Error in php captcha

contact-form-handler.phpThe contact form on my website has been abused by spam bots, so I am trying to implement a captcha to filter them out.  Whether or not the captcha text field is completed accurately, there is an internal server error.  I am a novice with php, and would appreciate correction of my error(s).  www.mauitradewinds.com/contact.htm
ddantesAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Ray PaseurCommented:
Here is an article telling how to implement CAPTCHA.  It's not "one thing" -- more of a design pattern.  Choose one of the implementations that sucks the least for your human clients.
http://www.experts-exchange.com/Web_Development/Web_Languages-Standards/PHP/A_9849-Making-CAPTCHA-Friendlier-with-PHP-Image-Manipulation.html
0
ddantesAuthor Commented:
Thank you, Ray.  I will study these methods.  Meanwhile, can you correct the error in my existing form page or php?  It worked fine before I added the captcha, and I'd like to get it working while I research ways to refine it.
0
Ray PaseurCommented:
Please use the Code snippet to post the code (instead of a file attachment).  The Code snippet gives us line numbers and a unispace font that facilitates discussion.  And I am not sure I am seeing all of the information in these files.  For example, where is the code that generates the CAPTCHA test and loads the data into the PHP session?
0
Cloud Class® Course: Ruby Fundamentals

This course will introduce you to Ruby, as well as teach you about classes, methods, variables, data structures, loops, enumerable methods, and finishing touches.

Ray PaseurCommented:
Oh, wow - I just looked at the CAPTCHA code.  The answer is always "5."  I don't think it will take the spam bots very long to figure that out!
0
ddantesAuthor Commented:
Sorry, I'm not familiar with how to post a code snippet.  If you could explain that, I'll post it.

I got your contact form.  You didn't get an error message?
0
Ray PaseurCommented:
Line 19 of the action script (as installed on my server) contains this:

    $captcha = array_key_exists('captcha',$_POST) ? $_POST['captcha']);

There is a parse error in that line.   The ternary notation needs a colon after the "true" value and the "false" value after the colon.  Maybe something like this would work better:

    $captcha = array_key_exists('captcha',$_POST) ? $_POST['captcha'] : FALSE;

Are you sure you wouldn't want to get some professional help with this script?  Or at least take some time to learn PHP before you start using PHP?  I can understand it either way - one way costs money and the other way requires time and effort.  Depending on your circumstances and requirements one or the other will make sense.  If you want to learn PHP this article can help you get started.
http://www.experts-exchange.com/Web_Development/Web_Languages-Standards/PHP/A_11769-And-by-the-way-I-am-new-to-PHP.html
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Ray PaseurCommented:
Sorry, I'm not familiar with how to post a code snippet.
In the "Post a Comment" screen, there is a textarea with formatting controls just above the text input area.  The formatting controls contain the word Code.  If you click that, you will get a set of markup tags and the cursor will be in exactly the right place to paste the code.  So the process is (1) Copy the code to your clipboard, (2) click Code, (3) paste the clipboard.
0
ddantesAuthor Commented:
Thank you for your comments.  I corrected that syntax error, and made a couple of adjustments.  The following code works.   I agree this is a crude, first attempt at a captcha.  In the articles you provided, there is a "honeypot" example, which tricks bots into entering data into an invisible text field.  I like that approach.  Do you have an opinion about that?



<?php 
$errors = '';
$myemail = 'stay@mauitradewinds.com';//<-----Put Your email address here.
if(empty($_POST['firstname'])  || 
   empty($_POST['lastname'])  ||
   empty($_POST['email']) || 
   empty($_POST['captcha']) || 
   empty($_POST['message']))
{
    $errors .= "\n Error: At a minimum, we need your name, Email address and message in order to transmit your form.";
}
else
{
    $firstname = array_key_exists('firstname',$_POST) ? $_POST['firstname']:''; 
    $lastname = array_key_exists('lastname',$_POST) ? $_POST['lastname']:''; 
    $email_address = array_key_exists('email',$_POST) ? $_POST['email']:''; 
    $message = array_key_exists('message',$_POST) ? $_POST['message']:''; 
    $captcha = array_key_exists('captcha',$_POST) ? $_POST['captcha'] : FALSE;
    if (!preg_match(
    '/^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$/i', 
    $email_address))
    {
        $errors .= "\n Error: Invalid email address";
    }
     if (!preg_match(
     "/5/",
     $captcha))
    {
        $errors .= "\n Error: Please check your math";
    }
}

if( empty($errors))
{
	$to = $myemail; 
	$email_subject = "Contact form";
	$email_body = "You have received a contact form from Site-1. ".
	" Here are the details:\n First Name: $firstname \n Last Name: $lastname \n Email: $email_address \n Message: \n $message"; 
	
	$headers = "From: $myemail\n"; 
	$headers .= "Reply-To: $email_address";
	
	mail($to,$email_subject,$email_body,$headers);
	//redirect to the 'thank you' page
	header('Location: thankyou.htm');
	exit;//You should always "exit" immediately after a redirection request
} 
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> 
<html>
<head>
	<title>Contact form handler</title>
</head>

<body>
<!-- This page is displayed only if there is some error -->
<?php
echo nl2br($errors);
?>


</body>
</html>

Open in new window

0
Ray PaseurCommented:
All of the CAPTCHA methods in the article work reasonably well.  I like the honeypot, too.  It's worth a try.  If it turns out to be inadequate, then move on to one of the other methods.  It's likely that you will not get too much grief from the 'bots unless you use reCaptcha, which they have mostly learned to crack.  That's why other ideas, especially for smaller sites, can still be useful.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
PHP

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.