webguync Posted December 4, 2010 Share Posted December 4, 2010 Hi, I want to add another form field to determine if a user is human and not spam bots. I looked into CAPTCHA, but I think those are annoying. I was thinking about just having the user enter (5+5) and if the answer is not ten, then displaying a incorrect value message. If correct submit form and info to the Database. Not sure how to do that with what I currently have coded though so need some help with that part. Here is the current code. <?PHP require_once "formvalidator.php"; $show_form=true; if(isset($_POST['Submit'])) { $validator = new FormValidator(); $validator->addValidation("FirstName","req","Please fill in FirstName"); $validator->addValidation("LastName","req","Please fill in LastName"); $validator->addValidation("UserName","req","Please fill in UserName"); $validator->addValidation("Password","req","Please fill in a Password"); $validator->addValidation("Password2","req","Please re-enter your password"); $validator->addValidation("Password2","eqelmnt=Password","Your passwords do not match!"); $validator->addValidation("email","email","The input for Email should be a valid email value"); $validator->addValidation("email","req","Please fill in Email"); $validator->addValidation("Zip","req","Please fill in your Zip Code"); $validator->addValidation("Security","req","Please fill in your Security Question"); $validator->addValidation("Security2","req","Please fill in your Security Answer"); if($validator->ValidateForm()) { $con = mysql_connect("localhost","beatthis","Jim2Drew!") or die('Could not connect: ' . mysql_error()); mysql_select_db("beatthis_beatthis") or die(mysql_error()); $FirstName=mysql_real_escape_string($_POST['FirstName']); //This value has to be the same as in the HTML form file $LastName=mysql_real_escape_string($_POST['LastName']); //This value has to be the same as in the HTML form file $UserName=mysql_real_escape_string($_POST['UserName']); //This value has to be the same as in the HTML form file $Password= md5($_POST['Password']); //This value has to be the same as in the HTML form file $Password2= md5($_POST['Password2']); //This value has to be the same as in the HTML form file $email=mysql_real_escape_string($_POST['email']); //This value has to be the same as in the HTML form file $Zip=mysql_real_escape_string($_POST['Zip']); //This value has to be the same as in the HTML form file $Birthday=mysql_real_escape_string($_POST['Birthday']); //This value has to be the same as in the HTML form file $Security=mysql_real_escape_string($_POST['Security']); //This value has to be the same as in the HTML form file $Security2=mysql_real_escape_string($_POST['Security2']); //This value has to be the same as in the HTML form file $sql="INSERT INTO Profile (`FirstName`,`LastName`,`Username`,`Password`,`Password2`,`email`,`Zip`,`Birthday`,`Security`,`Security2`) VALUES ('$FirstName','$LastName','$UserName','$Password','$Password2','$email','$Zip','$Birthday','$Security','$Security2')"; //echo $sql; if (!mysql_query($sql,$con)) { die('Error: ' . mysql_error()); } else{ mail('[email protected]','A profile has been submitted!',$FirstName.' has submitted their profile',$body); echo "<h3>Your profile information has been submitted successfully.</h3>"; } mysql_close($con); $show_form=false; } else { echo "<h3 class='ErrorTitle'>Validation Errors:</h3>"; $error_hash = $validator->GetErrors(); foreach($error_hash as $inpname => $inp_err) { echo "<p class='errors'>$inpname : $inp_err</p>\n"; } } } if(true == $show_form) { ?> <form name="test" id="ContactForm" method="POST" accept-charset="UTF-8" action="<?php echo $_SERVER['PHP_SELF'];?