Jump to content

Recommended Posts

Hi guys.  I'm using php to randomly generate a simple math verification question.  But, I'm having a hard time validating the input.  Can someone please tell me what I'm doing wrong?

 

Thank you

 

 

 

} else if(trim($verify) != $_SESSION['UserData']['Math'][0]+$_SESSION['UserData']['Math'][1]){
    	$error = '<div class="error_message">Attention! The verification number you entered is incorrect.</div>';
}	



<?php
echo "<span class='label'><span class='required'>*</span>What is ".$_SESSION['UserData']['Math'][0]." +    ".$_SESSION['UserData']['Math'][1]."?</span> ";
?>

<input name="verify" type="text" id="verify" size="3" value="<?=$verify;?>" /><br /><br />

 

 

Link to comment
https://forums.phpfreaks.com/topic/209230-math-verification-help/
Share on other sites

 

<?php

        $error    = '';
        $name     = '';
        $organizaton = '';
        $email    = ''; 
        $subject  = ''; 
        $comments = ''; 
        $verify   = '';

        if(isset($_POST['contactus'])) {
        

        $name     = $_POST['name'];
        $oranization = $_POST['organiation'];
        $email    = $_POST['email']; 
        $subject  = $_POST['subject'];
        $comments = $_POST['comments'];
        $verify   = $_POST['verify'];


        if(trim($name) == '') {
        	$error = '<div class="error_message">You must enter your name.</div>';
        } else if(trim($email) == '') {
        	$error = '<div class="error_message">Attention! Please enter a valid email address.</div>';
        } else if(!isEmail($email)) {
        	$error = '<div class="error_message">Attention! You have enter an invalid e-mail address, try again.</div>';
        } else if(trim($subject) == '') {
        	$error = '<div class="error_message">Attention! Please enter a subject.</div>';
        } else if(trim($comments) == '') {
        	$error = '<div class="error_message">Attention! Please enter your message.</div>';
        } else if(trim($verify) == '') {
$error = '<div class="error_message">Attention! Please enter the verification number.</div>';
        } else if(trim($verify) != $_SESSION['UserData']['Math'][0]+$_SESSION['UserData']['Math'][1]){
$error = '<div class="error_message">Attention! The verification number you entered is incorrect.</div>';
    }		

        if($error == '') {
        
	if(get_magic_quotes_gpc()) {
            	$comments = stripslashes($comments);
            }


         $address = "john@aol.com";

         $e_subject = 'You\'ve been contacted by ' . $name . '.';

	 $e_body = "You have been contacted by $name with regards to $subject, their additional message is as follows.\r\n\n";
	 $e_content = "\"$comments\"\r\n\n";

	 $e_reply = "You can contact $organzation, $name via email, $email";

         $msg = $e_body . $e_content . $e_reply;

         mail($address, $e_subject, $msg, "From: $email\r\nReply-To: $email\r\nReturn-Path: $email\r\n");


	 // Email has sent successfully, success page.

	 echo "<div id='succsess_page'>";
	 echo "<h1>Email Sent Successfully.</h1>";
	 echo "</div>";
                      
	}
}

         if(!isset($_POST['contactus']) || $error != '') 
         {
?>
            
           	<fieldset>
           	
           	<legend>Contact Form</legend>

            <? echo $error; ?>
            
            <form  method="post" action="">

		<label for=name accesskey=U><span class="required">*</span>Name</label>
            <input name="name" type="text" id="name" size="35" value="<?=$name;?>" />
            
            
		<br />
		<label for=name accesskey=U>Organization</label>
            <input name="organization" type="text" id="organization" size="35" value="<?=$organization;?>" />

		<br />
            <label for=email accesskey=E><span class="required">*</span>Email</label>
            <input name="email" type="text" id="email" size="35" value="<?=$email;?>" />

		<br />
		<label for=subject accesskey=S><span class="required">*</span>Subject</label>
            <select name="subject" class="gray" type="text" id="subject">
              <option value="Support">Support</option>
              <option value="Other">Other</option>
            </select>

		<br />
            <label for=comments accesskey=C><span class="required">*</span>Comments</label>
            <textarea name="comments" cols="40" rows="3"  id="comments"><?=$comments;?></textarea>
            
            <br />
            
            <?php
	$_SESSION['UserData']['Math'][0] = rand(1,5);
	$_SESSION['UserData']['Math'][1] = rand(1,5);
?>

<?php

	echo "<span class='label'><span class='required'>*</span>What is ".$_SESSION['UserData']['Math'][0]." + ".$_SESSION['UserData']['Math'][1]."?</span> ";
?>

<input name="verify" type="text" id="verify" size="3" value="<?=$verify;?>" /><br /><br />	

            <input name="contactus" type="submit" class="submit" id="contactus" value="send it" />

