Jump to content

PHP mail form with CAPTCHA — what's wrong?


Go to solution Solved by QuickOldCar,

Recommended Posts

Just a bit of background first: I have a contact form set up on one of my domains. It hasn't been updated in 7 years and recently I started getting about 3-8 spam messages daily through it. At some point I updated other sites with code that includes a CAPTCHA.

 

Out of sheer laziness, instead of recoding the contact form that was getting spammed, I just copied & pasted one of the updated forms and changed the necessary details like which e-mail address, URL, etc. Unfortunately, this hasn’t worked out properly.

 

For some reason the CAPTCHA image isn’t being displayed. I keep looking but can't find the error(s). Could someone please take a look at the code and tell me what went wrong? I’d be ever so grateful for any help!
The code for the form itself:

<form method="post" action="mail-e.php">
<p><input type="text" name="name" id="name" value="who are you?" size="25" /></p>
<p><input type="text" name="email" id="email" value="you@whatever.bla" size="25" /></p>
<p><input type="text" name="url" id="url" value="http://" size="25" /></p>
<p><textarea name="comments" id="comments" rows="1" cols="20">Go on, then. Tell me a story, wingy!</textarea></p>
<p><img src="http://echoing.org/captcha.php" alt="humanity check" /><br />
<input type="text" name="captcha" id="captcha" /> <br />
<p><input type="submit" name="submit" id="submit" value="sing to me" /> 
<input type="reset" name="reset" id="reset" value="out of key" /></p>
</form>

mail-e.php:

<?php
session_start();

//Encrypt the posted code field and then compare with the stored key

if(md5($_POST['captcha']) != $_SESSION['key'])
{
  die("Error: You must enter the code correctly");
}else{
  echo 'You entered the code correctly';
}
?>

<?php
if (!isset($_POST['submit'])) {
include('./header.php');
   echo "<h1>HEY!!! You just encountered an error!</h1>\n
      <p>You don't belong here. <strong>Because it's <em>wrong</em>.</strong> Go back and try again, please.</p>";
include('./footer.php');
   exit;
}

function cleanUp($data) {
   $data = strip_tags($data);
   $data = trim(htmlentities($data));
   return $data;
}

$name      = cleanUp($_POST['name']);
$email     = cleanUp($_POST['email']);
$url       = cleanUp($_POST['url']);
$comments  = cleanUp($_POST['comments']);

if ((empty($name)) || (empty($email)) || (empty($comments))) {
include('./header.php');
   echo "<h2>Input Error! Looks like you missed some stuff.</h2>\n
     <p><strong>Name</strong>, <strong>e-mail</strong> and <strong>comments</strong> are required fields. Please fill them in and try again:</p>";

   echo "<form action=\"mail-e.php\" method=\"post\"><p>";
   echo "<input type=\"text\" name=\"name\" id=\"name\" value=\"$name\" /> Name<br />";
   echo "<input type=\"text\" name=\"email\" id=\"email\" value=\"$email\" /> E-mail<br />";
   echo "<input type=\"text\" name=\"url\" id=\"url\" value=\"$url\" /> Site URL<br />";
   echo "<textarea name=\"comments\" id=\"comments\">$comments</textarea> Comments<br />";
   echo "<img src=\"http://echoing.org/captcha.php\" alt=\"humanity check\" style=\"margin-bottom: 2px;\" /><br />";
   echo "<input type=\"text\" name=\"captcha\" id=\"captcha\" /> <br />";
   echo "<input type=\"submit\" name=\"submit\" id=\"submit\" value=\"Send\" />";
   echo "</p></form>";
include('./footer.php');

   exit;
}

if (!ereg("^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,6})$",$email)) {
include('./header.php');
echo "<h2>Input Error</h2>\n
<p>That e-mail address you entered - \"$email\" - is <em>not</em> a valid electronic address. Please edit it and send it in again, please:</p>";

   echo "<form action=\"mail-e.php\" method=\"post\"><p>";
   echo "<input type=\"text\" name=\"name\" id=\"name\" value=\"$name\" /> Name<br />";
   echo "<input type=\"text\" name=\"email\" id=\"email\" value=\"$email\" /> E-mail<br />";
   echo "<input type=\"text\" name=\"url\" id=\"url\" value=\"$url\" /> Site URL<br />";
   echo "<textarea name=\"comments\" id=\"comments\">$comments</textarea> Comments<br />";
   echo "<img src=\"captcha.php\" alt=\"humanity check\" style=\"margin-bottom: 2px;\" /><br />";
   echo "<input type=\"text\" name=\"captcha\" id=\"captcha\" /> <br />";
   echo "<input type=\"submit\" name=\"submit\" id=\"submit\" value=\"Send\" />";
   echo "</p></form>";
include('./footer.php');

   exit;
}

$email = preg_replace("([\r\n])", "", $email);

