Jump to content

Recommended Posts

i want to add a captcha can someone help me add it?

 

here my comment form

 

<form action="comment.php?a=post&entryid=$entry[id]" method="post">
<table align="center" cellpadding="2" cellspacing="0" width="90%">
<tr>
  <td style="border: #888888 1px dashed;"><b>Name:</b></td>
  <td style="border-bottom: #888888 1px dashed; border-top: #888888 1px dashed; border-right: #888888 1px dashed;"><input type="text" name="postername" value="$poster[name]"></td>
</tr>
<tr>
  <td style="border-left: #888888 1px dashed; border-right: #888888 1px dashed;"><b>Site:</b></td>
  <td style="border-right: #888888 1px dashed;"><input type="text" name="postersite" value="$poster[site]"><br></td>
</tr>
<tr>
  <td valign="top" style="border-right: #888888 1px dashed; border-top: #888888 1px dashed; border-left: #888888 1px dashed;"><b>Comment:</b></td>
  <td style="border-right: #888888 1px dashed; border-top: #888888 1px dashed;"><textarea cols="50" rows="6" name="comment"></textarea></td>
</tr>
<tr>
  <td valign="top" style="border-bottom: #888888 1px dashed; border-top: #888888 1px dashed; border-left: #888888 1px dashed;"><b>Options:</b></td>
  <td style="border: #888888 1px dashed;">
   <input type="checkbox" name="parseurls" value="1" checked> Parse URLs<br>
   <input type="checkbox" name="parseemoticons" value="1" checked> Parse Emoticons<br>
   <input type="checkbox" name="parsebbcode" value="1" checked> Parse BB Code<br>
  </td>
</tr>
<tr>
  <td colspan="2" align="center" style="border-bottom: #888888 1px dashed; border-right: #888888 1px dashed; border-left: #888888 1px dashed;">
   <input type="submit" value="Post">
  </td>
</tr>
</table>
</form><br>

 

and here my comment.php

 

<?php

//# Setting templates and requiring core
$bb_templates = 'base,comments_main,comments_comment,entry_mood,
                 entry_music,archive_item,error_message,calendar_main,
                 calendar_row,calendar_day_entry,calendar_day_noentry,calendar_day_blank,
                 category_item,comments_nocomments,quote_template,caption_quote_temp,
                 comments_postform,comments_locked';
require("core.php");

//# Setting some used $_GET vars
$entryid = prepValue($_GET['entryid']);
$action = prepValue($_GET['a']);

//# Seeing if the user is logged in, and if so, grabbing private entries
$privatequery = "";
if($userdata['logged_in'] == 1){
    $privatequery = " OR (e.private = '1' AND e.uid = '".prepValue($_COOKIE['userid'])."') ";
}

switch($action){
    case '':
        //# Some stuff that we need...
        $password = prepValue($_GET['password']);
        $include = $template->getTemplate('comments_main');

        //# Grabbing emoticons
        $emoticons = array();
        $emoticonimages = array();
        $i = 0;
        $grabemoticons = $SQL->query("SELECT * FROM `".$database['prefix']."emoticons`");
        while($emoticon = $SQL->fetch_array($grabemoticons)){
            $emoticons[$i] = $emoticon['emoticon'];
            $emoticonimages[$i] = '<img src="' . $config['emoticonpath'] . $emoticon['image'] . '" alt="'. $emoticon['emoticon'] .'" />';
            $i++;
        }

        //# Grabbing the entry
        $grabentry = $SQL->query("SELECT e.*,m.image AS moodimage,u.username,u.email,u.name,u.gender,u.location,u.interests,u.occupation,c.name AS categoryname
                                  FROM `".$database['prefix']."entries` AS e 
                                  LEFT JOIN `".$database['prefix']."moodicons` AS m ON(e.moodicon = m.id) 
                                  LEFT JOIN `".$database['prefix']."users` AS u ON(e.uid = u.id) 
                                  LEFT JOIN `".$database['prefix']."categories` AS c ON(c.id = e.cid) 
                                  WHERE e.id = '$entryid'");
        if($SQL->num_rows($grabentry) < 1){
            bbg_error("The specified entry doesn't exist.");
        }
        $entry = $SQL->fetch_array($grabentry);

