please help me, need help with captcha

[afallingpanda]

hey guys, so i have a contact form which is validated with a captcha system i have made, here is the code:

<?php
// code for captcha
session_start();
// this is starting the session made in generate.php and making it so the numbers generated are between
// 1000-9999
// we do a if statement so that it links to the submit button and if entered incorrectly it outputs
// and refreshes the image to a new one.
if (!isset($_POST['secure']) ){
$_SESSION['secure']=rand(1000,9999);
}else{
	if ($_SESSION['secure'] == $_POST['secure']){
	}else{
		echo"incorrect captcha code";
		$_SESSION['secure']=rand(1000,9999);
	}
}

?>
		<div class="contactform">	
		<h1 class="buslistheader">Send an e-mail</h1>
		<form id="form1" name="form1" method="post" action="contact_us.php">
			<table class="center" cellspacing=0 cellpadding=0>
			<tr>
			<td class="inputlabel"><label for="Name" >* Name:</label></td></tr>
			<tr><td><input class="inputbox" type="text" name="name" id="Name" maxlength="30" required></td>
			</tr>
			<tr>
			<td class="inputlabel"><label for="companyName">Company Name:</label></td><tr>
			<tr><td><input class="inputbox" type="text" name="companyname" id="companyName" maxlength="30"></td>
			</tr>
			<tr>
			<td class="inputlabel"><label for="email">* Email:</label></td></tr>
			<tr><td><input class="inputbox" type="text" name="email" id="email" maxlength="50" required></td>	
			</tr>
			<tr>
			<td class="inputlabel"><label for="subject"> Subject:</label></td></tr>
			<tr><td><input class="inputbox" type="text" name="subject" id="subject" maxlength="40" required></td>
			</tr>
			<tr>
			<td class="inputlabel"><label for="message">* Message:</label></td></tr>
			<tr><td><textarea class="inputarea" name="message" id="message" maxlength="2000" required></textarea></td>
			</tr>
			<tr>
			<td><img src="generate.php" class="captchabox" /></td>
			</tr>
			<tr>
			<td><input class="inputbox" type="text" name="secure" style="border-top:2px solid #54792D;"></td>
			</tr>
			<tr>
			<td><input class="submitbutton" type="submit" value="Send An Email"></td>
			</tr>
			</table>
		</form>
	</div>

now when i enter the correct captcha, all goes well, and when i enter the wrong captcha, again all goes well as it outputs a message saying the captcha code is wrong. this is because the form action is set to the current page. but when i put the actualy redirect action to "sent.php", no matter if i put the correct/wrong captcha code, it still redirects me to the page "sent.php" . how  do i make it so it only redirects to that page IF the captcha code is correct.

 

thanks alot.

[cyberRobot]

The form action could be set to the same page. Then in the if test where the CAPTCHA is correct, you could use a header redirect to send valid submissions to sent.php. More information about the header redirect can be found here:

http://php.net/manual/en/function.header.php

[afallingpanda]

okay thanks, ive done this now and it redirects to two different pages depending on the correct/wrong captcha entered. but heres one question.

lets say i enter wrong captcha, click submit and get taken to a page which just outputs a line saying "wrong captcha" . will the email still be sent? or somehow it will be stopped (i dont think so) if it isnt stopped, how would i do it? here is all my code:

<?php
	// here we put in an if statement to check against missing variables (empty values)
		if (isset($_POST['name']) && isset($_POST['email']) && isset($_POST['subject']) && isset($_POST['message'])){
			
			$name=$_POST['name'];
			$companyname=$_POST['companyname'];
			$email=$_POST['email'];
			$subject=$_POST['subject'];
			$message=$_POST['message'];

			// here we are checking to see if that value anything and not just black.

			if (!empty($name) && !empty($email) && !empty($subject) && !empty($message) ){
				
				// this is doing a check for max length, its doing it in php just in case the user
				// cheats and bypasses the html check.
			if (strlen($name>30) || strlen($companyname>30) || strlen($email>50) || strlen($subject>40) || strlen($message>2000)){
				echo"sorry, that max length for a field has been exceeded.";
			}

			$to='kay@packingtonestate.co.uk';
			$emailsubject=$subject;
			$body=$name."\n".$companyname."\n".$message;
			$headers= 'From: '.$email;

			// mails, if statement so if its true (mail did send)
				if	(mail($to,$emailsubject,$body,$headers)){

					echo'Thanks for contacting us.';					

				}else{

					echo'Sorry, an error occurred. Try again later.';

				}
			}
			
			} else{
			
			
			
			}
			
?>

<?php
// code for captcha
session_start();
// this is starting the session made in generate.php and making it so the numbers generated are between
// 1000-9999
// we do a if statement so that it links to the submit button and if entered incorrectly it outputs
// and refreshes the image to a new one.
if (!isset($_POST['secure']) ){
$_SESSION['secure']=rand(1000,9999);
}else{
	if ($_SESSION['secure'] == $_POST['secure']){
		header('Location: sent.php');
	}else{
		header('Location: notsent.php');
		echo"incorrect captcha code";
		$_SESSION['secure']=rand(1000,9999);
	}
}

?>
		<div class="contactform">	
		<h1 class="buslistheader">Send an e-mail</h1>
		<form id="form1" name="form1" method="post" action="contact_us.php">
			<table class="center" cellspacing=0 cellpadding=0>
			<tr>
			<td class="inputlabel"><label for="Name" >* Name:</label></td></tr>
			<tr><td><input class="inputbox" type="text" name="name" id="Name" maxlength="30" required></td>
			</tr>
			<tr>
			<td class="inputlabel"><label for="companyName">Company Name:</label></td><tr>
			<tr><td><input class="inputbox" type="text" name="companyname" id="companyName" maxlength="30"></td>
			</tr>
			<tr>
			<td class="inputlabel"><label for="email">* Email:</label></td></tr>
			<tr><td><input class="inputbox" type="text" name="email" id="email" maxlength="50" required></td>	
			</tr>
			<tr>
			<td class="inputlabel"><label for="subject"> Subject:</label></td></tr>
			<tr><td><input class="inputbox" type="text" name="subject" id="subject" maxlength="40" required></td>
			</tr>
			<tr>
			<td class="inputlabel"><label for="message">* Message:</label></td></tr>
			<tr><td><textarea class="inputarea" name="message" id="message" maxlength="2000" required></textarea></td>
			</tr>
			<tr>
			<td><img src="generate.php" class="captchabox" /></td>
			</tr>
			<tr>
			<td><input class="inputbox" type="text" name="secure" style="border-top:2px solid #54792D;"></td>
			</tr>
			<tr>
			<td><input class="submitbutton" type="submit" value="Send An Email"></td>
			</tr>
			</table>
		</form>
	</div>

[cyberRobot]

okay thanks, ive done this now and it redirects to two different pages depending on the correct/wrong captcha entered. but heres one question.

lets say i enter wrong captcha, click submit and get taken to a page which just outputs a line saying "wrong captcha" . will the email still be sent?

 

You could always give it a try. Based on a cursory look, an email will likely go out. To avoid that, you could try moving the form validation inside your if construct which tests the CAPTCHA value.

 

Also, you should look into email injections if you haven't done so already.

https://www.google.com/search?q=email+injection+php

 

To help avoid issues, I would recommend validating the user-supplied email address:

http://php.net/manual/en/filter.examples.validation.php

[afallingpanda]

what would i move? and where to?