xcoderx Posted November 6, 2008 Share Posted November 6, 2008 i want to add a captcha can someone help me add it? here my comment form <form action="comment.php?a=post&entryid=$entry[id]" method="post"> <table align="center" cellpadding="2" cellspacing="0" width="90%"> <tr> <td style="border: #888888 1px dashed;"><b>Name:</b></td> <td style="border-bottom: #888888 1px dashed; border-top: #888888 1px dashed; border-right: #888888 1px dashed;"><input type="text" name="postername" value="$poster[name]"></td> </tr> <tr> <td style="border-left: #888888 1px dashed; border-right: #888888 1px dashed;"><b>Site:</b></td> <td style="border-right: #888888 1px dashed;"><input type="text" name="postersite" value="$poster[site]"><br></td> </tr> <tr> <td valign="top" style="border-right: #888888 1px dashed; border-top: #888888 1px dashed; border-left: #888888 1px dashed;"><b>Comment:</b></td> <td style="border-right: #888888 1px dashed; border-top: #888888 1px dashed;"><textarea cols="50" rows="6" name="comment"></textarea></td> </tr> <tr> <td valign="top" style="border-bottom: #888888 1px dashed; border-top: #888888 1px dashed; border-left: #888888 1px dashed;"><b>Options:</b></td> <td style="border: #888888 1px dashed;"> <input type="checkbox" name="parseurls" value="1" checked> Parse URLs<br> <input type="checkbox" name="parseemoticons" value="1" checked> Parse Emoticons<br> <input type="checkbox" name="parsebbcode" value="1" checked> Parse BB Code<br> </td> </tr> <tr> <td colspan="2" align="center" style="border-bottom: #888888 1px dashed; border-right: #888888 1px dashed; border-left: #888888 1px dashed;"> <input type="submit" value="Post"> </td> </tr> </table> </form><br> and here my comment.php <?php //# Setting templates and requiring core $bb_templates = 'base,comments_main,comments_comment,entry_mood, entry_music,archive_item,error_message,calendar_main, calendar_row,calendar_day_entry,calendar_day_noentry,calendar_day_blank, category_item,comments_nocomments,quote_template,caption_quote_temp, comments_postform,comments_locked'; require("core.php"); //# Setting some used $_GET vars $entryid = prepValue($_GET['entryid']); $action = prepValue($_GET['a']); //# Seeing if the user is logged in, and if so, grabbing private entries $privatequery = ""; if($userdata['logged_in'] == 1){ $privatequery = " OR (e.private = '1' AND e.uid = '".prepValue($_COOKIE['userid'])."') "; } switch($action){ case '': //# Some stuff that we need... $password = prepValue($_GET['password']); $include = $template->getTemplate('comments_main'); //# Grabbing emoticons $emoticons = array(); $emoticonimages = array(); $i = 0; $grabemoticons = $SQL->query("SELECT * FROM `".$database['prefix']."emoticons`"); while($emoticon = $SQL->fetch_array($grabemoticons)){ $emoticons[$i] = $emoticon['emoticon']; $emoticonimages[$i] = '<img src="' . $config['emoticonpath'] . $emoticon['image'] . '" alt="'. $emoticon['emoticon'] .'" />'; $i++; } //# Grabbing the entry $grabentry = $SQL->query("SELECT e.*,m.image AS moodimage,u.username,u.email,u.name,u.gender,u.location,u.interests,u.occupation,c.name AS categoryname FROM `".$database['prefix']."entries` AS e LEFT JOIN `".$database['prefix']."moodicons` AS m ON(e.moodicon = m.id) LEFT JOIN `".$database['prefix']."users` AS u ON(e.uid = u.id) LEFT JOIN `".$database['prefix']."categories` AS c ON(c.id = e.cid) WHERE e.id = '$entryid'"); if($SQL->num_rows($grabentry) < 1){ bbg_error("The specified entry doesn't exist."); } $entry = $SQL->fetch_array($grabentry); //# Modules $archives = buildArchives(); $calendar = buildCalendar(gmdate("n", $entry['dateline'] + configOffset()), gmdate("Y", $entry['dateline'] + configOffset())); $categories = buildCategories(); //# Private/password checking if($entry['private'] == '1'){ if($userdata['logged_in'] == 1){ if($userdata['logged_in'] != 1 || $_COOKIE['userid']!