        //# Modules
        $archives = buildArchives();
        $calendar = buildCalendar(gmdate("n", $entry['dateline'] + configOffset()), gmdate("Y", $entry['dateline'] + configOffset()));
        $categories = buildCategories();

        //# Private/password checking
        if($entry['private'] == '1'){
            if($userdata['logged_in'] == 1){
                if($userdata['logged_in'] != 1 || $_COOKIE['userid']!= $entry['uid']){
                    bbg_error("The specified entry is private.");
                }
                $entry['privatetext'] = $template->getVar('privatetext');
            } else {
                bbg_error("The specified entry is private.");
            }
        }
        if($entry['password'] != "" && $password != $entry['password']){
            bbg_error("Wrong/no password. Try again.");
        }

        //# Preparing the entry for output
        $entry['title'] = stripslashes($entry['title']);
        $entry['entry'] = stripslashes($entry['entry']);
        $entry['entry'] = parse_breaks($entry['entry']);
        $entry['entry'] = parse_bbcode($entry['entry']);
        $entry['date'] = gmdate($template->getVar('entry_dateformat'), $entry['dateline'] + configOffset());
        log_hit("Viewing entry: ".$entry['title']." (id: ".$entry['id'].")");
        if($entry['parseemoticons'] == 1){
            $entry['entry'] = str_replace($emoticons, $emoticonimages, $entry['entry']);
        }
        if($entry['parseurls'] == 1){
            $entry['entry'] = parse_urls($entry['entry']);
        }
        if($entry['moodimage'] != ""){
            $entry['moodimage'] = '<img src="' . stripslashes($config['moodpath'] . $entry['moodimage']) . '" alt="">';
        }
        $moodarea = "";
        if(($entry['mood'] != "") || ($entry['moodimage'] != "")){
            $include = str_replace('$moodarea', $template->cleanTemplate('entry_mood'), $include);
        }
        $musicarea = "";
        if($entry['music'] != ""){
            $include = str_replace('$musicarea', $template->cleanTemplate('entry_music'), $include);
        }

        //# Grabbing comments
        $grabcomments = $SQL->query("SELECT * FROM `".$database['prefix']."comments` WHERE `eid` = '$entryid' ORDER BY `dateline` ASC");
        while($comment = $SQL->fetch_array($grabcomments)){
            $commentarea .= $template->getTemplate('comments_comment');
            $commentarea = stripslashes($commentarea);
            $comment['postername'] = stripslashes($comment['postername']);
            $comment['postersite'] = stripslashes($comment['postersite']);
            $comment['comment'] = stripslashes($comment['comment']);
            $comment['date'] = gmdate($template->getVar('comment_dateformat'), $comment['dateline'] + configOffset());
            $comment['comment'] = parse_breaks($comment['comment']);
            if(strtolower(substr($comment['postersite'], 0, 7)) != "http://"){
                $comment['postersite'] = "http://".$comment['postersite'];
            }
            if($comment['parseemoticons'] == 1){
                $comment['comment'] = str_replace($emoticons, $emoticonimages, $comment['comment']);
            }
            if($comment['parseurls'] == 1){
                $comment['comment'] = parse_urls($comment['comment']);
            }
            if($comment['parsebbcode'] == 1){
                $comment['comment'] = parse_bbcode($comment['comment']);
            }
            $commentarea = $template->cacheArray($commentarea, $comment);
        }
        $comment = $template->releaseCache();
        if($SQL->num_rows($grabcomments) < 1){
            $commentarea = stripslashes($template->getTemplate('comments_nocomments'));
        }
        eval("\$commentarea = \"".addslashes($commentarea)."\";");

        $poster = unserialize(stripslashes($_COOKIE['commenter_data']));

        if($poster['site'] == NULL){
            $poster['site'] = "http://";
        }

        if($entry['comments_locked'] == 1){
            $include = str_replace('$postformarea', $template->getTemplate('comments_locked'), $include);
        } else {
            $include = str_replace('$postformarea', $template->getTemplate('comments_postform'), $include);
        }

        eval("\$include = \"$include\";");
    break;
    case 'post':
        //# Modules
        $archives = buildArchives();
        $calendar = buildCalendar();
        $categories = buildCategories();

