Jump to content

Please help with reCaptcha data insertion

VinceGledhill

By VinceGledhill
in PHP Coding Help

 Share

Recommended Posts

VinceGledhill Member

VinceGledhill

Posted
Posted

Hi People.

 

Thank you for everyone who has helped me with my project so far.

 

For security purposes I would like to add the reCapture from google to my form.  Please see below my working (except the password obviously) code.  I would like to insert the code from this reCaptcha page http://code.google.com/apis/recaptcha/docs/php.html but I'm not sure exactly where it should go and how it should be configured.  Please could someone give me some advice.

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<title>Untitled Document</title>
</head>

<body>

<?php

$host = 'localhost';
$usr = "VinnyG";
$password = 'thepassword';
$db_name = 'sitename';

$username = $_POST['username'];
$height_above = $_POST['height_above'];
$mb_diff = $_POST['mb_diff'];
$alternative = $_POST['alternative']; 
$ppr = $_POST['ppr'];
$general_location = $_POST['general_location'];
$location_grid = $_POST['location_grid'];
$runway_numbers = $_POST['runway_numbers'];
$circuit_direction = $_POST['circuit_direction'];
$circuit_height = $_POST['circuit_height'];
$runway_length = $_POST['runway_length'];
$surface = $_POST['surface'];
$food = $_POST['food'];
$radio_frequency = $_POST['radio_frequency'];
$radio_callsign = $_POST['radio_callsign'];
$radio_type = $_POST['radio_type'];
$other_radio = $_POST['other_radio'];
$fuel = $_POST['fuel'];
$landing_fee = $_POST['landing_fee'];
$operating_hours = $_POST['operating_hours'];
$maintenance = $_POST['maintenance'];
$hangarage = $_POST['hangarage'];
$parking = $_POST['parking'];
$accommodation = $_POST['accommodation'];
$school = $_POST['school'];
$remarks = $_POST['remarks'];
$warnings = $_POST['warnings'];
$weblinks = $_POST['weblinks'];
$operator = $_POST['operator'];
$google_image = $_POST['google_image'];

$errorstring = ""; // default value of errorstring

if(isset($_POST['submit'])) {
// Validate all the code inputs



if ($username =="")
$errorstring = $errorstring. "Airfield Name<br>";
if ($height_above =="")
$errorstring = $errorstring. "Height Above Mean Sea Level<br>";
if ($mb_diff =="")
$errorstring = $errorstring. "mb Difference<br>";
if	($alternative =="")
$errorstring = $errorstring. "Alternative Airfield<br>";
if ($general_location =="")
$errorstring = $errorstring. "General Location<br>";
if ($location_grid =="")
$errorstring = $errorstring. "Grid Reference<br>";
if ($runway_numbers =="")
$errorstring = $errorstring. "Runway Numbers<br>";
if ($circuit_direction =="")
$errorstring = $errorstring. "Circuit Direction<br>";
if ($circuit_height =="")
$errorstring = $errorstring. "Circuit Height<br>";
if ($runway_length =="")
$errorstring = $errorstring. "Runway Length<br>";
if ($radio_frequency =="")
$errorstring = $errorstring. "Radio Frequency<br>";
if ($radio_callsign =="")
$errorstring = $errorstring. "Radio Callsign<br>";
if ($other_radio =="")
$errorstring = $errorstring. "Other Radio<br>";
if ($landing_fee =="")
$errorstring = $errorstring. "Landing Fee<br>";
if ($remarks =="")
$errorstring = $errorstring. "Remarks<br>";
if ($warnings =="")
$errorstring = $errorstring. "Warnings<br>";
if ($weblinks =="")
$errorstring = $errorstring. "Web Links<br>";
if ($operator =="")
$errorstring = $errorstring. "Operator<br>";
if ($google_image =="")
$errorstring = $errorstring. "Google Image<br>";

// does the errorstring = "nothing"?
if ($errorstring !="")
echo "You have not put anything in the following fields: <br><br> $errorstring";
//echo "If you have nothing to put in the box please type the word \"None\" or \"N\/A\"";
//die ("Please try again, ensuring that you fill out all the fields!");
else 
{
//echo "Your data has been saved";
//connect to database
mysql_connect ("$host","$usr","$password") or die ('Error During Connect:<br>'.mysql_error());
mysql_select_db ("$db_name") or die ('Error Selecting DB:<br>'.mysql_error());

