Wavetek Posted June 13, 2013 Share Posted June 13, 2013 (edited) Hi guys, I have an email form on a website that sends the form data to an external php file (contact-form-handler.php) I have recently tried to add a captcha however I have been unsuccessful in getting the external php file to check if the captcha code was entered correctly.. At the moment it says that it is incorrect even when I enter the correct code. The website is ******** The form code: <form method="POST" name="contact_form" action="/templates/onlinespark/contact-form-handler.php"> <label for='name'>Name: </label> <input type="text" name="name" value='<?php echo htmlentities($name) ?>'> <label for='email'>Email: </label> <input type="text" name="email" value='<?php echo htmlentities($visitor_email) ?>'> <label for='phone'>Phone: </label> <input type="text" name="phone" value='<?php echo htmlentities($phone) ?>'> <label for='message'>Message:</label> <textarea name="message" rows=8 cols=30><?php echo htmlentities($user_message) ?></textarea> <label><img src="/templates/onlinespark/captcha.php"></label> <?php $salt = 'some-random-text'; ?> <input type="text" name="code" /> <input type="hidden" name="code_key" value="<?php echo sha1('Text in the image' . $salt); ?>" /> <input type="submit" value="Submit" name='submit' class="quoteButton"> </form> The external php file: <?php if (isset($_POST['submit'])) { $error = ""; if (!empty($_POST['name'])) { $name = $_POST['name']; } else { $error .= "You didn't type in your name. <br />"; } if (!empty($_POST['phone'])) { $name = $_POST['phone']; } else { $error .= "You didn't enter your phone. <br />"; } if (!empty($_POST['email'])) { $email = $_POST['email']; if (!preg_match("/^[a-z0-9]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$/i", $email)){ $error .= "The e-mail address you entered is not valid. <br/>"; } } else { $error .= "You didn't type in an e-mail address. <br />"; } if (!empty($_POST['message'])) { $message = $_POST['message']; } else { $error .= "You didn't type in a message. <br />"; } $salt = 'some-random-text'; // same salt string as in the original file if ($_POST['code_key'] == sha1($_POST['code'] . $salt)) { // captcha is correct } else { $error .= "The captcha code you entered does not match. Please try again. <br />"; } if (empty($error)) { $from = 'From: ' . $name . ' <' . $email . '>'; $to = "mail@mail.com.au"; $subject = "New contact form message"; $content = $name . " has sent you a message: \n" . $message; $success = "<h3>Thank you! Your message has been sent!</h3>"; mail($to,$subject,$content,$from); } } ?> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html> <head> <title>ERROR - Please fill in all fields!</title> </head> <body> <!-- This page is displayed only if there is some error --> <h1>ERROR - Please go back and fill in all fields!</h1> <?php if (!empty($error)) { echo '<p class="error"><strong>Your message was NOT sent<br/> The following error(s) returned:</strong><br/>' . $error . '</p>'; } elseif (!empty($success)) { echo $success; } ?> </body> </html> Edited June 19, 2013 by gizmola Quote Link to comment https://forums.phpfreaks.com/topic/279103-how-do-i-verify-the-catpcha/ Share on other sites More sharing options...
gizmola Posted June 13, 2013 Share Posted June 13, 2013 I don't see where the form synchronizes with the captcha image. You have this code: <?php echo sha1('Text in the image' . $salt); ?> I would expect to see something like: <?php echo sha1($captchaText . $salt); ?> It's really not clear what syncs the image produced by /templates/onlinespark/captcha.php with the plaintext version of that image in your script, which is something you would need for this to scheme to work. Quote Link to comment https://forums.phpfreaks.com/topic/279103-how-do-i-verify-the-catpcha/#findComment-1435676 Share on other sites More sharing options...
Wavetek Posted June 13, 2013 Author Share Posted June 13, 2013 Ah yes, to be quite honest I'm really not sure how to do that. I origonally had areyouahuman.com installed on the page, however the client did not want it and wanted a captcha instead, so I'm trying to get this captcha to work as it's small and doesn't ruin the design. PHP is certianly not my strong point, is there any chance you could help me out? Cheers! Quote Link to comment https://forums.phpfreaks.com/topic/279103-how-do-i-verify-the-catpcha/#findComment-1435684 Share on other sites More sharing options...
gizmola Posted June 13, 2013 Share Posted June 13, 2013 I can't really help you if I don't know what library or component you are using to generate the captcha image. Quote Link to comment https://forums.phpfreaks.com/topic/279103-how-do-i-verify-the-catpcha/#findComment-1435687 Share on other sites More sharing options...