        $queryentry = $SQL->query("SELECT * FROM `".$database['prefix']."entries` WHERE `id` = '$entryid'");
        if($SQL->num_rows($queryentry) < 1){
            bbg_error("The specified entry doesn't exist.");
        }
        $entry = $SQL->fetch_array($queryentry);
        if($entry['comments_locked'] == 1){
            bbg_error("The ability to post comments to the specified entry is locked.");
        }
        if($entry['private'] == '1'){
            if($userdata['logged_in'] == 1){
                if($userdata['logged_in'] != 1 || $_COOKIE['userid']!= $entry['uid']){
                    bbg_error("The specified entry is private.");
                }
            } else {
                bbg_error("The specified entry is private.");
            }
        }
        $poster['name'] = prepValue($_POST['postername']);
        $poster['site'] = prepValue($_POST['postersite']);
        $comment = prepValue($_POST['comment']);
        if(($poster['name'] == "") || ($comment == "")){
            bbg_error("No name/comment was specified.");
        }
        $time = time();
        $parseurls = ($_POST['parseurls'] == 1) ? 1 : 0;
        $parseemoticons = ($_POST['parseemoticons'] == 1) ? 1 : 0;
        $parsebbcode = ($_POST['parsebbcode'] == 1) ? 1 : 0;
        $insert = $SQL->query("INSERT INTO `".$database['prefix']."comments` (`id`,`eid`,`postername`,`postersite`,`comment`,`dateline`,`parseurls`,`parseemoticons`,`parsebbcode`) VALUES ('','$entryid','".$poster['name']."','".$poster['site']."','$comment','$time','$parseurls','$parseemoticons','$parsebbcode')");
        $updatecomments = $SQL->query("UPDATE `".$database['prefix']."entries` SET `comments` = comments + 1 WHERE `id` = '$entryid'");
        setcookie("commenter_data", serialize($poster), time() + 31536000, $config['cookiepath'], $config['cookiedomain']);
        die_header("Location: ".$config['blogurl']."comment.php?entryid=$entryid");
    break;
}

//# Setting script vars
$script['gzstatus'] = $gzip->checkGZText();
$script['querycount'] = $SQL->counter();
$script['exectime'] = $timer->stopTimer();

//# Creating output, sending it to the buffer, and releasing the buffer
eval("\$output = \"".$template->getTemplate('base')."\";");
echo stripslashes($output);
$gzip->stopGZ();
?>

Take a look at this, this is a basic image verification method, you can extend it to add lines etc.

 

http://www.php-mysql-tutorial.com/user-authentication/image-verification.php

 

I have implemented this here http://meltdowntech.com/contact.php...

 

It works very well, if you don't add lines you may be open to OCR readers used by spammers to figure out the text within the image.

see here i add captcha but post still gets sumbited  :'(

<?php
//////////////////here captcha code
session_start();
if(isset($_POST['submit'])) {
$verify = isset($_POST['verify']) ? strtolower($_POST['verify']) : "";
if ($verify == $_SESSION['verify'])
{
}
}
////////////////here end of captcha
/*
+-----------------------------------------------------------
|  BirdBlog v1.4.0
|  ===========================
|  Developer: Michael Swiger <mokkan at projectcow dot com>
|  Site: http://birdblog.sourceforge.net
|  Copyright (c) 2005
|  ===========================
|  File: ./comment.php
+-----------------------------------------------------------
*/

//# Setting templates and requiring core
$bb_templates = 'base,comments_main,comments_comment,entry_mood,
                 entry_music,archive_item,error_message,calendar_main,
                 calendar_row,calendar_day_entry,calendar_day_noentry,calendar_day_blank,
                 category_item,comments_nocomments,quote_template,caption_quote_temp,
                 comments_postform,comments_locked';
require("core.php");


//# Setting some used $_GET vars
$entryid = prepValue($_GET['entryid']);
$action = prepValue($_GET['a']);