= $entry['uid']){ bbg_error("The specified entry is private."); } $entry['privatetext'] = $template->getVar('privatetext'); } else { bbg_error("The specified entry is private."); } } if($entry['password'] != "" && $password != $entry['password']){ bbg_error("Wrong/no password. Try again."); } //# Preparing the entry for output $entry['title'] = stripslashes($entry['title']); $entry['entry'] = stripslashes($entry['entry']); $entry['entry'] = parse_breaks($entry['entry']); $entry['entry'] = parse_bbcode($entry['entry']); $entry['date'] = gmdate($template->getVar('entry_dateformat'), $entry['dateline'] + configOffset()); log_hit("Viewing entry: ".$entry['title']." (id: ".$entry['id'].")"); if($entry['parseemoticons'] == 1){ $entry['entry'] = str_replace($emoticons, $emoticonimages, $entry['entry']); } if($entry['parseurls'] == 1){ $entry['entry'] = parse_urls($entry['entry']); } if($entry['moodimage'] != ""){ $entry['moodimage'] = '<img src="' . stripslashes($config['moodpath'] . $entry['moodimage']) . '" alt="">'; } $moodarea = ""; if(($entry['mood'] != "") || ($entry['moodimage'] != "")){ $include = str_replace('$moodarea', $template->cleanTemplate('entry_mood'), $include); } $musicarea = ""; if($entry['music'] != ""){ $include = str_replace('$musicarea', $template->cleanTemplate('entry_music'), $include); } //# Grabbing comments $grabcomments = $SQL->query("SELECT * FROM `".$database['prefix']."comments` WHERE `eid` = '$entryid' ORDER BY `dateline` ASC"); while($comment = $SQL->fetch_array($grabcomments)){ $commentarea .= $template->getTemplate('comments_comment'); $commentarea = stripslashes($commentarea); $comment['postername'] = stripslashes($comment['postername']); $comment['postersite'] = stripslashes($comment['postersite']); $comment['comment'] = stripslashes($comment['comment']); $comment['date'] = gmdate($template->getVar('comment_dateformat'), $comment['dateline'] + configOffset()); $comment['comment'] = parse_breaks($comment['comment']); if(strtolower(substr($comment['postersite'], 0, 7)) != "http://"){ $comment['postersite'] = "http://".$comment['postersite']; } if($comment['parseemoticons'] == 1){ $comment['comment'] = str_replace($emoticons, $emoticonimages, $comment['comment']); } if($comment['parseurls'] == 1){ $comment['comment'] = parse_urls($comment['comment']); } if($comment['parsebbcode'] == 1){ $comment['comment'] = parse_bbcode($comment['comment']); } $commentarea = $template->cacheArray($commentarea, $comment); } $comment = $template->releaseCache(); if($SQL->num_rows($grabcomments) < 1){ $commentarea = stripslashes($template->getTemplate('comments_nocomments')); } eval("\$commentarea = \"".addslashes($commentarea)."\";"); $poster = unserialize(stripslashes($_COOKIE['commenter_data'])); if($poster['site'] == NULL){ $poster['site'] = "http://"; } if($entry['comments_locked'] == 1){ $include = str_replace('$postformarea', $template->getTemplate('comments_locked'), $include); } else { $include = str_replace('$postformarea', $template->getTemplate('comments_postform'), $include); } eval("\$include = \"$include\";"); break; case 'post': //# Modules $archives = buildArchives(); $calendar = buildCalendar(); $categories = buildCategories(); $queryentry = $SQL->query("SELECT * FROM `".$database['prefix']."entries` WHERE `id` = '$entryid'"); if($SQL->num_rows($queryentry) < 1){ bbg_error("The specified entry doesn't exist."); } $entry = $SQL->fetch_array($queryentry); if($entry['comments_locked'] == 1){ bbg_error("The ability to post comments to the specified entry is locked."); } if($entry['private'] == '1'){ if($userdata['logged_in'] == 1){ if($userdata['logged_in'] != 1 || $_COOKIE['userid']!= $entry['uid']){ bbg_error("The specified entry is private."); } } else { bbg_error("The specified entry is private."); } } $poster['name'] = prepValue($_POST['postername']); $poster['site'] = prepValue($_POST['postersite']); $comment = prepValue($_POST['comment']); if(($poster['name'] == "") || ($comment == "")){ bbg_error("No name/comment was specified."); } $time = time(); $parseurls = ($_POST['parseurls'] == 1) ? 