$insert_query = "INSERT INTO users (username, height_above, mb_diff, alternative, ppr, general_location, location_grid, runway_numbers, circuit_direction, circuit_height, runway_length, surface, food, radio_frequency, radio_callsign, radio_type, other_radio, fuel, landing_fee, operating_hours, maintenance, hangarage, parking, accommodation, school, remarks, warnings, weblinks, operator, google_image) VALUES ('$username', '$height_above', '$mb_diff', '$alternative', '$ppr', '$general_location', '$location_grid', '$runway_numbers', '$circuit_direction', '$circuit_height', '$runway_length', '$surface', '$food', '$radio_frequency', '$radio_callsign', '$radio_type', '$other_radio', '$fuel', '$landing_fee', '$operating_hours', '$maintenance', '$hangarage', '$parking', '$accommodation' , '$school', '$remarks', '$warnings', '$weblinks', '$operator', '$google_image')";
$insert_action = mysql_query($insert_query) or die ('Error During Insert :<br>'.mysql_error().'<br><br>Error occured running the following code :<br>'.$insert_query);

$id = mysql_insert_id();

echo "Thank you, Your airfield has been submitted.";
include "resultcard.php";

// Output what the form looks like

// End of how the form looks 

}
}

if(!isset($_POST['submit']) || (isset($_POST['submit']) && !empty($errorstring)))
{
?>

<form name = "form1" method ="post" action="">
<table width="700" border="0" cellspacing="5" cellpadding="5" bgcolor = "#c9e1d0">
  <caption>
    Submit Your Airfield Details
  </caption>
  <tr>
    <td width = "50"> </td>
    <td width = "240"> </td>
    <td width = "250"> </td>
    <td width = "160"><b>Example Input</b></td>
  </tr>
  
  <tr>
    <td> </td>
    <td>Airfield Name</td>
    <td><input type='text' name='username' size = '40' maxlength='30' value = '<?php echo $username; ?>'></td>
    <td>Ince Blundell</td>
  </tr>
  <tr>
    <td> </td>
    <td>Height Above MSL</td>
    <td><input type='text' name='height_above' size = '40' maxlength= '30'value = '<?php echo $height_above; ?>'></td>
    <td>65 Ft</td>
  </tr>
  <tr>
    <td> </td>
    <td>Mb Difference</td>
    <td><input type='text' name='mb_diff' size = '40' maxlength='40'value = '<?php echo $mb_diff; ?>'></td>
    <td>2 Mb</td>
  </tr>
  <tr>
    <td> </td>
    <td>Alternative Airfield</td>
    <td><input type='text' name='alternative'  size = '40' maxlength='30' value = '<?php echo $alternative; ?>'></td>
    <td>Sherburn</td>
  </tr>
  <tr>
    <td> </td>
    <td>PPR?</td>
    <td>
    
    <select name = "ppr">
     <option value = "Yes" <?php if ($_POST['ppr'] == 'Yes') { echo 'selected="selected"'; } ?>>Yes</option>
     <option value="No" <?php if ($_POST['ppr'] == 'No') { echo 'selected="selected"'; } ?>>No</option>
</select>
  
    </td>
    <td>Yes</td>
  </tr>
  <tr>
    <td> </td>
    <td>General Location</td>
    <td><input type='text' name='general_location' size = '40' maxlength='50' value = '<?php echo $general_location; ?>' /></td>
    <td>3 Nm North Luton</td>
  </tr>
  <tr>
    <td> </td>
    <td>Location Grid Reference</td>
    <td><textarea name= "location_grid" input type = 'text' rows = "2" cols = "29" /><?php echo $location_grid; ?></textarea></td>
    <td> 53°57'7.68"N<br />
1°10'30.33"W</td>
  </tr>
  <tr>
    <td> </td>
    <td>Runway Numbers</td>
    <td><textarea name= "runway_numbers" input type = 'text' rows = "5" cols = "29"  /><?php echo $runway_numbers; ?></textarea></td>
    <td><p>This format please<br />
      05-23<br />
        18-36<br />
        14-22
      </p></td>
  </tr>
  <tr>
    <td> </td>
    <td>Circuit Direction</td>
    <td><textarea name= "circuit_direction" input type = "text" rows = "5" cols = "29" /><?php echo $circuit_direction; ?></textarea></td>
    <td><p>05-LH<br />
      23-RH<br />
      14-LH 
    </p></td>
  </tr>
  <tr>
    <td> </td>
    <td>Circuit Height</td>
    <td><input type='text' name='circuit_height' size = '40' maxlength='50' value = '<?php echo $circuit_height; ?>' /></td>
    <td>1000 Ft</td>
  </tr>
  <tr>
    <td> </td>
    <td>Runway Length</td>
    <td><input type='text' name='runway_length' size = '40'maxlength='50' value = '<?php echo $runway_length; ?>' /></td>
    <td>500m</td>
  </tr>
  <tr>
    <td> </td>
    <td>Runway Surface</td>
    <td>
     <select name = "surface">
     <option value = "Grass" <?php if ($_POST['surface'] == 'Grass') { echo 'selected="selected"'; } ?>>Grass</option>
     <option value = "Tarmac" <?php if ($_POST['surface'] == 'Tarmac') { echo 'selected="selected"'; } ?>>Tarmac</option>
     <option value = "Concrete" <?php if ($_POST['surface'] == 'Concrete') { echo 'selected="selected"'; } ?>>Concrete</option>
     <option value = "Dirt" <?php if ($_POST['surface'] == 'Dirt') { echo 'selected="selected"'; } ?>>Dirt</option>
</select>
   <!-- <select name = "surface">
    <option value = "Grass">Grass</option>
    <option value="Tarmac">Tarmac</option>
    <option value ="Concrete">Concrete</option>
    <option value = "Dirt">Dirt</option>
    </select> -->
    </td>
    <td> </td>
  </tr>
  <tr>
    <td> </td>
    <td>Food?</td>
    <td>
    