//# Seeing if the user is logged in, and if so, grabbing private entries
$privatequery = "";
if($userdata['logged_in'] == 1){
    $privatequery = " OR (e.private = '1' AND e.uid = '".prepValue($_COOKIE['userid'])."') ";
}

switch($action){
    case '':
        //# Some stuff that we need...
        $password = prepValue($_GET['password']);
        $include = $template->getTemplate('comments_main');

        //# Grabbing emoticons
        $emoticons = array();
        $emoticonimages = array();
        $i = 0;
        $grabemoticons = $SQL->query("SELECT * FROM `".$database['prefix']."emoticons`");
        while($emoticon = $SQL->fetch_array($grabemoticons)){
            $emoticons[$i] = $emoticon['emoticon'];
            $emoticonimages[$i] = '<img src="' . $config['emoticonpath'] . $emoticon['image'] . '" alt="'. $emoticon['emoticon'] .'" />';
            $i++;
        }

        //# Grabbing the entry
        $grabentry = $SQL->query("SELECT e.*,m.image AS moodimage,u.username,u.email,u.name,u.gender,u.location,u.interests,u.occupation,c.name AS categoryname
                                  FROM `".$database['prefix']."entries` AS e 
                                  LEFT JOIN `".$database['prefix']."moodicons` AS m ON(e.moodicon = m.id) 
                                  LEFT JOIN `".$database['prefix']."users` AS u ON(e.uid = u.id) 
                                  LEFT JOIN `".$database['prefix']."categories` AS c ON(c.id = e.cid) 
                                  WHERE e.id = '$entryid'");
        if($SQL->num_rows($grabentry) < 1){
            bbg_error("The specified entry doesn't exist.");
        }
        $entry = $SQL->fetch_array($grabentry);

        //# Modules
        $archives = buildArchives();
        $calendar = buildCalendar(gmdate("n", $entry['dateline'] + configOffset()), gmdate("Y", $entry['dateline'] + configOffset()));
        $categories = buildCategories();

        //# Private/password checking
        if($entry['private'] == '1'){
            if($userdata['logged_in'] == 1){
                if($userdata['logged_in'] != 1 || $_COOKIE['userid']!= $entry['uid']){
                    bbg_error("The specified entry is private.");
                }
                $entry['privatetext'] = $template->getVar('privatetext');
            } else {
                bbg_error("The specified entry is private.");
            }
        }
        if($entry['password'] != "" && $password != $entry['password']){
            bbg_error("Wrong/no password. Try again.");
        }

        //# Preparing the entry for output
        $entry['title'] = stripslashes($entry['title']);
        $entry['entry'] = stripslashes($entry['entry']);
        $entry['entry'] = parse_breaks($entry['entry']);
        $entry['entry'] = parse_bbcode($entry['entry']);
        $entry['date'] = gmdate($template->getVar('entry_dateformat'), $entry['dateline'] + configOffset());
        log_hit("Viewing entry: ".$entry['title']." (id: ".$entry['id'].")");
        if($entry['parseemoticons'] == 1){
            $entry['entry'] = str_replace($emoticons, $emoticonimages, $entry['entry']);
        }
        if($entry['parseurls'] == 1){
            $entry['entry'] = parse_urls($entry['entry']);
        }
        if($entry['moodimage'] != ""){
            $entry['moodimage'] = '<img src="' . stripslashes($config['moodpath'] . $entry['moodimage']) . '" alt="">';
        }
        $moodarea = "";
        if(($entry['mood'] != "") || ($entry['moodimage'] != "")){
            $include = str_replace('$moodarea', $template->cleanTemplate('entry_mood'), $include);
        }
        $musicarea = "";
        if($entry['music'] != ""){
            $include = str_replace('$musicarea', $template->cleanTemplate('entry_music'), $include);
        }

