$Three3 Posted December 14, 2009 Share Posted December 14, 2009 Hi I am new to php programing and I was trying to make up a simple script like a captcha but I cannot get the validation part of it working. I think it should work but it is not. Anyone know what is wrong. Any help is greatly appreciated. Here is the code: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <title>Captcha</title> </head> <body> <?php $alpha = 'abcdefghijklmnopqrstuvwxyz' ; $shuffle = str_shuffle($alpha) ; $partial = substr($shuffle , 0 , 4) ; echo "$partial <br /><br />" ; if (isset($_POST['submitted'])) { //Valdate the info if ($_POST['input'] != $partial) { echo "Your answer does not match the capthcha. Please try again.<br /><br />" ; } else { echo "You answered correctly!<br /><br />" ; } } ?> <form action="capthcha2.php" method="post"> <p>Enter Captcha: <input name="input" type="text" size="20" /></p> <input name="submit" type="submit" value="Submit" /> <input name="submitted" type="hidden" value="true" /> </form> </body> </html> Quote Link to comment https://forums.phpfreaks.com/topic/185059-not-sure-why-this-script-is-not-working/ Share on other sites More sharing options...
Buddski Posted December 14, 2009 Share Posted December 14, 2009 When the user posts the 'captcha' value the PHP script will regenerate a new $partial string.. You need to pass it with the form (simplest way but insecure).. The best way would be to create the string and store it in a session.. then when the user posts the form check their input with the session value.. Quote Link to comment https://forums.phpfreaks.com/topic/185059-not-sure-why-this-script-is-not-working/#findComment-976839 Share on other sites More sharing options...
$Three3 Posted December 14, 2009 Author Share Posted December 14, 2009 When the user posts the 'captcha' value the PHP script will regenerate a new $partial string.. You need to pass it with the form.. Hey thanks for the reply. I'm not 100% sure what you mean by passing it to a form. If you don't mind explaining that that would be great. Thanks Quote Link to comment https://forums.phpfreaks.com/topic/185059-not-sure-why-this-script-is-not-working/#findComment-976840 Share on other sites More sharing options...
Buddski Posted December 14, 2009 Share Posted December 14, 2009 Sure thing.. <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <title>Captcha</title> </head> <body> <?php $alpha = 'abcdefghijklmnopqrstuvwxyz' ; $shuffle = str_shuffle($alpha) ; $partial = substr($shuffle , 0 , 4) ; if (isset($_POST['submitted'])) { //Valdate the info if ($_POST['input'] != $_POST['cap']) { echo "Your answer does not match the capthcha. Please try again.<br /><br />" ; } else { echo "You answered correctly!<br /><br />" ; exit(); // I added this because you dont need to see the form again if they got it correct } } echo "$partial <br /><br />" ; ?> <form action="capthcha2.php" method="post"> <p>Enter Captcha: <input name="input" type="text" size="20" /></p> <input type="hidden" name="cap" value="<?php echo $partial; ?>" /> <input name="submit" type="submit" value="Submit" /> <input name="submitted" type="hidden" value="true" /> </form> </body> </html> Basically, when the page loads PHP creates a $partial string. This happens EVERYTIME that page is loaded so everytime the form is submitted the page is reloaded and the $partial string recalculated. You need a way of storing the captcha value that they are to enter.. Hope this explains it a little more.. Quote Link to comment https://forums.phpfreaks.com/topic/185059-not-sure-why-this-script-is-not-working/#findComment-976845 Share on other sites More sharing options...
KevinM1 Posted December 14, 2009 Share Posted December 14, 2009 When the user posts the 'captcha' value the PHP script will regenerate a new $partial string.. You need to pass it with the form.. Hey thanks for the reply. I'm not 100% sure what you mean by passing it to a form. If you don't mind explaining that that would be great. Thanks You need to retain the old $partial value when the page reloads. Why is this necessary? Work through your current form: User visits the site, and a CAPTCHA value is created. User submits the form. Page reloads. A new CAPTCHA value is created. The script tests the submitted value against the newly generated value. For all intents and purposes, they can never be the same. So, you need to force your script to remember the old CAPTCHA value for testing purposes. Normally you'd be able to simply stick that value in a hidden form input, but since this is for security purposes, that's a bad idea. Use sessions instead. Quote Link to comment https://forums.phpfreaks.com/topic/185059-not-sure-why-this-script-is-not-working/#findComment-976851 Share on other sites More sharing options...
Buddski Posted December 14, 2009 Share Posted December 14, 2009 Also don't forget, the main purpose of a captcha is to stop bots from submitting your form. The older methods of this included making the text all but readable. Lately I have seen some very cool CAPTCHA scripts that are basically mini-puzzle games which you need to solve to process the form.. Very cool indeed. Note: I wasnt suggesting you didnt know what a CAPTCHA was for.. Just needed an excuse to talk about cool mini-games Quote Link to comment https://forums.phpfreaks.com/topic/185059-not-sure-why-this-script-is-not-working/#findComment-976853 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.