Captcha problem users just refresh and it will let them auto submit again

[Gayner]

Users will just re submit and not have to enter the new captcha.. ? Lol but if i refresh the page, the captcha auto makes a new1 so u cant submit.

 

But if u enter captcha code alrdy, then submit form correctly, and press refresh to auto submit form, it does it? This is a major security risk here is my code, thanks:

 

session_start();

$RandomStr = md5(microtime());// md5 to generate the random string
$text = rand(10000,99999);
$_SESSION["key"] = $text;
$height = 25;
$width = 35;

$image_p = imagecreate($width, $height);
$black = imagecolorallocate($image_p, 100, 5, 5);
$white = imagecolorallocate($image_p, 155, 155, 025);
$font_size = 16;
$text=substr($_SESSION['key'],0,3);
imagestring($image_p, $font_size, 5, 5, $text, $white);
imagejpeg($image_p, null, 80); 

 

then my HTML:

 

<tr class="bts ce"><td colspan=2><b>Security Code Confirmation</b></td></tr>

	<tr>
		<td align="right">Your unique security code<input type="hidden" name="secId" value="76c2b0e6f20ed0f1b209bcf39dee8e06"></td>
		<td>
			<img src="php_captcha.php">
			<br><span class="desc">If The images are broke, please contact us.</span></span>
		</td>
	</tr>

 

Is there a way so people cant auto submit form?

 

Captcha  works if u refresh but people can just auto submit the form and it will keep submiiting...

[PFMaBiSmAd]

It's not exactly clear what problem you are describing, but I suspect that once someone enters the correct captcha value, they can keep submitting values to your form processing code?

 

You need to unset or clear $_SESSION["key"] in the form processing code so that a different correct captcha value must be entered for each submission. You must also test if $_SESSION["key"] is set (see the isset function) and that the value equals what was entered in the form field (a lot of people make the mistake of just testing if it is equal to what was entered in the form field, but if you visit their form processing code without visiting the form and enter nothing, nothing does equal nothing and the captcha test passes.)

[Gayner]

It's not exactly clear what problem you are describing, but I suspect that once someone enters the correct captcha value, they can keep submitting values to your form processing code?

 

You need to unset or clear $_SESSION["key"] in the form processing code so that a different correct captcha value must be entered for each submission. You must also test if $_SESSION["key"] is set (see the isset function) and that the value equals what was entered in the form field (a lot of people make the mistake of just testing if it is equal to what was entered in the form field, but if you visit their form processing code without visiting the form and enter nothing, nothing does equal nothing and the captcha test passes.)

 

Hi sir ur exactly right!!

 

But i have a problem now trying to pull my data from mysql.. i do this all time but ever sence i went on localhost it's a problem with Undefined index...

 

Instead of making a new topic, (Cause i'll get warned) i'll ask u guys here:

 

 

 

<?php
$query  = "SELECT id,title,time,level,nameid FROM prays";
$result = mysql_query($query);

while($row = mysql_fetch_row($result))
{
echo $row['id'];
}

mysql_free_result($result);
?>

 

This code is fine, but i get this error:

 

Notice: Undefined index: id in C:\wamp\www\view.php on line 46

Notice: Undefined index: id in C:\wamp\www\view.php on line 46

Notice: Undefined index: id in C:\wamp\www\view.php on line 46

Notice: Undefined index: id in C:\wamp\www\view.php on line 46

 

I am getting way to much Undefinded Index error this is pissing me off my code is just FINE

[PFMaBiSmAd]

The posted code cannot produce that error (if the posted query executes so that $result is a result resource, there would be an 'id' index.) It would take seeing your whole actual code to be able to determine what is causing the error. I suspect you have different $query/$result variables and line 46 is doing something else.

[Gayner]

The posted code cannot produce that error (if the posted query executes so that $result is a result resource, there would be an 'id' index.) It would take seeing your whole actual code to be able to determine what is causing the error. I suspect you have different $query/$result variables and line 46 is doing something else.

 

 

no

 

look

 

 

<?php
if (!isset($_SESSION['user_name'])) {
//			<td align="right">Private?:</td>

		//<td><input type="checkbox" name="private" value="1"/></td>
//echo 'Since you are a Guest, or not <a href=register.php>Registered</a>, you can still Submit a Prayer! <br>';
$l = "<img src=images/warn.png> If you would like to Keep Track of your Prayers and so on, Please just make a account by Clicking <a href=register.php>here!</a> *It's Free! <br> ";
$pray =
'<td class="cL" align="right">Your Name:</td>
		<td><input type="text" name="name" value="" size="30" maxlength="100"/> (Since you dont have a account, You can leave this blank if you want)</td>';
}
else
{
$l = "";
}
?>	
<div><br>
<div class="fR ab"><a href="post.php?c=0&f=34">New Topic</a></div>
<div class="pager">Page 1 of 4138 <b>1</b><a href="forum.php?f=34&o=25">2</a><a href="forum.php?f=34&o=50">3</a><a href="forum.php?f=34&o=75">4</a></div>

</div><fieldset><legend>Prayer Titles</legend>
<table class="ftb">
<colgroup align="center">
<col></col>
<col width="50%" align="left"></col>
<col width="18%" align="left"></col>
<col width="7%"></col>
<col width="7%"></col>
<col width="18%" align="left"></col>
</colgroup>
<tr>
<th></th>
<th nowrap>Topic Title</th>
<th>Author</th>

<th>Replies</th>
<th>Views</th>
<th nowrap>Last Reply</th>
</tr>
<?php

$query  = "SELECT `id`,title,time,level,nameid FROM prays";
$result = mysql_query($query);

while($row = mysql_fetch_row($result))
{
echo $row['id'];
}

mysql_free_result($result);
?>
<tr>
<td><div class="e2"></div></td>
<td>Sticky:  <a href="topic.php?t=16597993&f=34"><b>Donate For Me Please&#33;</b></a> <span class="mpl"><a href="topic.php?t=16597993&f=34&o=0">1</a>  <a href="topic.php?t=16597993&f=34&o=10">2</a>  <a href="topic.php?t=16597993&f=34&o=20">3</a>  <a class="mpll" href="topic.php?t=16597993&f=34&o=15110">»1512</a></span></td>

<td><a href="user.php?i=189153">Lajo</a><img src="/images/i6.gif"><br><span class="desc">Mar 27 08 07:26pm</span></td>
<td>15,117</td>
<td>448,857</td>
<td class="lc"><a href="user.php?i=219525">Arsenic_Touch</a><img src="/images/i60.gif"><br><span class="desc">1 hours, 2 minutes ago</span></td>
</tr>
</table></tr>

 

that's my whole .php

[Gayner]

OK WOW I USED THIS AND NOW IT WORKS?

 

CAN SOMONE TELL ME WHY THE HELL PHP IS DOING THIS TO ME? AM I FREAKN POSSESSED?

 

<?php
$sql="SELECT id,title,time,level,nameid FROM prays LIMIT 20";
$result=mysql_query($sql);

// Start looping rows in mysql database.
while($rows=mysql_fetch_array($result)){

echo $rows['id'];


}
mysql_close();
?>

WHAT IS THE DIFFERENCE. PLZ TEL ME

[PFMaBiSmAd]

Best guess is that you somehow got a non-printing character typed into the code.

[Gayner]

Best guess is that you somehow got a non-printing character typed into the code.

 

no it's array on the mysql vs row..

 

why cant i use row but if i use array on mysql fetch it works?