     <select name = "food">
     <option value = "Cafe" <?php if ($_POST['food'] == 'Cafe') { echo 'selected="selected"'; } ?>>Cafe</option>
     <option value = "None" <?php if ($_POST['food'] == 'None') { echo 'selected="selected"'; } ?>>None</option>
     <option value = "Tea and Coffee" <?php if ($_POST['food'] == 'Tea and Coffee') { echo 'selected="selected"'; } ?>>Tea and Coffee</option>
     <option value = "Make Your Own" <?php if ($_POST['food'] == 'Make Your Own') { echo 'selected="selected"'; } ?>>Make Your Own</option>
</select>
    
  <!--  <select name = "food">
      <option value = "Cafe">Cafe</option>
      <option value="None">None</option>
      <option value ="Tea and Coffee">Tea and Coffee</option>
      <option value = "Make Your Own">Make Your Own</option>
    </select> -->
    
    </td>
    <td> </td>
  </tr>
  <tr>
    <td> </td>
    <td>Radio Frequency</td>
    <td><input type='text' name='radio_frequency' size = '40'maxlength='50' value = '<?php echo $radio_frequency; ?>' /></td>
    <td>135.475</td>
  </tr>
  <tr>
    <td> </td>
    <td>Radio Callsign</td>
    <td><input type='text' name='radio_callsign' size = '40'maxlength='50' value = '<?php echo $radio_callsign; ?>' /></td>
    <td>Rufforth Traffic</td>
  </tr>
  <tr>
    <td> </td>
    <td>Radio Type</td>
    <td>
    <select name = "radio_type">
     <option value = "Safety Com" <?php if ($_POST['radio_type'] == 'Safety Com') { echo 'selected="selected"'; } ?>>Safety Com</option>
     <option value = "Air Ground" <?php if ($_POST['radio_type'] == 'Air Ground') { echo 'selected="selected"'; } ?>>Air Ground</option>
     <option value = "Approach" <?php if ($_POST['radio_type'] == 'Approach') { echo 'selected="selected"'; } ?>>Approach</option>
     <option value = "Tower" <?php if ($_POST['radio_type'] == 'Tower') { echo 'selected="selected"'; } ?>>Tower</option>
</select>
    
    
   <!-- 
    <select name = "radio_type">
      <option value = "Sefety Com">Safety Com</option>
      <option value="Air Ground">Air Ground</option>
      <option value ="Approach">Approach</option>
      <option value = "Tower">Tower</option>
    </select> -->
    
    </td>
    <td> </td>
  </tr>
  <tr>
    <td> </td>
    <td>Other Radio</td>
    <td><input type='text' name='other_radio' size = '40' maxlength='50' value = '<?php echo $other_radio; ?>' /></td>
    <td>E.G. if close to MATZ etc</td>
  </tr>
  <tr>
    <td> </td>
    <td>Fuel</td>
    <td>
    <select name = "fuel">
     <option value = "AvGas" <?php if ($_POST['fuel'] == 'AvGas') { echo 'selected="selected"'; } ?>>AvGas</option>
     <option value = "MoGas" <?php if ($_POST['fuel'] == 'MoGas') { echo 'selected="selected"'; } ?>>MoGas</option>
     <option value = "AvGas and MoGas" <?php if ($_POST['fuel'] == 'AvGas and MoGas') { echo 'selected="selected"'; } ?>>AvGas and MoGas</option>
     <option value = "We will sort you some" <?php if ($_POST['fuel'] == 'We will sort you some') { echo 'selected="selected"'; } ?>>We will sort you some</option>
     <option value = "None" <?php if ($_POST['fuel'] == 'None') { echo 'selected="selected"'; } ?>>None</option>
</select>
    