        //# Grabbing comments
        $grabcomments = $SQL->query("SELECT * FROM `".$database['prefix']."comments` WHERE `eid` = '$entryid' ORDER BY `dateline` ASC");
        while($comment = $SQL->fetch_array($grabcomments)){
            $commentarea .= $template->getTemplate('comments_comment');
            $commentarea = stripslashes($commentarea);
            $comment['postername'] = stripslashes($comment['postername']);
            $comment['postersite'] = stripslashes($comment['postersite']);
            $comment['comment'] = stripslashes($comment['comment']);
            $comment['date'] = gmdate($template->getVar('comment_dateformat'), $comment['dateline'] + configOffset());
            $comment['comment'] = parse_breaks($comment['comment']);
            if(strtolower(substr($comment['postersite'], 0, 7)) != "http://"){
                $comment['postersite'] = "http://".$comment['postersite'];
            }
            if($comment['parseemoticons'] == 1){
                $comment['comment'] = str_replace($emoticons, $emoticonimages, $comment['comment']);
            }
            if($comment['parseurls'] == 1){
                $comment['comment'] = parse_urls($comment['comment']);
            }
            if($comment['parsebbcode'] == 1){
                $comment['comment'] = parse_bbcode($comment['comment']);
            }
            $commentarea = $template->cacheArray($commentarea, $comment);
        }
        $comment = $template->releaseCache();
        if($SQL->num_rows($grabcomments) < 1){
            $commentarea = stripslashes($template->getTemplate('comments_nocomments'));
        }
        eval("\$commentarea = \"".addslashes($commentarea)."\";");

        $poster = unserialize(stripslashes($_COOKIE['commenter_data']));

        if($poster['site'] == NULL){
            $poster['site'] = "http://";
        }

        if($entry['comments_locked'] == 1){
            $include = str_replace('$postformarea', $template->getTemplate('comments_locked'), $include);
        } else {
            $include = str_replace('$postformarea', $template->getTemplate('comments_postform'), $include);
        }

        eval("\$include = \"$include\";");
    break;
    case 'post':
        //# Modules
        $archives = buildArchives();
        $calendar = buildCalendar();
        $categories = buildCategories();

        $queryentry = $SQL->query("SELECT * FROM `".$database['prefix']."entries` WHERE `id` = '$entryid'");
        if($SQL->num_rows($queryentry) < 1){
            bbg_error("The specified entry doesn't exist.");
        }
        $entry = $SQL->fetch_array($queryentry);
        if($entry['comments_locked'] == 1){
            bbg_error("The ability to post comments to the specified entry is locked.");
        }
        if($entry['private'] == '1'){
            if($userdata['logged_in'] == 1){
                if($userdata['logged_in'] != 1 || $_COOKIE['userid']!= $entry['uid']){
                    bbg_error("The specified entry is private.");
                }
            } else {
                bbg_error("The specified entry is private.");
            }
        }
//////////////////here captcha code
        unset($_SESSION['verify']);
$result = true;
////////////////here end of captcha
        $poster['name'] = prepValue($_POST['postername']);
        $poster['site'] = prepValue($_POST['postersite']);
        $comment = prepValue($_POST['comment']);
        if(($poster['name'] == "") || ($comment == "")){
            bbg_error("No name/comment was specified or wrong verification code entered.");
//////////////////here captcha code       
$result = false; 
////////////////here end of captcha
        }
        $time = time();
        $parseurls = ($_POST['parseurls'] == 1) ? 1 : 0;
        $parseemoticons = ($_POST['parseemoticons'] == 1) ? 1 : 0;
        $parsebbcode = ($_POST['parsebbcode'] == 1) ? 1 : 0;
        $insert = $SQL->query("INSERT INTO `".$database['prefix']."comments` (`id`,`eid`,`postername`,`postersite`,`comment`,`dateline`,`parseurls`,`parseemoticons`,`parsebbcode`) VALUES ('','$entryid','".$poster['name']."','".$poster['site']."','$comment','$time','$parseurls','$parseemoticons','$parsebbcode')");
        $updatecomments = $SQL->query("UPDATE `".$database['prefix']."entries` SET `comments` = comments + 1 WHERE `id` = '$entryid'");
        setcookie("commenter_data", serialize($poster), time() + 31536000, $config['cookiepath'], $config['cookiedomain']);
        die_header("Location: ".$config['blogurl']."comment.php?entryid=$entryid");
    break;
}



//# Setting script vars
$script['gzstatus'] = $gzip->checkGZText();
$script['querycount'] = $SQL->counter();
$script['exectime'] = $timer->stopTimer();

