echo

Ah, thank you very much, I really appreciate it! I'll update captcha.php everywhere else I'm using it as well. Thanks also for the recaptcha advice. I know the simple setup I have won't do much to prevent bots. However, I'll only resort to Google if things get really out of hand. My sites don't get a lot of traffic so it shouldn't be a big problem. But if it becomes one, I'll know what to do. Again, Thank You!

Thank you, I will!

Just a bit of background first: I have a contact form set up on one of my domains. It hasn't been updated in 7 years and recently I started getting about 3-8 spam messages daily through it. At some point I updated other sites with code that includes a CAPTCHA. Out of sheer laziness, instead of recoding the contact form that was getting spammed, I just copied & pasted one of the updated forms and changed the necessary details like which e-mail address, URL, etc. Unfortunately, this hasn’t worked out properly. For some reason the CAPTCHA image isn’t being displayed. I keep looking but can't find the error(s). Could someone please take a look at the code and tell me what went wrong? I’d be ever so grateful for any help! The code for the form itself: <form method="post" action="mail-e.php"> <p><input type="text" name="name" id="name" value="who are you?" size="25" /></p> <p><input type="text" name="email" id="email" value="you@whatever.bla" size="25" /></p> <p><input type="text" name="url" id="url" value="http://" size="25" /></p> <p><textarea name="comments" id="comments" rows="1" cols="20">Go on, then. Tell me a story, wingy!</textarea></p> <p><img src="http://echoing.org/captcha.php" alt="humanity check" /><br /> <input type="text" name="captcha" id="captcha" /> <br /> <p><input type="submit" name="submit" id="submit" value="sing to me" /> <input type="reset" name="reset" id="reset" value="out of key" /></p> </form> mail-e.php: <?php session_start(); //Encrypt the posted code field and then compare with the stored key if(md5($_POST['captcha']) != $_SESSION['key']) { die("Error: You must enter the code correctly"); }else{ echo 'You entered the code correctly'; } ?> <?php if (!isset($_POST['submit'])) { include('./header.php'); echo "<h1>HEY!!! You just encountered an error!</h1>\n <p>You don't belong here. <strong>Because it's <em>wrong</em>.</strong> Go back and try again, please.</p>"; include('./footer.php'); exit; } function cleanUp($data) { $data = strip_tags($data); $data = trim(htmlentities($data)); return $data; } $name = cleanUp($_POST['name']); $email = cleanUp($_POST['email']); $url = cleanUp($_POST['url']); $comments = cleanUp($_POST['comments']); if ((empty($name)) || (empty($email)) || (empty($comments))) { include('./header.php'); echo "<h2>Input Error! Looks like you missed some stuff.</h2>\n <p><strong>Name</strong>, <strong>e-mail</strong> and <strong>comments</strong> are required fields. Please fill them in and try again:</p>"; echo "<form action=\"mail-e.php\" method=\"post\"><p>"; echo "<input type=\"text\" name=\"name\" id=\"name\" value=\"$name\" /> Name<br />"; echo "<input type=\"text\" name=\"email\" id=\"email\" value=\"$email\" /> E-mail<br />"; echo "<input type=\"text\" name=\"url\" id=\"url\" value=\"$url\" /> Site URL<br />"; echo "<textarea name=\"comments\" id=\"comments\">$comments</textarea> Comments<br />"; echo "<img src=\"http://echoing.org/captcha.php\" alt=\"humanity check\" style=\"margin-bottom: 2px;\" /><br />"; echo "<input type=\"text\" name=\"captcha\" id=\"captcha\" /> <br />"; echo "<input type=\"submit\" name=\"submit\" id=\"submit\" value=\"Send\" />"; echo "</p></form>"; include('./footer.php'); exit; } if (!ereg("^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,6})$",$email)) { include('./header.php'); echo "<h2>Input Error</h2>\n <p>That e-mail address you entered - \"$email\" - is <em>not</em> a valid electronic address. Please edit it and send it in again, please:</p>"; echo "<form action=\"mail-e.php\" method=\"post\"><p>"; echo "<input type=\"text\" name=\"name\" id=\"name\" value=\"$name\" /> Name<br />"; echo "<input type=\"text\" name=\"email\" id=\"email\" value=\"$email\" /> E-mail<br />"; echo "<input type=\"text\" name=\"url\" id=\"url\" value=\"$url\" /> Site URL<br />"; echo "<textarea name=\"comments\" id=\"comments\">$comments</textarea> Comments<br />"; echo "<img src=\"captcha.php\" alt=\"humanity check\" style=\"margin-bottom: 2px;\" /><br />"; echo "<input type=\"text\" name=\"captcha\" id=\"captcha\" /> <br />"; echo "<input type=\"submit\" name=\"submit\" id=\"submit\" value=\"Send\" />"; echo "</p></form>"; include('./footer.php'); exit; } $email = preg_replace("([\r\n])", "", $email); $find = "/(content-type|bcc:|cc:)/i"; if (preg_match($find, $name) || preg_match($find, $email) || preg_match($find, $url) || preg_match($find, $comments)) { include('./header.php'); echo "<h1>Error</h1>\n <p>No meta/header injections, please.</p>"; include('./footer.php'); exit; } $recipient = "my email address is here"; $subject = "paint me a wish on a velvet sky"; $message = "Name: $name \n"; $message .= "E-mail: $email \n"; $message .= "URL: $url \n"; $message .= "Comments: $comments"; $headers = "From: a wish painted on the velvet sky \r\n"; $headers .= "Reply-To: $email"; if (mail($recipient,$subject,$message,$headers)) { include('./header.php'); echo "<<p>WOO HOO! Your message was successfully sent to me! I'll read it as soon as I can. I may even respond! Thanks for using the form, fruitcake </p>"; include('./footer.php'); } else { include('./header.php'); echo "<p>Something went awry. Your message didn't go through. Want to take another crack at it? Please do, I'd love to hear from you!</p>"; include('./footer.php'); } ?> captcha.php: <?php //Start the session so we can store what the code actually is. session_start(); //Now lets use md5 to generate a totally random string $md5 = md5(microtime() * mktime()); /* We dont need a 32 character long string so we trim it down to 5 */ $string = substr($md5,0,5); /* Now for the GD stuff, for ease of use lets create the image from a background image. */ $captcha = imagecreatefromjpeg("http://echoing.org/captcha.jpg"); /* Lets set the colours, the colour $line is used to generate lines. Using a blue misty colours. The colour codes are in RGB */ $black = imagecolorallocate($captcha, 0, 0, 0); $line = imagecolorallocate($captcha,233,239,239); /* Now to make it a little bit harder for any bots to break, assuming they can break it so far. Lets add some lines in (static lines) to attempt to make the bots life a little harder */ imageline($captcha,0,0,39,29,$line); imageline($captcha,40,0,64,29,$line); /* Now for the all important writing of the randomly generated string to the image. */ imagestring($captcha, 5, 20, 10, $string, $black); /* Encrypt and store the key inside of a session */ $_SESSION['key'] = md5($string); /* Output the image */ header("Content-type: image/jpeg"); imagejpeg($captcha); ?> I don’t know where it all went wrong as I’m using pretty much the same code without problems here, here and here. The form isn't being used presently (apart from the spam) but I am itching to know what the problem is. P.S. The link to the CAPTCHA image wasn’t always http://echoing.org/captcha.php in the code. On the other forms and initially with this one the code was ./captcha.php but I changed it in case that was the problem. Looks like it isn’t. Thanks in advance!

Greetings and Salutations, Everyone! I like to play around with PHP. I started about a decade ago... All that time and you'd think I'd be a pro by now (not even close)! I was on my way to PHP & MySQL glory when life happened and I didn't code consistently or in a dedicated fashion for something like 8 years. This has left me shamefully beyond rusty. (New HTML & CSS has come around, too. I've recently gone through some refresher courses for those languages.) Anyway, I've decided to get back into it. I'm here because I'd like to re-learn and expand my knowledge of PHP. I'll probably ask a bunch of silly questions. I apologize in advance! cheers, echo