1 : 0; $parseemoticons = ($_POST['parseemoticons'] == 1) ? 1 : 0; $parsebbcode = ($_POST['parsebbcode'] == 1) ? 1 : 0; $insert = $SQL->query("INSERT INTO `".$database['prefix']."comments` (`id`,`eid`,`postername`,`postersite`,`comment`,`dateline`,`parseurls`,`parseemoticons`,`parsebbcode`) VALUES ('','$entryid','".$poster['name']."','".$poster['site']."','$comment','$time','$parseurls','$parseemoticons','$parsebbcode')"); $updatecomments = $SQL->query("UPDATE `".$database['prefix']."entries` SET `comments` = comments + 1 WHERE `id` = '$entryid'"); setcookie("commenter_data", serialize($poster), time() + 31536000, $config['cookiepath'], $config['cookiedomain']); die_header("Location: ".$config['blogurl']."comment.php?entryid=$entryid"); break; } //# Setting script vars $script['gzstatus'] = $gzip->checkGZText(); $script['querycount'] = $SQL->counter(); $script['exectime'] = $timer->stopTimer(); //# Creating output, sending it to the buffer, and releasing the buffer eval("\$output = \"".$template->getTemplate('base')."\";"); echo stripslashes($output); $gzip->stopGZ(); ?> Quote Link to comment Share on other sites More sharing options...
ILMV Posted November 6, 2008 Share Posted November 6, 2008 Take a look at this, this is a basic image verification method, you can extend it to add lines etc. http://www.php-mysql-tutorial.com/user-authentication/image-verification.php I have implemented this here http://meltdowntech.com/contact.php... It works very well, if you don't add lines you may be open to OCR readers used by spammers to figure out the text within the image. Quote Link to comment Share on other sites More sharing options...
xcoderx Posted November 6, 2008 Author Share Posted November 6, 2008 i actually do know captcha oding bro but im unable to add it to ths script i do not understand why the entire comment.php page go blank when i add captcha Quote Link to comment Share on other sites More sharing options...
xcoderx Posted November 6, 2008 Author Share Posted November 6, 2008 see here i add captcha but post still gets sumbited :'( <?php //////////////////here captcha code session_start(); if(isset($_POST['submit'])) { $verify = isset($_POST['verify']) ? strtolower($_POST['verify']) : ""; if ($verify == $_SESSION['verify']) { } } ////////////////here end of captcha /* +----------------------------------------------------------- | BirdBlog v1.4.0 | =========================== | Developer: Michael Swiger <mokkan at projectcow dot com> | Site: http://birdblog.sourceforge.net | Copyright (c) 2005 | =========================== | File: ./comment.php +----------------------------------------------------------- */ //# Setting templates and requiring core $bb_templates = 'base,comments_main,comments_comment,entry_mood, entry_music,archive_item,error_message,calendar_main, calendar_row,calendar_day_entry,calendar_day_noentry,calendar_day_blank, category_item,comments_nocomments,quote_template,caption_quote_temp, comments_postform,comments_locked'; require("core.php"); //# Setting some used $_GET vars $entryid = prepValue($_GET['entryid']); $action = prepValue($_GET['a']); //# Seeing if the user is logged in, and if so, grabbing private entries $privatequery = ""; if($userdata['logged_in'] == 1){ $privatequery = " OR (e.private = '1' AND e.uid = '".prepValue($_COOKIE['userid'])."') "; } switch($action){ case '': //# Some stuff that we need... $password = prepValue($_GET['password']); $include = $template->getTemplate('comments_main'); //# Grabbing emoticons $emoticons = array(); $emoticonimages = array(); $i = 0; $grabemoticons = $SQL->query("SELECT * FROM `".$database['prefix']."emoticons`"); while($emoticon = $SQL->fetch_array($grabemoticons)){ $emoticons[$i] = $emoticon['emoticon']; $emoticonimages[$i] = '<img src="' . $config['emoticonpath'] . $emoticon['image'] . '" alt="'. $emoticon['emoticon'] .'" />'; $i++; } //# Grabbing the entry $grabentry = $SQL->query("SELECT e.*,m.image AS moodimage,u.username,u.email,u.name,u.gender,u.location,u.interests,u.occupation,c.name AS categoryname FROM `".