Need a very simple captcha tool

[Omzy]

Ideally just one word authentication and pretty simple, but effective.

 

Preferebly one that does not use Sessions because then the user is unable to press the back button to go back to the original page after submitting the form... I know I could just put a text link there but not all users would click that link...

[MadTechie]

Thanks for letting us know..

 

Here something you may not know..

 

Don't ask someone to write or re-write a script for you' date=' unless you are posting a message to the Freelancing Forum. The forums are not the place to request XYZ script. This is a community of people learning PHP, and not a script location service. Try searching SourceForge, PHP Classes, HotScripts, or Google.[/quote']

 

Also i don't understand why you don't want session!

[Omzy]

Safe.

[MadTechie]

Heres an idea,

 

Write a simple captcha, as for the problem session...could you explain the problem a little more

 

i'm happy to help.. but i'm not going to write the whole thing!

[Omzy]

Hi,

 

Well basically I've got a captcha implemented on my "quotation form", but like most captcha scripts it uses sessions.

 

Now when the user has submitted the form with the correct captcha code, a confirmation page is displayed. If the user then clicks the back button, they get a "page has expired" error page.

 

Ideally I don't want to be using any hacks to get around this, so any simple solution to this would be most welcome.

[MadTechie]

So.. instead of the "page as expired" do you want a new captcha ?

if so you could probably force the page to be reloaded by adding add no caching

ie

<?php
Header( "Last-Modified: " . gmdate( "D, j M Y H:i:s" ) . " GMT" );
Header( "Expires: " . gmdate( "D, j M Y H:i:s", time() ) . " GMT" );
Header( "Cache-Control: no-store, no-cache, must-revalidate" ); // HTTP/1.1
Header( "Cache-Control: post-check=0, pre-check=0", FALSE );
Header( "Cache-control: private", FALSE ); //added
Header( "Pragma: no-cache" ); // HTTP/1.0 
?>

 

if you don't want the captcha then you could almost voiding the whole point of the captcha

[Omzy]

No, instead of page has expired, I want it to take the user back to the original page where they submitted the form!

[MadTechie]

Okay the example above will do that except it will be as if they just started..

ie

User is on Page A (the form)

User Fills in the form and captcha and hits submit

User get directed to Page B (confirmed page)

User Hits Back button

User Goes back to Page A (the form)

however the form will be empty (unless you re-populate the fields) and has a new captcha

[Omzy]

Yep, that's fine. Where should I place that code?

[MadTechie]

It need to be run before any output.. so at the start of the script that outputs the form..

please note that this "should" work!

we may need to tweak the captcha code to manually clear a session or something.. (in that case maybe worth posting it)

[Omzy]

Doesn't work. I put that code above the session_start() and above the main header output.

 

I also put a session_destroy() on the confirmation page.

[MadTechie]

Humm.. that should of worked..

is the page expired server or script driven ?

also what browser i being used?

 

[Omzy]

the page expired is from the server

i'm using IE but same result also in FF

 

to be honest i'm not sure this is the best way of going about this, because it is more or less a "hack".

 

there must be a captcha out there that doesn't use sessions, i have searched the net but cannot find anything...

[MadTechie]

Okay the header info is of couse be definition a hack.. but it doesn't make it less secure.. infact you shouldn't be getting an expired page!

 

by removing sessions your need to have a link from the clients machine to stored data on the server.. thats exactly what sessions are used for.. by saying you need one without is like saying you need a cookie that doesn't store on the clients PC.. thats what its for!