            </form>
            
            </fieldset>
            
<? } 

function isEmail($email) { // Email address verification, do not edit.
return(preg_match("/^[-_.[:alnum:]]+@((([[:alnum:]]|[[:alnum:]][[:alnum:]-]*[[:alnum:]])\.)+(ad|ae|aero|af|ag|ai|al|am|an|ao|aq|ar|arpa|as|at|au|aw|az|ba|bb|bd|be|bf|bg|bh|bi|biz|bj|bm|bn|bo|br|bs|bt|bv|bw|by|bz|ca|cc|cd|cf|cg|ch|ci|ck|cl|cm|cn|co|com|coop|cr|cs|cu|cv|cx|cy|cz|de|dj|dk|dm|do|dz|ec|edu|ee|eg|eh|er|es|et|eu|fi|fj|fk|fm|fo|fr|ga|gb|gd|ge|gf|gh|gi|gl|gm|gn|gov|gp|gq|gr|gs|gt|gu|gw|gy|hk|hm|hn|hr|ht|hu|id|ie|il|in|info|int|io|iq|ir|is|it|jm|jo|jp|ke|kg|kh|ki|km|kn|kp|kr|kw|ky|kz|la|lb|lc|li|lk|lr|ls|lt|lu|lv|ly|ma|mc|md|mg|mh|mil|mk|ml|mm|mn|mo|mp|mq|mr|ms|mt|mu|museum|mv|mw|mx|my|mz|na|name|nc|ne|net|nf|ng|ni|nl|no|np|nr|nt|nu|nz|om|org|pa|pe|pf|pg|ph|pk|pl|pm|pn|pr|pro|ps|pt|pw|py|qa|re|ro|ru|rw|sa|sb|sc|sd|se|sg|sh|si|sj|sk|sl|sm|sn|so|sr|st|su|sv|sy|sz|tc|td|tf|tg|th|tj|tk|tm|tn|to|tp|tr|tt|tv|tw|tz|ua|ug|uk|um|us|uy|uz|va|vc|ve|vg|vi|vn|vu|wf|ws|ye|yt|yu|za|zm|zw)$|(([0-9][0-9]?|[0-1][0-9][0-9]|[2][0-4][0-9]|[2][5][0-5])\.){3}([0-9][0-9]?|[0-1][0-9][0-9]|[2][0-4][0-9]|[2][5][0-5]))$/i",$email));
}

?>

You do realize that outputting a simple math problem as plain text on a web page is extremely easy for another computer to solve. It can be done using a simple eval() instruction in php.

 

I would display the math problem as a dynamically generated image so that it would both be necessary for a computer to 'read' the image and then solve the math problem.

As PFMaBiSmAd said, this is poor security, but to answer your question there are a few problems with your code.

  • You need to place session_start at the top of the page.
  • On the following two lines organization is spelled incorrectly:
    $oranization = $_POST['organiation'];
    ...
    $e_reply = "You can contact $organzation, $name via email, $email";


  • You should not use short tags (<? ?> and <?=$var?>) because it will make your script much less portable. Instead you should use the normal <?php ?> / <?php echo $var; ?> tags.

 

Well, your problem is pretty simple. You are NOT using session variables. Towards the end of the page you have this

		$_SESSION['UserData']['Math'][0] = rand(1,5);
	$_SESSION['UserData']['Math'][1] = rand(1,5);

 

But, you never started a session, so all you did was create two local variables. When the page reloads those previously set values do not exist. When the verification is done (before those two lines) you are validating against a null value. I bet the validation will pass if you always enter 0.

 

Personally, I see no reason to use session variables. Just store the "answer" in a hidden field but mask it in some way so a user or bot would be unable to determine the answer. I'll provide a solution in a few minutes.

Here is a working example

<?php
    
function getMaskedAnswer($answer)
{
    return strtotime("2010-1-1 +{$answer} days");
}
    
$response = '';
    
//Check the user input
if(isset($_POST['user_answer']))
{
    $u_answer = trim($_POST['user_answer']);
    
    if(getMaskedAnswer($u_answer)==$_POST['answer'])
    {
        $response = "Correct!";
    }
    else
    {
        $response = "Sorry that was the wrong answer.";
    }
}
    
//Generate new question and answer
$num1 = rand(1, 10);
$num2 = rand(1, 10);
$answer = getMaskedAnswer($num1+$num2);
$question = "What is {$num1} plus {$num2}";
  
?>
<html>
<head></head>
<body>
    
<?php echo $response; ?>
     
<form action="" method="POST">
Please answer the following question for validation:<br /><br />
<b>Question:</b><br />
<?php echo $question; ?><br /><br />
  
<b>Answer:</b> <input type="text" name="user_answer" />
<input type="hidden" name="answer" value="<?php echo $answer; ?>" />
<button type="submit">Go</button>
<br />
  
</form>
  
</body>
</html>

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.