365 signature not working the way you want it to? Are signature updates taking up too much of your time? Let's run through the most common problems that an IT administrator can encounter when dealing with Office 365 email signatures.
The viewer will receive an overview of the basics of CSS showing inline styles. In the head tags set up your style tags: (CODE) Reference the nav tag and set your properties.: (CODE) Set the reference for the UL element and styles for it to ensu…
In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now