johnnyboy16 Posted July 29, 2010 Share Posted July 29, 2010 Hi guys. I'm using php to randomly generate a simple math verification question. But, I'm having a hard time validating the input. Can someone please tell me what I'm doing wrong? Thank you } else if(trim($verify) != $_SESSION['UserData']['Math'][0]+$_SESSION['UserData']['Math'][1]){ $error = '<div class="error_message">Attention! The verification number you entered is incorrect.</div>'; } <?php echo "<span class='label'><span class='required'>*</span>What is ".$_SESSION['UserData']['Math'][0]." + ".$_SESSION['UserData']['Math'][1]."?</span> "; ?> <input name="verify" type="text" id="verify" size="3" value="<?=$verify;?>" /><br /><br /> Quote Link to comment Share on other sites More sharing options...
Psycho Posted July 29, 2010 Share Posted July 29, 2010 Let me get out my crystal ball Hmm, the spirits are not being helpful. Why don't you tell us what the code above is supposed to do and what it is doing differently? Quote Link to comment Share on other sites More sharing options...
johnnyboy16 Posted July 29, 2010 Author Share Posted July 29, 2010 The code is being used on my contact form. Right now I receive the error message even when I input the correct value. Quote Link to comment Share on other sites More sharing options...
johnnyboy16 Posted July 29, 2010 Author Share Posted July 29, 2010 The code generates a random addition problem. Quote Link to comment Share on other sites More sharing options...
Alex Posted July 29, 2010 Share Posted July 29, 2010 Please post your entire code. Quote Link to comment Share on other sites More sharing options...
johnnyboy16 Posted July 29, 2010 Author Share Posted July 29, 2010 <?php $error = ''; $name = ''; $organizaton = ''; $email = ''; $subject = ''; $comments = ''; $verify = ''; if(isset($_POST['contactus'])) { $name = $_POST['name']; $oranization = $_POST['organiation']; $email = $_POST['email']; $subject = $_POST['subject']; $comments = $_POST['comments']; $verify = $_POST['verify']; if(trim($name) == '') { $error = '<div class="error_message">You must enter your name.</div>'; } else if(trim($email) == '') { $error = '<div class="error_message">Attention! Please enter a valid email address.</div>'; } else if(!isEmail($email)) { $error = '<div class="error_message">Attention! You have enter an invalid e-mail address, try again.</div>'; } else if(trim($subject) == '') { $error = '<div class="error_message">Attention! Please enter a subject.</div>'; } else if(trim($comments) == '') { $error = '<div class="error_message">Attention! Please enter your message.</div>'; } else if(trim($verify) == '') { $error = '<div class="error_message">Attention! Please enter the verification number.</div>'; } else if(trim($verify) != $_SESSION['UserData']['Math'][0]+$_SESSION['UserData']['Math'][1]){ $error = '<div class="error_message">Attention! The verification number you entered is incorrect.</div>'; } if($error == '') { if(get_magic_quotes_gpc()) { $comments = stripslashes($comments); } $address = "john@aol.com"; $e_subject = 'You\'ve been contacted by ' . $name . '.'; $e_body = "You have been contacted by $name with regards to $subject, their additional message is as follows.\r\n\n"; $e_content = "\"$comments\"\r\n\n"; $e_reply = "You can contact $organzation, $name via email, $email"; $msg = $e_body . $e_content . $e_reply; mail($address, $e_subject, $msg, "From: $email\r\nReply-To: $email\r\nReturn-Path: $email\r\n"); // Email has sent successfully, success page. echo "<div id='succsess_page'>"; echo "<h1>Email Sent Successfully.</h1>"; echo "</div>"; } } if(!isset($_POST['contactus']) || $error != '') { ?> <fieldset> <legend>Contact Form</legend> <? echo $error; ?> <form method="post" action=""> <label for=name accesskey=U><span class="required">*</span>Name</label> <input name="name" type="text" id="name" size="35" value="<?=$name;?>" /> <br /> <label for=name accesskey=U>Organization</label> <input name="organization" type="text" id="organization" size="35" value="<?=$organization;?>" /> <br /> <label for=email accesskey=E><span class="required">*</span>Email</label> <input name="email" type="text" id="email" size="35" value="<?=$email;?>" /> <br /> <label for=subject accesskey=S><span class="required">*</span>Subject</label> <select name="subject" class="gray" type="text" id="subject"> <option value="Support">Support</option> <option value="Other">Other</option> </select> <br /> <label for=comments accesskey=C><span class="required">*</span>Comments</label> <textarea name="comments" cols="40" rows="3" id="comments"><?=$comments;?></textarea> <br /> <?php $_SESSION['UserData']['Math'][0] = rand(1,5); $_SESSION['UserData']['Math'][1] = rand(1,5); ?