$database['prefix']."entries` AS e LEFT JOIN `".$database['prefix']."moodicons` AS m ON(e.moodicon = m.id) LEFT JOIN `".$database['prefix']."users` AS u ON(e.uid = u.id) LEFT JOIN `".$database['prefix']."categories` AS c ON(c.id = e.cid) WHERE e.id = '$entryid'"); if($SQL->num_rows($grabentry) < 1){ bbg_error("The specified entry doesn't exist."); } $entry = $SQL->fetch_array($grabentry); //# Modules $archives = buildArchives(); $calendar = buildCalendar(gmdate("n", $entry['dateline'] + configOffset()), gmdate("Y", $entry['dateline'] + configOffset())); $categories = buildCategories(); //# Private/password checking if($entry['private'] == '1'){ if($userdata['logged_in'] == 1){ if($userdata['logged_in'] != 1 || $_COOKIE['userid']!= $entry['uid']){ bbg_error("The specified entry is private."); } $entry['privatetext'] = $template->getVar('privatetext'); } else { bbg_error("The specified entry is private."); } } if($entry['password'] != "" && $password != $entry['password']){ bbg_error("Wrong/no password. Try again."); } //# Preparing the entry for output $entry['title'] = stripslashes($entry['title']); $entry['entry'] = stripslashes($entry['entry']); $entry['entry'] = parse_breaks($entry['entry']); $entry['entry'] = parse_bbcode($entry['entry']); $entry['date'] = gmdate($template->getVar('entry_dateformat'), $entry['dateline'] + configOffset()); log_hit("Viewing entry: ".$entry['title']." (id: ".$entry['id'].")"); if($entry['parseemoticons'] == 1){ $entry['entry'] = str_replace($emoticons, $emoticonimages, $entry['entry']); } if($entry['parseurls'] == 1){ $entry['entry'] = parse_urls($entry['entry']); } if($entry['moodimage'] != ""){ $entry['moodimage'] = '<img src="' . stripslashes($config['moodpath'] . $entry['moodimage']) . '" alt="">'; } $moodarea = ""; if(($entry['mood'] != "") || ($entry['moodimage'] != "")){ $include = str_replace('$moodarea', $template->cleanTemplate('entry_mood'), $include); } $musicarea = ""; if($entry['music'] != ""){ $include = str_replace('$musicarea', $template->cleanTemplate('entry_music'), $include); } //# Grabbing comments $grabcomments = $SQL->query("SELECT * FROM `".$database['prefix']."comments` WHERE `eid` = '$entryid' ORDER BY `dateline` ASC"); while($comment = $SQL->fetch_array($grabcomments)){ $commentarea .= $template->getTemplate('comments_comment'); $commentarea = stripslashes($commentarea); $comment['postername'] = stripslashes($comment['postername']); $comment['postersite'] = stripslashes($comment['postersite']); $comment['comment'] = stripslashes($comment['comment']); $comment['date'] = gmdate($template->getVar('comment_dateformat'), $comment['dateline'] + configOffset()); $comment['comment'] = parse_breaks($comment['comment']); if(strtolower(substr($comment['postersite'], 0, 7)) != "http://"){ $comment['postersite'] = "http://".$comment['postersite']; } if($comment['parseemoticons'] == 1){ $comment['comment'] = str_replace($emoticons, $emoticonimages, $comment['comment']); } if($comment['parseurls'] == 1){ $comment['comment'] = parse_urls($comment['comment']); } if($comment['parsebbcode'] == 1){ $comment['comment'] = parse_bbcode($comment['comment']); } $commentarea = $template->cacheArray($commentarea, $comment); } $comment = $template->releaseCache(); if($SQL->num_rows($grabcomments) < 1){ $commentarea = stripslashes($template->getTemplate('comments_nocomments')); } eval("\$commentarea = \"".addslashes($commentarea)."\";"); $poster = unserialize(stripslashes($_COOKIE['commenter_data'])); if($poster['site'] == NULL){ $poster['site'] = "http://"; } if($entry['comments_locked'] == 1){ $include = str_replace('$postformarea', $template->getTemplate('comments_locked'), $include); } else { $include = str_replace('$postformarea', $template->getTemplate('comments_postform'), $include); } eval("\$include = \"$include\";"); break; case 'post': //# Modules $archives = buildArchives(); $calendar = buildCalendar(); $categories = buildCategories(); $queryentry = $SQL->query("SELECT * FROM `".