>"> <fieldset> <div class='normal_field'><label for="LastName">First Name</label></div> <div class='element_label'> <input type='text' name='FirstName' size='20'> </div> <div class='normal_field'><label for="LastName">Last Name</label></div> <div class='element_label'> <input type='text' name='LastName' size='20'> </div> </fieldset> <fieldset> <div class='normal_field'><label for="UserName">User Name</label></div> <div class='element_label'> <input type='text' name='UserName' size='20'> </div> <div class='normal_field'><label for="Password">Password</label></div> <div class='element_label'> <input type='password' name='Password' size='20'> </div> <div class='normal_field'><label for="Password2">Re-Enter Password</label></div> <div class='element_label'> <input type='password' name='Password2' size='20'> </div> <div class='normal_field'><label for="Email">Email</label></div> <div class='element_label'> <input type='text' name='email' size='20'> </div> </fieldset> <fieldset> <div class='normal_field'><label for="Zip">Zip Code</label></div> <div class='element_label'> <input type='text' name='Zip' size='20'> </div> <div class='normal_field'><label for="Birthday">Birthday(mm/dd/yyyy format)</label></div> <div class='element_label'> <input type='text' name='Birthday' size='20'> </div> <div class='normal_field'><label for="Security">Security Question</label></div> <div class='element_label'> <input type='text' name='Security' size='20'> </div> <div class='normal_field'><label for="Security2">Security Answer</label></div> <div class='element_label'> <input type='text' name='Security2' size='20'> </div> <div class='normal_field'><label for="math">What is 5 + 5?</label></div> <div class='element_label'> <input type='text' name='math' size='20'> </div> </fieldset> <div id="agree"> <label for="tos"> <input type="checkbox" id="tos" name="tos" value="yes" /> I have read and agree to the <a href="ajax/serviceterms.html" id="terms">Terms of Service</a>. </label> </div> <fieldset> <div id="service-terms" class="box rounded-all"></div> <div class="controls"> <input id="submit" type="submit" name="Submit" value="CREATE PROFILE"/> </div> </fieldset> </form> <?PHP }//true == $show_form ?> Link to comment https://forums.phpfreaks.com/topic/220686-need-to-add-a-form-field-to-determine-if-user-is-human/ Share on other sites More sharing options...
Zero3X Posted December 5, 2010 Share Posted December 5, 2010 Haven't tested but this should work. <?PHP require_once "formvalidator.php"; $show_form=true; $human_number1 = rand(1, 12); $human_number2 = rand(1, 38); $human_answer = $human_number1 + $human_number2; session_start(); $_SESSION['check_answer'] = $human_answer; if(isset($_POST['Submit'])) { if (!isset($_SESSION['check_answer'])) { die ("Error: Answer session not set"); } if($_POST['math'] != $_SESSION['check_answer']) { die ("You did not pass the human check."); } $validator = new FormValidator(); $validator->addValidation("FirstName","req","Please fill in FirstName"); $validator->addValidation("LastName","req","Please fill in LastName"); $validator->addValidation("UserName","req","Please fill in UserName"); $validator->addValidation("Password","req","Please fill in a Password"); $validator->addValidation("Password2","req","Please re-enter your password"); $validator->addValidation("Password2","eqelmnt=Password","Your passwords do not match!"); $validator->addValidation("email","email","The input for Email should be a valid email value"); $validator->addValidation("email","req","Please fill in Email"); $validator->addValidation("Zip","req","Please fill in your Zip Code"); $validator->addValidation("Security","req","Please fill in your Security Question"); $validator->addValidation("Security2","req","Please fill in your Security Answer"); if($validator->ValidateForm()) { $con = mysql_connect("localhost","beatthis","Jim2Drew!") or die('Could not connect: ' . mysql_error()); mysql_select_db("beatthis_beatthis") or die(mysql_error()); $FirstName=mysql_real_escape_string($_POST['FirstName']); //This value has to be the same as in the HTML form file $LastName=mysql_real_escape_string($_POST['LastName']); //This value has to be the same as in the HTML form file $UserName=mysql_real_escape_string($_POST['UserName']); //This value has to be the same as in the HTML form file $Password= md5($_POST['Password']); //This value has to be the same as in the HTML form file $Password2= md5($_POST['Password2']); //This value has to be the same as in the HTML form file $email=mysql_real_escape_string($_POST['email']); //This value has to be the same as in the HTML form file $Zip=mysql_real_escape_string($_POST['Zip']); //This value has to