   <!-- <select name = "fuel">
      <option value = "AvGas">AvGas</option>
      <option value="MoGas">MoGas</option>
      <option value ="AvGas and MoGas">AvGas and MoGas</option>
      <option value = "We will sort you some">We will sort you some</option>
       <option value = "None">None</option>
    </select> -->
    </td>
    <td> </td>
  </tr>
  <tr>
    <td> </td>
    <td>Landing Fee</td>
    <td><input type='text' name='landing_fee' size = '40' maxlength='50' value = '<?php echo $landing_fee; ?>' /></td>
    <td>£ or Nill </td>
  </tr>
  <tr>
    <td> </td>
    <td>Operating Hours</td>
    <td>
    <select name = "operating_hours">
     <option value = "SR - SS" <?php if ($_POST['operating_hours'] == 'SR - SS') { echo 'selected="selected"'; } ?>>SR - SS</option>
     <option value="Other - See Remarks" <?php if ($_POST['operating_hours'] == 'Other - See Remarks') { echo 'selected="selected"'; } ?>>Other - See Remarks</option>
</select>
    
  <!--  <select name = "operating_hours">
      <option value = "SR - SS">Sunrise - Sunset</option>
      <option value="See Remarks">Other - See Remarks</option>
    </select> -->
    
    </td>
    <td> </td>
  </tr>
  <tr>
    <td> </td>
    <td>Maintenance?</td>
    <td>
      <select name = "maintenance">
     <option value = "Yes" <?php if ($_POST['maintenance'] == 'Yes') { echo 'selected="selected"'; } ?>>Yes</option>
     <option value="No" <?php if ($_POST['maintenance'] == 'No') { echo 'selected="selected"'; } ?>>No</option>
</select>
   <!-- <select name = "maintenance">
      <option value = "Yes">Yes </option>
      <option value="No">No </option>
    </select> -->
    
    </td>
    <td> </td>
  </tr>
  <tr>
    <td> </td>
    <td>Hangarage?</td>
    <td>
    <select name = "hangarage">
     <option value = "Yes" <?php if ($_POST['hangarage'] == 'Yes') { echo 'selected="selected"'; } ?>>Yes</option>
     <option value="No" <?php if ($_POST['hangarage'] == 'No') { echo 'selected="selected"'; } ?>>No</option>
</select>
    
   <!-- <select name = "hangarage">
      <option value = "Yes">Yes </option>
      <option value="No">No </option>
    </select> -->
    
    </td>
    <td> </td>
  </tr>
  <tr>
    <td> </td>
    <td>Parking?</td>
    <td>
    <select name = "parking">
     <option value = "Yes" <?php if ($_POST['parking'] == 'Yes') { echo 'selected="selected"'; } ?>>Yes</option>
     <option value="No" <?php if ($_POST['parking'] == 'No') { echo 'selected="selected"'; } ?>>No</option>
</select>
<!--   <select name = "parking">
      <option value = "Yes">Yes </option>
      <option value="No">No </option>
    </select> -->
    
    </td>
    <td> </td>
  </tr>
  <tr>
    <td> </td>
    <td>Accommodation?</td>
    <td>
    <select name = "accommodation">
     <option value = "Yes" <?php if ($_POST['accommodation'] == 'Yes') { echo 'selected="selected"'; } ?>>Yes</option>
     <option value="No" <?php if ($_POST['accommodation'] == 'No') { echo 'selected="selected"'; } ?>>No</option>
</select>
<!--   <select name = "accommodation">
      <option value = "Yes">Yes </option>
      <option value="No">No </option>
    </select> -->
    