$database['prefix']."entries` WHERE `id` = '$entryid'"); if($SQL->num_rows($queryentry) < 1){ bbg_error("The specified entry doesn't exist."); } $entry = $SQL->fetch_array($queryentry); if($entry['comments_locked'] == 1){ bbg_error("The ability to post comments to the specified entry is locked."); } if($entry['private'] == '1'){ if($userdata['logged_in'] == 1){ if($userdata['logged_in'] != 1 || $_COOKIE['userid']!= $entry['uid']){ bbg_error("The specified entry is private."); } } else { bbg_error("The specified entry is private."); } } //////////////////here captcha code unset($_SESSION['verify']); $result = true; ////////////////here end of captcha $poster['name'] = prepValue($_POST['postername']); $poster['site'] = prepValue($_POST['postersite']); $comment = prepValue($_POST['comment']); if(($poster['name'] == "") || ($comment == "")){ bbg_error("No name/comment was specified or wrong verification code entered."); //////////////////here captcha code $result = false; ////////////////here end of captcha } $time = time(); $parseurls = ($_POST['parseurls'] == 1) ? 1 : 0; $parseemoticons = ($_POST['parseemoticons'] == 1) ? 1 : 0; $parsebbcode = ($_POST['parsebbcode'] == 1) ? 1 : 0; $insert = $SQL->query("INSERT INTO `".$database['prefix']."comments` (`id`,`eid`,`postername`,`postersite`,`comment`,`dateline`,`parseurls`,`parseemoticons`,`parsebbcode`) VALUES ('','$entryid','".$poster['name']."','".$poster['site']."','$comment','$time','$parseurls','$parseemoticons','$parsebbcode')"); $updatecomments = $SQL->query("UPDATE `".$database['prefix']."entries` SET `comments` = comments + 1 WHERE `id` = '$entryid'"); setcookie("commenter_data", serialize($poster), time() + 31536000, $config['cookiepath'], $config['cookiedomain']); die_header("Location: ".$config['blogurl']."comment.php?entryid=$entryid"); break; } //# Setting script vars $script['gzstatus'] = $gzip->checkGZText(); $script['querycount'] = $SQL->counter(); $script['exectime'] = $timer->stopTimer(); //# Creating output, sending it to the buffer, and releasing the buffer eval("\$output = \"".$template->getTemplate('base')."\";"); echo stripslashes($output); $gzip->stopGZ(); ?> and my form everything is showing but captcha not working <form action="comment.php?a=post&entryid=$entry[id]" method="post"> <table align="center" cellpadding="2" cellspacing="0" width="90%"> <tr> <td style="border: #888888 1px dashed;"><b>Name:</b></td> <td style="border-bottom: #888888 1px dashed; border-top: #888888 1px dashed; border-right: #888888 1px dashed;"><input type="text" name="postername" value="$poster[name]"></td> </tr> <tr> <td style="border-left: #888888 1px dashed; border-right: #888888 1px dashed;"><b>Site:</b></td> <td style="border-right: #888888 1px dashed;"><input type="text" name="postersite" value="$poster[site]"><br></td> </tr> <tr> <td valign="top" style="border-right: #888888 1px dashed; border-top: #888888 1px dashed; border-left: #888888 1px dashed;"><b>Comment:</b></td> <td style="border-right: #888888 1px dashed; border-top: #888888 1px dashed;"><textarea cols="50" rows="6" name="comment"></textarea></td> </tr> <tr> <td valign="top" style="border-bottom: #888888 1px dashed; border-top: #888888 1px dashed; border-left: #888888 1px dashed;"><b>Options:</b></td> <td style="border: #888888 1px dashed;"> <input type="checkbox" name="parseurls" value="1" checked> Parse URLs<br> <input type="checkbox" name="parseemoticons" value="1" checked> Parse Emoticons<br> <input type="checkbox" name="parsebbcode" value="1" checked> Parse BB Code<br> </td> </tr> <tr> <td colspan="2" align="center" style="border-bottom: #888888 1px dashed; border-right: #888888 1px dashed; border-left: #888888 1px dashed;"> <img src="captcha.php"><br>Enter Verification Code:<br> <input type="text" name="verify" /><br><br> <input type="submit" value="Post Comment"> </td> </tr> </table> </form><br> Quote Link to comment Share on other sites More sharing options...