be the same as in the HTML form file $Birthday=mysql_real_escape_string($_POST['Birthday']); //This value has to be the same as in the HTML form file $Security=mysql_real_escape_string($_POST['Security']); //This value has to be the same as in the HTML form file $Security2=mysql_real_escape_string($_POST['Security2']); //This value has to be the same as in the HTML form file $sql="INSERT INTO Profile (`FirstName`,`LastName`,`Username`,`Password`,`Password2`,`email`,`Zip`,`Birthday`,`Security`,`Security2`) VALUES ('$FirstName','$LastName','$UserName','$Password','$Password2','$email','$Zip','$Birthday','$Security','$Security2')"; //echo $sql; if (!mysql_query($sql,$con)) { die('Error: ' . mysql_error()); } else{ mail('[email protected]','A profile has been submitted!',$FirstName.' has submitted their profile',$body); echo "<h3>Your profile information has been submitted successfully.</h3>"; } mysql_close($con); $show_form=false; } else { echo "<h3 class='ErrorTitle'>Validation Errors:</h3>"; $error_hash = $validator->GetErrors(); foreach($error_hash as $inpname => $inp_err) { echo "<p class='errors'>$inpname : $inp_err</p>\n"; } } } if(true == $show_form) { ?> <form name="test" id="ContactForm" method="POST" accept-charset="UTF-8" action="<?php echo $_SERVER['PHP_SELF'];?>"> <fieldset> <div class='normal_field'><label for="LastName">First Name</label></div> <div class='element_label'> <input type='text' name='FirstName' size='20'> </div> <div class='normal_field'><label for="LastName">Last Name</label></div> <div class='element_label'> <input type='text' name='LastName' size='20'> </div> </fieldset> <fieldset> <div class='normal_field'><label for="UserName">User Name</label></div> <div class='element_label'> <input type='text' name='UserName' size='20'> </div> <div class='normal_field'><label for="Password">Password</label></div> <div class='element_label'> <input type='password' name='Password' size='20'> </div> <div class='normal_field'><label for="Password2">Re-Enter Password</label></div> <div class='element_label'> <input type='password' name='Password2' size='20'> </div> <div class='normal_field'><label for="Email">Email</label></div> <div class='element_label'> <input type='text' name='email' size='20'> </div> </fieldset> <fieldset> <div class='normal_field'><label for="Zip">Zip Code</label></div> <div class='element_label'> <input type='text' name='Zip' size='20'> </div> <div class='normal_field'><label for="Birthday">Birthday(mm/dd/yyyy format)</label></div> <div class='element_label'> <input type='text' name='Birthday' size='20'> </div> <div class='normal_field'><label for="Security">Security Question</label></div> <div class='element_label'> <input type='text' name='Security' size='20'> </div> <div class='normal_field'><label for="Security2">Security Answer</label></div> <div class='element_label'> <input type='text' name='Security2' size='20'> </div> <div class='normal_field'><label for="math">What is <?php echo $human_number1." + ".$human_number2. "?"; ?></label></div> <div class='element_label'> <input type='text' name='math' size='20'> </div> </fieldset> <div id="agree"> <label for="tos"> <input type="checkbox" id="tos" name="tos" value="yes" /> I have read and agree to the <a href="ajax/serviceterms.html" id="terms">Terms of Service</a>. </label> </div> <fieldset> <div id="service-terms" class="box rounded-all"></div> <div class="controls"> <input id="submit" type="submit" name="Submit" value="CREATE PROFILE"/> </div> </fieldset> </form> <?PHP }//true == $show_form ?> I'm not sure if it was a good idea for me to use a session though - I never really use them. Link to comment https://forums.phpfreaks.com/topic/220686-need-to-add-a-form-field-to-determine-if-user-is-human/#findComment-1143050 Share on other sites More sharing options...
webguync Posted December 5, 2010 Author Share Posted December 5, 2010 thanks, I get the error msg. though even if I type in the correct value. How can I debug why this is happening? Link to comment https://forums.phpfreaks.com/topic/220686-need-to-add-a-form-field-to-determine-if-user-is-human/#findComment-1143057 Share on other sites More sharing options...
