Not sure why this script is not working?

[$Three3]

Hi I am new to php programing and I was trying to make up a simple script like a captcha but I cannot get the validation part of it working. I think it should work but it is not. Anyone know what is wrong. Any help is greatly appreciated. Here is the code:

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<title>Captcha</title>
</head>
<body>

<?php

$alpha = 'abcdefghijklmnopqrstuvwxyz' ;
$shuffle = str_shuffle($alpha) ;
$partial = substr($shuffle , 0 , 4) ;
echo "$partial <br /><br />" ;

if (isset($_POST['submitted'])) {
 
 	//Valdate the info
 	if ($_POST['input'] != $partial) {
 	 echo "Your answer does not match the capthcha. Please try again.<br /><br />" ;
 	} else {
 	 echo "You answered correctly!<br /><br />" ;
 	}
}

?>

<form action="capthcha2.php" method="post">
<p>Enter Captcha: <input name="input" type="text" size="20" /></p>
<input name="submit" type="submit" value="Submit" />
<input name="submitted" type="hidden" value="true" />
</form>


</body>
</html>

 

[Buddski]

When the user posts the 'captcha' value the PHP script will regenerate a new $partial string..

You need to pass it with the form (simplest way but insecure).. The best way would be to create the string and store it in a session.. then when the user posts the form check their input with the session value..

[$Three3]

When the user posts the 'captcha' value the PHP script will regenerate a new $partial string..

You need to pass it with the form..

 

Hey thanks for the reply. I'm not 100% sure what you mean by passing it to a form. If you don't mind explaining that that would be great. Thanks

[Buddski]

Sure thing..

 

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<title>Captcha</title>
</head>
<body>

<?php

$alpha = 'abcdefghijklmnopqrstuvwxyz' ;
$shuffle = str_shuffle($alpha) ;
$partial = substr($shuffle , 0 , 4) ;

if (isset($_POST['submitted'])) {

    //Valdate the info
    if ($_POST['input'] != $_POST['cap']) {
     echo "Your answer does not match the capthcha. Please try again.<br /><br />" ;
    } else {
     echo "You answered correctly!<br /><br />" ;
exit(); // I added this because you dont need to see the form again if they got it correct
    }
}

echo "$partial <br /><br />" ;

?>

<form action="capthcha2.php" method="post">
<p>Enter Captcha: <input name="input" type="text" size="20" /></p>
<input type="hidden" name="cap" value="<?php echo $partial; ?>" />
<input name="submit" type="submit" value="Submit" />
<input name="submitted" type="hidden" value="true" />
</form>


</body>
</html>

 

Basically, when the page loads PHP creates a $partial string. This happens EVERYTIME that page is loaded so everytime the form is submitted the page is reloaded and the $partial string recalculated. You need a way of storing the captcha value that they are to enter.. Hope this explains it a little more..

[KevinM1]

When the user posts the 'captcha' value the PHP script will regenerate a new $partial string..

You need to pass it with the form..

 

Hey thanks for the reply. I'm not 100% sure what you mean by passing it to a form. If you don't mind explaining that that would be great. Thanks

 

You need to retain the old $partial value when the page reloads.  Why is this necessary?  Work through your current form:

 

User visits the site, and a CAPTCHA value is created.

User submits the form.

Page reloads.

A new CAPTCHA value is created.

The script tests the submitted value against the newly generated value.  For all intents and purposes, they can never be the same.

 

So, you need to force your script to remember the old CAPTCHA value for testing purposes.  Normally you'd be able to simply stick that value in a hidden form input, but since this is for security purposes, that's a bad idea.  Use sessions instead.

[Buddski]

Also don't forget, the main purpose of a captcha is to stop bots from submitting your form. The older methods of this included making the text all but readable.

Lately I have seen some very cool CAPTCHA scripts that are basically mini-puzzle games which you need to solve to process the form.. Very cool indeed.

 

Note: I wasnt suggesting you didnt know what a CAPTCHA was for.. Just needed an excuse to talk about cool mini-games