Adam Posted November 6, 2008 Share Posted November 6, 2008 Because you're not using it, nothing happens in your if ($verify == ..... session_start(); if(isset($_POST['submit'])) { $verify = isset($_POST['verify']) ? strtolower($_POST['verify']) : ""; if ($verify != $_SESSION['verify']) { die('BAD IMAGE VERIFICATION!'); } } You'll want to find a neater way of doing it though.. Adam Quote Link to comment Share on other sites More sharing options...
xcoderx Posted November 6, 2008 Author Share Posted November 6, 2008 thanks soo much mr adam could u help me fix it please? ill be very greatful. im still new too all this and i try but there are many things i still do not understand Quote Link to comment Share on other sites More sharing options...
Adam Posted November 6, 2008 Share Posted November 6, 2008 Fix it in what way? Quote Link to comment Share on other sites More sharing options...
xcoderx Posted November 6, 2008 Author Share Posted November 6, 2008 i mean make captcha to work sir. its just do not want to work Quote Link to comment Share on other sites More sharing options...
Adam Posted November 6, 2008 Share Posted November 6, 2008 if(isset($_POST['submit'])) { There you are testing to see if the submit button has been pressed, but you haven't named the submit button "submit" .. Change: <input type="submit" value="Post Comment"> to: <input type="submit" value="Post Comment" name="submit"> Basically you're testing to see if an input named "submit'" has been sent to the script via the post method (think <form method="post" ..), yet you hadn't named the submit button "submit". Adam Quote Link to comment Share on other sites More sharing options...
ILMV Posted November 6, 2008 Share Posted November 6, 2008 The problem with using isset() with the $_POST['submit'] variable booted from the submit button, is that you may find that, if on an 'email' field for example and hit enter, you aren't technically hitting the submit button and therefore not sending the submit post variable. My work around is to add a hidden field, see below. <input type='hidden' name='submit' value='submit' /> Quote Link to comment Share on other sites More sharing options...
xcoderx Posted November 7, 2008 Author Share Posted November 7, 2008 thank you soo much mrAdam and and ILMV my problem is solved i was being silly i missed out to name the post as in post name that was why it wasnt working but now 100% i really appreciate your help and the time u gave thanks alot brother. Quote Link to comment Share on other sites More sharing options...
xcoderx Posted November 8, 2008 Author Share Posted November 8, 2008 My work around is to add a hidden field, see below. <input type='hidden' name='submit' value='submit' /> but hidden will not give any submit button so how will we use it anyways is it something like <input type='hidden' name='submit' /> <input type='submit' value='submit'/> ??? Quote Link to comment Share on other sites More sharing options...
ILMV Posted November 8, 2008 Share Posted November 8, 2008 My work around is to add a hidden field, see below. <input type='hidden' name='submit' value='submit' /> but hidden will not give any submit button so how will we use it anyways is it something like <input type='hidden' name='submit' /> <input type='submit' value='submit'/> ??? Yes, have both hidden and submit Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.