?
Solved

Error in php captcha

Posted on 2014-07-15
9
Medium Priority
?
640 Views
Last Modified: 2014-07-15
contact-form-handler.phpThe contact form on my website has been abused by spam bots, so I am trying to implement a captcha to filter them out.  Whether or not the captcha text field is completed accurately, there is an internal server error.  I am a novice with php, and would appreciate correction of my error(s).  www.mauitradewinds.com/contact.htm
0
Comment
Question by:ddantes
  • 6
  • 3
9 Comments
 
LVL 111

Expert Comment

by:Ray Paseur
ID: 40197686
Here is an article telling how to implement CAPTCHA.  It's not "one thing" -- more of a design pattern.  Choose one of the implementations that sucks the least for your human clients.
http://www.experts-exchange.com/Web_Development/Web_Languages-Standards/PHP/A_9849-Making-CAPTCHA-Friendlier-with-PHP-Image-Manipulation.html
0
 

Author Comment

by:ddantes
ID: 40197712
Thank you, Ray.  I will study these methods.  Meanwhile, can you correct the error in my existing form page or php?  It worked fine before I added the captcha, and I'd like to get it working while I research ways to refine it.
0
 
LVL 111

Expert Comment

by:Ray Paseur
ID: 40197776
Please use the Code snippet to post the code (instead of a file attachment).  The Code snippet gives us line numbers and a unispace font that facilitates discussion.  And I am not sure I am seeing all of the information in these files.  For example, where is the code that generates the CAPTCHA test and loads the data into the PHP session?
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
LVL 111

Expert Comment

by:Ray Paseur
ID: 40197786
Oh, wow - I just looked at the CAPTCHA code.  The answer is always "5."  I don't think it will take the spam bots very long to figure that out!
0
 

Author Comment

by:ddantes
ID: 40197806
Sorry, I'm not familiar with how to post a code snippet.  If you could explain that, I'll post it.

I got your contact form.  You didn't get an error message?
0
 
LVL 111

Accepted Solution

by:
Ray Paseur earned 1200 total points
ID: 40197819
Line 19 of the action script (as installed on my server) contains this:

    $captcha = array_key_exists('captcha',$_POST) ? $_POST['captcha']);

There is a parse error in that line.   The ternary notation needs a colon after the "true" value and the "false" value after the colon.  Maybe something like this would work better:

    $captcha = array_key_exists('captcha',$_POST) ? $_POST['captcha'] : FALSE;

Are you sure you wouldn't want to get some professional help with this script?  Or at least take some time to learn PHP before you start using PHP?  I can understand it either way - one way costs money and the other way requires time and effort.  Depending on your circumstances and requirements one or the other will make sense.  If you want to learn PHP this article can help you get started.
http://www.experts-exchange.com/Web_Development/Web_Languages-Standards/PHP/A_11769-And-by-the-way-I-am-new-to-PHP.html
0
 
LVL 111

Expert Comment

by:Ray Paseur
ID: 40197825
Sorry, I'm not familiar with how to post a code snippet.
In the "Post a Comment" screen, there is a textarea with formatting controls just above the text input area.  The formatting controls contain the word Code.  If you click that, you will get a set of markup tags and the cursor will be in exactly the right place to paste the code.  So the process is (1) Copy the code to your clipboard, (2) click Code, (3) paste the clipboard.
0
 

Author Comment

by:ddantes
ID: 40197857
Thank you for your comments.  I corrected that syntax error, and made a couple of adjustments.  The following code works.   I agree this is a crude, first attempt at a captcha.  In the articles you provided, there is a "honeypot" example, which tricks bots into entering data into an invisible text field.  I like that approach.  Do you have an opinion about that?



<?php 
$errors = '';
$myemail = 'stay@mauitradewinds.com';//<-----Put Your email address here.
if(empty($_POST['firstname'])  || 
   empty($_POST['lastname'])  ||
   empty($_POST['email']) || 
   empty($_POST['captcha']) || 
   empty($_POST['message']))
{
    $errors .= "\n Error: At a minimum, we need your name, Email address and message in order to transmit your form.";
}
else
{
    $firstname = array_key_exists('firstname',$_POST) ? $_POST['firstname']:''; 
    $lastname = array_key_exists('lastname',$_POST) ? $_POST['lastname']:''; 
    $email_address = array_key_exists('email',$_POST) ? $_POST['email']:''; 
    $message = array_key_exists('message',$_POST) ? $_POST['message']:''; 
    $captcha = array_key_exists('captcha',$_POST) ? $_POST['captcha'] : FALSE;
    if (!preg_match(
    '/^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$/i', 
    $email_address))
    {
        $errors .= "\n Error: Invalid email address";
    }
     if (!preg_match(
     "/5/",
     $captcha))
    {
        $errors .= "\n Error: Please check your math";
    }
}

if( empty($errors))
{
	$to = $myemail; 
	$email_subject = "Contact form";
	$email_body = "You have received a contact form from Site-1. ".
	" Here are the details:\n First Name: $firstname \n Last Name: $lastname \n Email: $email_address \n Message: \n $message"; 
	
	$headers = "From: $myemail\n"; 
	$headers .= "Reply-To: $email_address";
	
	mail($to,$email_subject,$email_body,$headers);
	//redirect to the 'thank you' page
	header('Location: thankyou.htm');
	exit;//You should always "exit" immediately after a redirection request
} 
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> 
<html>
<head>
	<title>Contact form handler</title>
</head>

<body>
<!-- This page is displayed only if there is some error -->
<?php
echo nl2br($errors);
?>


</body>
</html>

Open in new window

0
 
LVL 111

Expert Comment

by:Ray Paseur
ID: 40197868
All of the CAPTCHA methods in the article work reasonably well.  I like the honeypot, too.  It's worth a try.  If it turns out to be inadequate, then move on to one of the other methods.  It's likely that you will not get too much grief from the 'bots unless you use reCaptcha, which they have mostly learned to crack.  That's why other ideas, especially for smaller sites, can still be useful.
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

These days socially coordinated efforts have turned into a critical requirement for enterprises.
Since pre-biblical times, humans have sought ways to keep secrets, and share the secrets selectively.  This article explores the ways PHP can be used to hide and encrypt information.
The viewer will learn how to dynamically set the form action using jQuery.
The viewer will learn how to create and use a small PHP class to apply a watermark to an image. This video shows the viewer the setup for the PHP watermark as well as important coding language. Continue to Part 2 to learn the core code used in creat…
Suggested Courses

864 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question