Wavetek Posted June 13, 2013 Author Share Posted June 13, 2013 Oh, sorry here is the code for the captcha.php file which generates the image: <?php session_start(); // start a session $image = imagecreate(50, 20); //create blank image (width, height) $bgcolor = imagecolorallocate($image, 0, 0, 0); //add background color with RGB. $textcolor = imagecolorallocate($image, 255, 255, 255); //add text/code color with RGB. $code = rand(1000, 9999); //create a random number between 1000 and 9999 $_SESSION['code'] = ($code); //add the random number to session 'code' imagestring($image, 10, 8, 3, $code, $textcolor); //create image with all the settings above. header ("Content-type: image/png"); // define image type imagepng($image); //display image as PNG ?> Thanks! Quote Link to comment https://forums.phpfreaks.com/topic/279103-how-do-i-verify-the-catpcha/#findComment-1435689 Share on other sites More sharing options...
Wavetek Posted June 14, 2013 Author Share Posted June 14, 2013 Sorry for the bump, but I really need to get this fixed. Quote Link to comment https://forums.phpfreaks.com/topic/279103-how-do-i-verify-the-catpcha/#findComment-1435879 Share on other sites More sharing options...
kicken Posted June 14, 2013 Share Posted June 14, 2013 You need to change the way your code is generated. For PHP file containing the form should generate the code, then have the image generation script read the code. Eg: <?php //... $_SESSION['code'] = mt_rand(1000, 9999); ?> <img src="captcha.php"> //... imagestring($image, 10, 8, 3, $_SESSION['code'], $textcolor); //create image with all the settings above. header ("Content-type: image/png"); // define image type Then to verify, compare what they enter with $_SESSION['code'] and see if they match. Quote Link to comment https://forums.phpfreaks.com/topic/279103-how-do-i-verify-the-catpcha/#findComment-1435882 Share on other sites More sharing options...
Wavetek Posted June 14, 2013 Author Share Posted June 14, 2013 Hmm that didn't work, it just made the text dissapear from the captcha, I'm willing to pay someone to help me out with this. Cheers Quote Link to comment https://forums.phpfreaks.com/topic/279103-how-do-i-verify-the-catpcha/#findComment-1435886 Share on other sites More sharing options...
Wavetek Posted June 16, 2013 Author Share Posted June 16, 2013 bump Quote Link to comment https://forums.phpfreaks.com/topic/279103-how-do-i-verify-the-catpcha/#findComment-1436237 Share on other sites More sharing options...
mac_gyver Posted June 16, 2013 Share Posted June 16, 2013 if your captcha.php image code was working and saved the $code value to the $_SESSION['code'] variable, all you need to do is check in your form processing logic if the submitted value the user entered in the form is not empty and that it is not exactly equal to the value in the $_SESSION['code'] variable, all the code you have leftover that is passing the "code_key" as a hidden field (which was insecure anyway) and testing that value with the submitted code from the user would go away, unless you are trying to confuse bot scripts by tricking them to submit that hidden field's value. Quote Link to comment https://forums.phpfreaks.com/topic/279103-how-do-i-verify-the-catpcha/#findComment-1436251 Share on other sites More sharing options...
Wavetek Posted June 17, 2013 Author Share Posted June 17, 2013 Any chance you could help me out with some code to make it work? Quote Link to comment https://forums.phpfreaks.com/topic/279103-how-do-i-verify-the-catpcha/#findComment-1436302 Share on other sites More sharing options...
mac_gyver Posted June 17, 2013 Share Posted June 17, 2013 not very likely. you are producing a value, passing that value through a session variable, and comparing that value with another value that was submitted from a form. make an attempt at performing those steps. the first two steps are already in your code and wherever you found the captcha.php image code probably contained examples of the rest of what is needed. Quote Link to comment https://forums.phpfreaks.com/topic/279103-how-do-i-verify-the-catpcha/#findComment-1436303 Share on other sites More sharing options...
Wavetek Posted June 17, 2013 Author Share Posted June 17, 2013 This is the tutorial I got the code from:http://devingredients.com/2011/03/building-a-php-contact-form-with-captcha-from-scratch/It seems nothing is different from my code other than they are using a self executing script, for some reason my server wont allow this so I need to do it with an external php file to send the email. Any ideas? Quote Link to comment https://forums.phpfreaks.com/topic/279103-how-do-i-verify-the-catpcha/#findComment-1436307 Share on other sites More sharing options...
Wavetek Posted June 17, 2013 Author Share Posted June 17, 2013 (edited) I got it working! All I had to do was add: session_start(); to the external PHP file. Thanks for the help guys. Could a moderator please remove the URL from the first post? Cheers! Edited June 17, 2013 by Wavetek Quote Link to comment https://forums.phpfreaks.com/topic/279103-how-do-i-verify-the-catpcha/#findComment-1436330 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.