Jump to content

Captcha check


Pavlos1316

Recommended Posts

Hello,

 

I have a code to generate captcha in my site and the below code to check it during the registration, but I can't make it work. Any suggestions?

 

//database info

//database connection

//check if username is empty
exit();
}

//check if password is empty
exit();
}

//check if username exists
exit();
}

//check if captcha is the same as the provided

if($_SESSION['captchaCheck'] != $_POST['providedCaptcha'] && !empty($_SESSION['captchaCheck'])){
     echo "The inserted text (".$_POST['providedCaptcha'].") does not match the rendered one (".$_SESSION['captchaCheck'].")!";
     unset($_SESSION['captchaCheck']);
exit();
}

//post in database

 

Everything is working (that's why I didn't write them) exept the captcha check.

 

Thank you.

Link to comment
https://forums.phpfreaks.com/topic/194884-captcha-check/
Share on other sites

I think you will find that if someone (or a bot script) visits your form processing code without first visiting your form to set the $_SESSION['captchaCheck'] variable, that your existing code can be bypassed.

 

Give this a try -

<?php
// if the session variable is empty (someone visited the processing code without first visiting the form), or
// if the post variable is empty (someone either did not enter a value or a bot script did not supply that form field), or
// if the two values don't match -
if(empty($_SESSION['captchaCheck']) || empty($_POST['providedCaptcha']) || $_SESSION['captchaCheck'] != $_POST['providedCaptcha']){
     echo "The inserted text (".$_POST['providedCaptcha'].") does not match the rendered one (".$_SESSION['captchaCheck'].")!";
     unset($_SESSION['captchaCheck']);
exit();
}
// at this point, the session variable contained something, the post variable contained something, and the two values matched
// unset the session variable at this point to prevent repeated submissions
unset($_SESSION['captchaCheck']);
?>

 

Edit: You will also find that bot scripts that don't support sessions can bypass your current logic.

Link to comment
https://forums.phpfreaks.com/topic/194884-captcha-check/#findComment-1024681
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.