> <?php echo "<span class='label'><span class='required'>*</span>What is ".$_SESSION['UserData']['Math'][0]." + ".$_SESSION['UserData']['Math'][1]."?</span> "; ?> <input name="verify" type="text" id="verify" size="3" value="<?=$verify;?>" /><br /><br /> <input name="contactus" type="submit" class="submit" id="contactus" value="send it" /> </form> </fieldset> <? } function isEmail($email) { // Email address verification, do not edit. return(preg_match("/^[-_.[:alnum:]]+@((([[:alnum:]]|[[:alnum:]][[:alnum:]-]*[[:alnum:]])\.)+(ad|ae|aero|af|ag|ai|al|am|an|ao|aq|ar|arpa|as|at|au|aw|az|ba|bb|bd|be|bf|bg|bh|bi|biz|bj|bm|bn|bo|br|bs|bt|bv|bw|by|bz|ca|cc|cd|cf|cg|ch|ci|ck|cl|cm|cn|co|com|coop|cr|cs|cu|cv|cx|cy|cz|de|dj|dk|dm|do|dz|ec|edu|ee|eg|eh|er|es|et|eu|fi|fj|fk|fm|fo|fr|ga|gb|gd|ge|gf|gh|gi|gl|gm|gn|gov|gp|gq|gr|gs|gt|gu|gw|gy|hk|hm|hn|hr|ht|hu|id|ie|il|in|info|int|io|iq|ir|is|it|jm|jo|jp|ke|kg|kh|ki|km|kn|kp|kr|kw|ky|kz|la|lb|lc|li|lk|lr|ls|lt|lu|lv|ly|ma|mc|md|mg|mh|mil|mk|ml|mm|mn|mo|mp|mq|mr|ms|mt|mu|museum|mv|mw|mx|my|mz|na|name|nc|ne|net|nf|ng|ni|nl|no|np|nr|nt|nu|nz|om|org|pa|pe|pf|pg|ph|pk|pl|pm|pn|pr|pro|ps|pt|pw|py|qa|re|ro|ru|rw|sa|sb|sc|sd|se|sg|sh|si|sj|sk|sl|sm|sn|so|sr|st|su|sv|sy|sz|tc|td|tf|tg|th|tj|tk|tm|tn|to|tp|tr|tt|tv|tw|tz|ua|ug|uk|um|us|uy|uz|va|vc|ve|vg|vi|vn|vu|wf|ws|ye|yt|yu|za|zm|zw)$|(([0-9][0-9]?|[0-1][0-9][0-9]|[2][0-4][0-9]|[2][5][0-5])\.){3}([0-9][0-9]?|[0-1][0-9][0-9]|[2][0-4][0-9]|[2][5][0-5]))$/i",$email)); } ?> Quote Link to comment Share on other sites More sharing options...
PFMaBiSmAd Posted July 29, 2010 Share Posted July 29, 2010 You do realize that outputting a simple math problem as plain text on a web page is extremely easy for another computer to solve. It can be done using a simple eval() instruction in php. I would display the math problem as a dynamically generated image so that it would both be necessary for a computer to 'read' the image and then solve the math problem. Quote Link to comment Share on other sites More sharing options...
Alex Posted July 29, 2010 Share Posted July 29, 2010 As PFMaBiSmAd said, this is poor security, but to answer your question there are a few problems with your code. You need to place session_start at the top of the page. On the following two lines organization is spelled incorrectly: $oranization = $_POST['organiation']; ... $e_reply = "You can contact $organzation, $name via email, $email"; You should not use short tags (<? ?> and <?=$var?>) because it will make your script much less portable. Instead you should use the normal <?php ?> / <?php echo $var; ?> tags. Quote Link to comment Share on other sites More sharing options...
Psycho Posted July 29, 2010 Share Posted July 29, 2010 Well, your problem is pretty simple. You are NOT using session variables. Towards the end of the page you have this $_SESSION['UserData']['Math'][0] = rand(1,5); $_SESSION['UserData']['Math'][1] = rand(1,5); But, you never started a session, so all you did was create two local variables. When the page reloads those previously set values do not exist. When the verification is done (before those two lines) you are validating against a null value. I bet the validation will pass if you always enter 0. Personally, I see no reason to use session variables. Just store the "answer" in a hidden field but mask it in some way so a user or bot would be unable to determine the answer. I'll provide a solution in a few minutes. Quote Link to comment Share on other sites More sharing options...
Psycho Posted July 29, 2010 Share Posted July 29, 2010 Here is a working example <?php function getMaskedAnswer($answer) { return strtotime("2010-1-1 +{$answer} days"); } $response = ''; //Check the user input if(isset($_POST['user_answer'])) { $u_answer = trim($_POST['user_answer']); if(getMaskedAnswer($u_answer)==$_POST['answer']) { $response = "Correct!"; } else { $response = "Sorry that was the wrong answer."; } } //Generate new question and answer $num1 = rand(1, 10); $num2 = rand(1, 10); $answer = getMaskedAnswer($num1+$num2); $question = "What is {$num1} plus {$num2}"; ?> <html> <head></head> <body> <?php echo $response; ?> <form action="" method="POST"> Please answer the following question for validation:<br /><br /> <b>Question:</b><br /> <?php echo $question; ?><br /><br /> <b>Answer:</b> <input type="text" name="user_answer" /> <input type="hidden" name="answer" value="<?php echo $answer; ?>" /> <button type="submit">Go</button> <br /> </form> </body> </html> Quote Link to comment Share on other sites More sharing options...
johnnyboy16 Posted July 29, 2010 Author Share Posted July 29, 2010 Thank you mjdamato. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.