Zero3X Posted December 5, 2010 Share Posted December 5, 2010 I think I fixed it. Basically $human_answer was being set again when the form was submitted - so if the question was 3 + 7 and you wrote 10 when the form was submitted the question would change to 23 + 12 or something stupid. My bad. ANyway this should fix it. I also replaced the die() functions with echos. <?PHP session_start(); require_once "formvalidator.php"; $show_form=true; if (!isset($_POST['Submit'])) { $human_number1 = rand(1, 12); $human_number2 = rand(1, 38); $human_answer = $human_number1 + $human_number2; $_SESSION['check_answer'] = $human_answer; } if(isset($_POST['Submit'])) { if (!isset($_SESSION['check_answer'])) { echo "<p>Error: Answer session not set</p>"; } if($_POST['math'] != $_SESSION['check_answer']) { echo "<p>You did not pass the human check.</p>"; } $validator = new FormValidator(); $validator->addValidation("FirstName","req","Please fill in FirstName"); $validator->addValidation("LastName","req","Please fill in LastName"); $validator->addValidation("UserName","req","Please fill in UserName"); $validator->addValidation("Password","req","Please fill in a Password"); $validator->addValidation("Password2","req","Please re-enter your password"); $validator->addValidation("Password2","eqelmnt=Password","Your passwords do not match!"); $validator->addValidation("email","email","The input for Email should be a valid email value"); $validator->addValidation("email","req","Please fill in Email"); $validator->addValidation("Zip","req","Please fill in your Zip Code"); $validator->addValidation("Security","req","Please fill in your Security Question"); $validator->addValidation("Security2","req","Please fill in your Security Answer"); if($validator->ValidateForm()) { $con = mysql_connect("localhost","beatthis","Jim2Drew!") or die('Could not connect: ' . mysql_error()); mysql_select_db("beatthis_beatthis") or die(mysql_error()); $FirstName=mysql_real_escape_string($_POST['FirstName']); //This value has to be the same as in the HTML form file $LastName=mysql_real_escape_string($_POST['LastName']); //This value has to be the same as in the HTML form file $UserName=mysql_real_escape_string($_POST['UserName']); //This value has to be the same as in the HTML form file $Password= md5($_POST['Password']); //This value has to be the same as in the HTML form file $Password2= md5($_POST['Password2']); //This value has to be the same as in the HTML form file $email=mysql_real_escape_string($_POST['email']); //This value has to be the same as in the HTML form file $Zip=mysql_real_escape_string($_POST['Zip']); //This value has to be the same as in the HTML form file $Birthday=mysql_real_escape_string($_POST['Birthday']); //This value has to be the same as in the HTML form file $Security=mysql_real_escape_string($_POST['Security']); //This value has to be the same as in the HTML form file $Security2=mysql_real_escape_string($_POST['Security2']); //This value has to be the same as in the HTML form file $sql="INSERT INTO Profile (`FirstName`,`LastName`,`Username`,`Password`,`Password2`,`email`,`Zip`,`Birthday`,`Security`,`Security2`) VALUES ('$FirstName','$LastName','$UserName','$Password','$Password2','$email','$Zip','$Birthday','$Security','$Security2')"; //echo $sql; if (!mysql_query($sql,$con)) { die('Error: ' . mysql_error()); } else{ mail('[email protected]','A profile has been submitted!',$FirstName.' has submitted their profile',$body); echo "<h3>Your profile information has been submitted successfully.</h3>"; } mysql_close($con); $show_form=false; } else { echo "<h3 class='ErrorTitle'>Validation Errors:</h3>"; $error_hash = $validator->GetErrors(); foreach($error_hash as $inpname => $inp_err) { echo "<p class='errors'>$inpname : $inp_err</p>\n"; } } } if(true == $show_form) { ?