    </td>
    <td> </td>
  </tr>
  <tr>
    <td> </td>
    <td>School?</td>
    <td>
    <select name = "school">
     <option value = "Flexwing" <?php if ($_POST['school'] == 'Flexwing') { echo 'selected="selected"'; } ?>>Flexwing</option>
     <option value="3 Axis" <?php if ($_POST['school'] == '3 Axis') { echo 'selected="selected"'; } ?>>3 Axis</option>
     <option value = "All Microlight" <?php if ($_POST['school'] == 'All Microlight') { echo 'selected="selected"'; } ?>>All Microlight</option>
     <option value="GA" <?php if ($_POST['school'] == 'GA') { echo 'selected="selected"'; } ?>>GA</option>
     <option value="Gyro" <?php if ($_POST['school'] == 'Gyro') { echo 'selected="selected"'; } ?>>Gyro</option>
     <option value="Microlight and Gyro" <?php if ($_POST['school'] == 'Microlight and Gyro') { echo 'selected="selected"'; } ?>>Microlight and Gyro</option>
<option value="Other See Comments" <?php if ($_POST['school'] == 'Other See Comments') { echo 'selected="selected"'; } ?>>Other See Comments</option>
</select>
    <!--<select name = "school">
      <option value = "Flexwing">Flexwing </option>
      <option value="3 Axis">3 Axis</option>
      <option value="All Microlight">All Mircolight</option>
      <option value="GA">GA</option>
      <option value="Gyro">Gyro</option>
      <option value="Other See Remarks">Other, See Remarks</option>
    </select> -->
    
    </td>
    <td> </td>
  </tr>
  <tr>
    <td> </td>
    <td>Remarks:</td>
    <td><textarea name= "remarks" input type = 'text' rows = "5" cols = "29" /><?php echo $remarks; ?></textarea></td>
    <td>As much info as possible 500 characters max</td>
  </tr>
  <tr>
    <td> </td>
    <td>Warnings:</td>
    <td><textarea name= "warnings" input="input" type = 'text' rows = "5" cols = "29" /><?php echo $warnings; ?></textarea></td>
    <td>As much info as possible 500 characters max</td>
  </tr>
  <tr>
    <td> </td>
    <td>Web Links</td>
    <td><textarea name= "weblinks" input="input" type = 'text' rows = "3" cols = "29" /><?php echo $weblinks; ?></textarea></td>
    <td>Link to airfield website</td>
  </tr>
  <tr>
    <td> </td>
    <td>Operator Details</td>
    <td><textarea name= "operator" input="input" type = 'text' rows = "3" cols = "29" /><?php echo $operator; ?></textarea></td>
    <td>As much info as possible</td>
  </tr>
  <tr>
    <td> </td>
    <td>Google Iframe Image</td>
    <td><textarea name= "google_image" input="input" type = 'text' rows = "5" cols = "29" /><?php echo $google_image; ?></textarea></td>
    <td>700 x 700 pixels please. <a href="http://www.youtube.com/watch?v=gVRWhLEvt-I" target = "_blank">Watch Video here for How to Get the Image from Google</a></td>
  </tr>
  <tr>
    <td> </td>
    <td> </td>
    <td> </td>
    <td> </td>
  </tr>
  <tr>
    <td> </td>
    <td><input type='submit' name='submit' value='Submit Airfield' /></td>
    <td> </td>
    <td> </td>
  </tr>
</table>
</form>


</body>
</html>
<?php } ?>

 

Code from the reCaptcha pages

 <html>
    <body> <!-- the body tag is required or the CAPTCHA may not show on some browsers -->
      <!-- your HTML content -->

      <form method="post" action="verify.php">
        <?php
          require_once('recaptchalib.php');
          $publickey = "your_public_key"; // you got this from the signup page
          echo recaptcha_get_html($publickey);
        ?>
        <input type="submit" />
      </form>

      <!-- more of your HTML content -->
    </body>
  </html>

You would probably be better taking a look at the link above for the full instructions.

 

Link to comment
Share on other sites
vicodin Member

vicodin

Posted
Posted

Vinny first and foremost you need to put in some validation into that script. Please google PHP sql injection security and PHP XSS security and PHP input validation. Right now as your script stands I could take over your server,get every single bit of information out of your MySQL server, write what ever I wanted to your SQL server and redirect all your site visitors to any website of my choosing. Once you get that taken care of if you read that whole page from google its very detailed in what you need to do. Just as a hint you will want to put this part of the code right before you input all the info into MYSQL

 


if (!$resp->is_valid) {
    // What happens when the CAPTCHA was entered incorrectly
    die ("The reCAPTCHA wasn't entered correctly. Go back and try it again." .
         "(reCAPTCHA said: " . $resp->error . ")");
  } else {


// This is where your would input everything into MYSQL
}

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.