Trouble sending variables to another php page

[p8ball4life]

I am now having trouble getting the actual data to be sent.  This is a pre-developed website that I am trying to add Captcha too.  The following is my code for the site that I have added.  The rest of the information is just creation of the forms and development of the page itself:

 

$email2 = " ";

$fname2 = " ";

$lname2 = " ";

$address2 = " ";

$city2 = " ";

$state2 = " ";

$zipcode2 = " ";

$hphone2 = " ";

$wphone2 = " ";

$comments2 = " ";

 

if ($_POST['process'] == 1) {

$email2  = $_POST['email'];

$comments2 = $_POST['comments'];

$fname2 = $_POST['fname'];

$lname2 = $_POST['lname'];

$address2 = $_POST['caddress'];

$city2 = $_POST['city'];

$state2 = $_POST['state'];

$zipcode2 = $_POST['zip'];

$hphone2 = $_POST['hphone'];

$wphones2 = $_POST['wphone'];

}

 

require_once('recaptchalib.php');

$publickey = "xxx";

$privatekey = "xxx";

?>

 

**Form Creation with value being set to:

value="<?print $email2; ?>" for each field

 

This allows the page to repopulate the fields if the user fails the captcha instead of making the user re-enter the information.**

 

<!--Captcha Start-->

 

<?php

 

echo recaptcha_get_html($publickey);

 

//the response from reCAPTCHA

$resp = recaptcha_check_answer ($privatekey,

                                $_SERVER["REMOTE_ADDR"],

                                $_POST["recaptcha_challenge_field"],

                                $_POST["recaptcha_response_field"]);

 

//the error code from reCAPTCHA, if any

$error = null;

 

if ($_POST['process'] == 1) {

echo "****This is not the first page load of this instance****";

echo $resp->error;

 

if($resp->is_valid){

echo "<script language=\"javascript\">

location.href=\"$url\";

</script>";

 

echo "<B>If you have javascript disabled you may click on this link to process the form:</B> <A HREF='http://www.xxx'>www.xxx</A>";

}

 

}

 

//are we submitting the page?

if ($_POST["submit"]) {

  if (!$resp->is_valid) {

die ("The reCAPTCHA wasn't entered correctly. Go back and try it again." .

      "(reCAPTCHA said: " . $resp->error . ")");

}

}

 

echo "<script language=\"javascript\">

var RecaptchaOptions = {

  theme : 'white'};

</script>";

 

 

 

echo recaptcha_get_html($publickey, $error);

?>

</p>

 

<!--Captcha End-->

 

<input type="hidden" name="process" value="1">

 

The only thing that I can think of is that my loading of the new page through javascript doesn't allow some function that sends the information to the next page for processing.

 

The only lines of code after the hidden field are as follows:

 

<p> <input type="submit" name="Submit" value="Submit"></p></div></form>

      <script language="javascript1.2"><!--

EXs=screen;EXw=EXs.width;navigator.appName!="Netscape"?

EXb=EXs.colorDepth:EXb=EXs.pixelDepth;//-->

</script><script language="javascript"><!--

EXd=document;EXw?"":EXw="na";EXb?"":EXb="na";

EXd.write("<img src=\"http://t0.extreme-dm.com",

"/c.g?tag=polofie&j=y&srw="+EXw+"&srb="+EXb+"&",

"l="+escape(EXd.referrer)+"\" height=1 width=1>");//-->

</script><noscript><img height=1 width=1 alt=""

src="http://t0.extreme-dm.com/c.g?tag=polofie&j=n"></noscript>      </div>

</font></td>

</tr>

</table>

 

<? include_once("includes/footer.inc");?>

 

Any help would be appreciated!  To sum it up; I'm trying add captcha to a working form submission that goes to another page.  Since adding the captcha, which works and checks correctly, the other page does not receive the variables.

 

[colombian]

It's not clear from the form when the variables are being sent.

 

What it seems to be happening is that when your captcha is validated, the form is happy - and there is no more processing.

Make sure you are sending the POST variables on the successful captcha.

 

You have this code:

<?php 
if ($_POST["submit"]) {
     if (!$resp->is_valid) {
      die ("The reCAPTCHA wasn't entered correctly. Go back and try it again." .
             "(reCAPTCHA said: " . $resp->error . ")");
   }
   // Would you not need an else here?
   else { //response is valid. maybe an elseif if you want.
     // send POST variables
   }
}
?>

 

[p8ball4life]

How would I send the post variables?

[p8ball4life]

Something else that may be effecting my output is the fact that I have the submit button linking back to the same page.  This allows me to refresh the page if the user fails the captcha test and put all of their input back in.  If they passed the captcha test, it should then go on to the form submission page, but it would technically be going from the 2nd refreshed page?

[p8ball4life]

Apparently it does have something to do with the fact that I am sending the form back to itself for validation.  If I change the form action to the second 'processing' page, then the variables get sent correctly.  Any thoughts?

[colombian]

You could do 2 things:

1. Integrate the 2 functions (the captcha and the form submission into 1 page).

2. Send your post information from your CAPTCHA the form processing.

 

Integrating the 2 would make more sense, since the CAPTCHA is part of the form.

Since the form is submitting for itself - I would place all the code from the for submission page into the else statement I mentioned above.

There you would fill in all the $_POST variables to pass them only if the CAPTCHA is successful.

 

So:

?php 
if ($_POST["submit"]) {
     if (!$resp->is_valid) {
      die ("The reCAPTCHA wasn't entered correctly. Go back and try it again." .
             "(reCAPTCHA said: " . $resp->error . ")");
   }
   // Would you not need an else here?
   else { //response is valid. maybe an elseif if you want.
     // HERE YOU INSERT THE CODE that was on the working form submission page. 
    // Include the $_POST variables for the input.

   }
}
?>

 

Hope this helps.

 

 

 

[p8ball4life]

Thank you for your help columbian.  I was able to migrate the processing form page2 over to page1.  Is there any reduced security involved in doing this?

[colombian]

Security will be about the same - but some pointers:

 

Don't be too specific about the error (you don't want to tell the hacker:

"your script to read the security code is right, but you did X wrong"

 

The sequence should be as follows:

1. Make sure the CAPTCHA runs first - and is successful.

2. If successful check the form information.

3. Validate email and content fields against spam attacks with either a regex or throwing an error on CC: BCC:, etc.

4. Now you can store/POST comments.

 

Hope  this helps.