> <form name="test" id="ContactForm" method="POST" accept-charset="UTF-8" action="<?php echo $_SERVER['PHP_SELF'];?>"> <fieldset> <div class='normal_field'><label for="LastName">First Name</label></div> <div class='element_label'> <input type='text' name='FirstName' size='20'> </div> <div class='normal_field'><label for="LastName">Last Name</label></div> <div class='element_label'> <input type='text' name='LastName' size='20'> </div> </fieldset> <fieldset> <div class='normal_field'><label for="UserName">User Name</label></div> <div class='element_label'> <input type='text' name='UserName' size='20'> </div> <div class='normal_field'><label for="Password">Password</label></div> <div class='element_label'> <input type='password' name='Password' size='20'> </div> <div class='normal_field'><label for="Password2">Re-Enter Password</label></div> <div class='element_label'> <input type='password' name='Password2' size='20'> </div> <div class='normal_field'><label for="Email">Email</label></div> <div class='element_label'> <input type='text' name='email' size='20'> </div> </fieldset> <fieldset> <div class='normal_field'><label for="Zip">Zip Code</label></div> <div class='element_label'> <input type='text' name='Zip' size='20'> </div> <div class='normal_field'><label for="Birthday">Birthday(mm/dd/yyyy format)</label></div> <div class='element_label'> <input type='text' name='Birthday' size='20'> </div> <div class='normal_field'><label for="Security">Security Question</label></div> <div class='element_label'> <input type='text' name='Security' size='20'> </div> <div class='normal_field'><label for="Security2">Security Answer</label></div> <div class='element_label'> <input type='text' name='Security2' size='20'> </div> <div class='normal_field'><label for="math">What is <?php echo $human_number1." + ".$human_number2. "?"; ?></label></div> <div class='element_label'> <input type='text' name='math' size='20'> </div> </fieldset> <div id="agree"> <label for="tos"> <input type="checkbox" id="tos" name="tos" value="yes" /> I have read and agree to the <a href="ajax/serviceterms.html" id="terms">Terms of Service</a>. </label> </div> <fieldset> <div id="service-terms" class="box rounded-all"></div> <div class="controls"> <input id="submit" type="submit" name="Submit" value="CREATE PROFILE"/> </div> </fieldset> </form> <?PHP }//true == $show_form ?> Link to comment https://forums.phpfreaks.com/topic/220686-need-to-add-a-form-field-to-determine-if-user-is-human/#findComment-1143077 Share on other sites More sharing options...
webguync Posted December 5, 2010 Author Share Posted December 5, 2010 thanks, still a problem though. The form submits even if the value is wrong in the math field. Link to comment https://forums.phpfreaks.com/topic/220686-need-to-add-a-form-field-to-determine-if-user-is-human/#findComment-1143085 Share on other sites More sharing options...
Zero3X Posted December 5, 2010 Share Posted December 5, 2010 Ah! Sorry, I'm quite tired. Add exit(); after echo "<p>You did not pass the human check.</p>"; Link to comment https://forums.phpfreaks.com/topic/220686-need-to-add-a-form-field-to-determine-if-user-is-human/#findComment-1143088 Share on other sites More sharing options...
webguync Posted December 5, 2010 Author Share Posted December 5, 2010 thanks. Seems to work now. One other thing I need help with in regards to this. Is there a way to display the form if there is an error with the human check? Right now the error displays, but no form. Link to comment https://forums.phpfreaks.com/topic/220686-need-to-add-a-form-field-to-determine-if-user-is-human/#findComment-1143094 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.