 

if you post the code for the captcha i'll review it,

[Omzy]

Ok here is file captcha_image.php:

 

<?php
session_start();
include("captcha_config.php"); // file with configuration data
// create random character code for the captcha image
$text = "";
$key_chars = 'ABCDEFGHJKLMNPQRSTUVWXYZ23456789'; // 0 1 O I removed to avoid confusion
$rand_max  = strlen($key_chars) - 1;
for ($i = 0; $i < $length; $i++) {
    $rand_pos  = rand(0, $rand_max);
    $text.= $key_chars{$rand_pos};
}
$_SESSION['captcha'] = $text; // save what we create

/// code to create the captcha image

header ("content-type: image/png");
imagepng ($img);
imagedestroy ($img);
?>

 

And I implement it in my quotation form as follows:

 

<?php
session_start();
include("header.php") // this is my site's header file

$secure = strtoupper(trim(strip_tags($_POST['secure'])));
$match = $_SESSION['captcha']; // the code on the image

[Omzy]

Something I have discovered - I don't get the page expired message if I enter the correct captcha code and press the back button. If I enter an incorrect code, the page is re-displayed, as it should, i then enter the correct code and i get the confirmation page, click the back button and get the page expired message.

[MadTechie]

okay well i was missing the config.php file etc

so i build a new one (kinda need to write one for a project anyways)

its a simple one but works well

i tested with FF, the back button works but it didn't re-gen the code.. it does now

See attached

 

 

[attachment deleted by admin]

[Omzy]

hi thanks for that. it ALMOST worked perfectly, except same problem as i mentioned above:

 

I don't get the page expired message if I enter the correct captcha code and press the back button. If I enter an incorrect code, the page is re-displayed, as it should, i then enter the correct code and i get the confirmation page, click the back button and get the page expired message.

 

i tested this in IE, as 90% of my site visitors use IE...

[Omzy]

In fact same result in FF - but instead of the "page is expired" page, I get the firefox equivalent message box,

[MadTechie]

Humm

Just tested on FF3 && IE7, (i'll assume your using IE6 as i know that has issules!)

my IE7 test

 

#1 Entered incorrect code.

clicked back

-fine

#2 Entered correct code.

clicked back

-fine

#3 Entered correct code.

clicked back

-fine

#4 Entered incorrect code.

clicked back

-fine

#5 Entered correct code.

clicked back

-fine

 

I don't have IE6 on this PC..

[Omzy]

LOL I'm using IE8 but I've also tested this on FF3! Trust me second time round I get the page expired message! If it's working for you but not for me, what else could be causing the problem!?

[MadTechie]

well i'm running it from WAMP!

is it running from a live server ? if so could a test from here ? (PM if you want)

 

is it possible you have some caching headers setup in a .htaccess file ?

 

EDIT: maybe remove the line!

header("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); // Date in the past

[Omzy]

I'm using WAMP myself. I'm currently developing on localhost, i haven't got access to a live server yet.

 

Nope, dnt hav any other headers set up anywhere.

 

Anyway i'll give that a go tomorrow, off to bed now. Thanks for your help so far.

[MadTechie]

LOL, Yeah getting some sleep myself..

Just to confirm.. you are testing via my form example right!

[Omzy]

LOL I actually thought about that just as I got in to bed last night - I wasn't testing using your form!

 

I've tested your form and it does work, however it's not exactly the same as my form. For example my form will re-display the form if there was an error - yours goes to a blank page with an error message printed.

 

I've now amended your form slightly so it does what my form does, and yep I've managed to make it break!

 

Here check the code below and see if you can replicate the problem:

 

<?php
session_start();
if(isset($_POST['submit']) && $_SESSION['security_code'] == $_POST['security_code'])
{
echo 'Thank you. Your message said "'.$_POST['message'].'"';
unset($_SESSION['security_code']);
}
else
{
if(isset($_POST['security_code']) && $_SESSION['security_code'] != $_POST['security_code'])
{
  echo 'Sorry, you have provided an invalid security code';
}

echo '
<form action="form.php" method="post">
  <label for="name">Name: </label><input type="text" name="name" id="name" /><br />
  <label for="email">Email: </label><input type="text" name="email" id="email" /><br />
  <label for="message">Message: </label><textarea rows="5" cols="30" name="message" id="message"></textarea><br />
  <img src="captcha.php?width=100&height=40&characters=5&<?php echo time(); ?>" /><br />
  <label for="security_code">Security Code: </label><input id="security_code" name="security_code" type="text" /><br />
  <input type="submit" name="submit" value="Submit" />
</form>
';
}
?>