//# Creating output, sending it to the buffer, and releasing the buffer
eval("\$output = \"".$template->getTemplate('base')."\";");
echo stripslashes($output);
$gzip->stopGZ();


?>

 

and my form everything is showing but captcha not working

<form action="comment.php?a=post&entryid=$entry[id]" method="post">
<table align="center" cellpadding="2" cellspacing="0" width="90%">
<tr>
  <td style="border: #888888 1px dashed;"><b>Name:</b></td>
  <td style="border-bottom: #888888 1px dashed; border-top: #888888 1px dashed; border-right: #888888 1px dashed;"><input type="text" name="postername" value="$poster[name]"></td>
</tr>
<tr>
  <td style="border-left: #888888 1px dashed; border-right: #888888 1px dashed;"><b>Site:</b></td>
  <td style="border-right: #888888 1px dashed;"><input type="text" name="postersite" value="$poster[site]"><br></td>
</tr>
<tr>
  <td valign="top" style="border-right: #888888 1px dashed; border-top: #888888 1px dashed; border-left: #888888 1px dashed;"><b>Comment:</b></td>
  <td style="border-right: #888888 1px dashed; border-top: #888888 1px dashed;"><textarea cols="50" rows="6" name="comment"></textarea></td>
</tr>
<tr>
  <td valign="top" style="border-bottom: #888888 1px dashed; border-top: #888888 1px dashed; border-left: #888888 1px dashed;"><b>Options:</b></td>
  <td style="border: #888888 1px dashed;">
   <input type="checkbox" name="parseurls" value="1" checked> Parse URLs<br>
   <input type="checkbox" name="parseemoticons" value="1" checked> Parse Emoticons<br>
   <input type="checkbox" name="parsebbcode" value="1" checked> Parse BB Code<br>
  </td>
</tr>
<tr>

<td colspan="2" align="center" style="border-bottom: #888888 1px dashed; border-right: #888888 1px dashed; border-left: #888888 1px dashed;">

<img src="captcha.php"><br>Enter Verification Code:<br>
<input type="text" name="verify" /><br><br>

   <input type="submit" value="Post Comment">
  </td>
</tr>
</table>
</form><br>

Because you're not using it, nothing happens in your if ($verify == .....

 

session_start();
if(isset($_POST['submit'])) {
   $verify = isset($_POST['verify']) ? strtolower($_POST['verify']) : "";
   if ($verify != $_SESSION['verify'])
   {
      die('BAD IMAGE VERIFICATION!');
   }
}

 

You'll want to find a neater way of doing it though..

 

 

Adam

if(isset($_POST['submit'])) {

 

There you are testing to see if the submit button has been pressed, but you haven't named the submit button "submit" .. Change:

 

<input type="submit" value="Post Comment">

 

to:

 

<input type="submit" value="Post Comment" name="submit">

 

Basically you're testing to see if an input named "submit'" has been sent to the script via the post method (think <form method="post" ..), yet you hadn't named the submit button "submit".

 

Adam

The problem with using isset() with the $_POST['submit'] variable booted from the submit button, is that you may find that, if on an 'email' field for example and hit enter, you aren't technically hitting the submit button and therefore not sending the submit post variable.

 

My work around is to add a hidden field, see below.

 

<input type='hidden' name='submit' value='submit' />

thank you soo much mrAdam and  and ILMV my problem is solved i was being silly i missed out to name the post as in post name that was why it wasnt working but now 100%  ;D i really appreciate  your help and the time u gave thanks alot brother.

My work around is to add a hidden field, see below.

 

<input type='hidden' name='submit' value='submit' />

 

but hidden will not give any submit button so how will we use it anyways is it something like

 

<input type='hidden' name='submit' />

<input type='submit' value='submit'/>

 

???

My work around is to add a hidden field, see below.

 

<input type='hidden' name='submit' value='submit' />

 

but hidden will not give any submit button so how will we use it anyways is it something like

 

<input type='hidden' name='submit' />

<input type='submit' value='submit'/>

 

???

 

Yes, have both hidden and submit :)

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.