$find = "/(content-type|bcc:|cc:)/i";
if (preg_match($find, $name) || preg_match($find, $email) || preg_match($find, $url) || preg_match($find, $comments)) {
include('./header.php');
   echo "<h1>Error</h1>\n
      <p>No meta/header injections, please.</p>";
include('./footer.php');
   exit;
}

$recipient = "my email address is here";
$subject   = "paint me a wish on a velvet sky";

$message   = "Name: $name \n";
$message  .= "E-mail: $email \n";
$message  .= "URL: $url \n";
$message  .= "Comments: $comments";

$headers   = "From: a wish painted on the velvet sky \r\n";
$headers  .= "Reply-To: $email";

if (mail($recipient,$subject,$message,$headers)) {
include('./header.php');
   echo "<<p>WOO HOO! Your message was successfully sent to me! I'll read it as soon as I can. I may even respond! Thanks for using the form, fruitcake </p>";
include('./footer.php');
} else {
include('./header.php');
   echo "<p>Something went awry. Your message didn't go through. Want to take another crack at it? Please do, I'd love to hear from you!</p>";
include('./footer.php');
}
?>

captcha.php:

<?php
//Start the session so we can store what the code actually is.
session_start();

//Now lets use md5 to generate a totally random string
$md5 = md5(microtime() * mktime());

/*
We dont need a 32 character long string so we trim it down to 5
*/
$string = substr($md5,0,5);

/*
Now for the GD stuff, for ease of use lets create
 the image from a background image.
*/

$captcha = imagecreatefromjpeg("http://echoing.org/captcha.jpg");

/*
Lets set the colours, the colour $line is used to generate lines.
 Using a blue misty colours. The colour codes are in RGB
*/

$black = imagecolorallocate($captcha, 0, 0, 0);
$line = imagecolorallocate($captcha,233,239,239);

/*
Now to make it a little bit harder for any bots to break, 
assuming they can break it so far. Lets add some lines
in (static lines) to attempt to make the bots life a little harder
*/
imageline($captcha,0,0,39,29,$line);
imageline($captcha,40,0,64,29,$line);

/*
Now for the all important writing of the randomly generated string to the image.
*/
imagestring($captcha, 5, 20, 10, $string, $black);

/*
Encrypt and store the key inside of a session
*/

$_SESSION['key'] = md5($string);

/*
Output the image
*/
header("Content-type: image/jpeg");
imagejpeg($captcha);
?> 

I don’t know where it all went wrong as I’m using pretty much the same code without problems here, here and here.

 

The form isn't being used presently (apart from the spam) but I am itching to know what the problem is.

 

P.S. The link to the CAPTCHA image wasn’t always http://echoing.org/captcha.php in the code. On the other forms and initially with this one the code was ./captcha.php but I changed it in case that was the problem. Looks like it isn’t.

 

Thanks in advance!

  • Solution

Warning: mktime() [function.mktime]: It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected 'America/New_York' for 'EST/-5.0/no DST' instead in /home/echoic5/public_html/captcha.php on line 6

 

That warning is displaying on captcha.php, so set your date_default_timezone_set().

While are at it might as well turn off error reporting on a production site.

The header warning will go away as well.

Also added at the end to destroy that temporary image that will consume your memory.

<?php
//Start the session so we can store what the code actually is.
session_start();
error_reporting(0);//disable error reporting
date_default_timezone_set("America/New_York");//set timezone

//Now lets use md5 to generate a totally random string
$md5 = md5(microtime() * mktime());

/*
We dont need a 32 character long string so we trim it down to 5
*/
$string = substr($md5,0,5);

/*
Now for the GD stuff, for ease of use lets create
the image from a background image.
*/

$captcha = imagecreatefromjpeg("http://echoing.org/captcha.jpg");

/*
Lets set the colours, the colour $line is used to generate lines.
Using a blue misty colours. The colour codes are in RGB
*/

$black = imagecolorallocate($captcha, 0, 0, 0);
$line = imagecolorallocate($captcha,233,239,239);

/*
Now to make it a little bit harder for any bots to break,
assuming they can break it so far. Lets add some lines
in (static lines) to attempt to make the bots life a little harder
*/
imageline($captcha,0,0,39,29,$line);
imageline($captcha,40,0,64,29,$line);

/*
Now for the all important writing of the randomly generated string to the image.
*/
imagestring($captcha, 5, 20, 10, $string, $black);

/*
Encrypt and store the key inside of a session
*/

$_SESSION['key'] = md5($string);

/*
Output the image
*/
header("Content-type: image/jpeg");
imagejpeg($captcha);

imagedestroy($captcha);//destroy the image and out of memory
?>

Ah, thank you very much, I really appreciate it! I'll update captcha.php everywhere else I'm using it as well.

 

Thanks also for the recaptcha advice. I know the simple setup I have won't do much to prevent bots. However, I'll only resort to Google if things get really out of hand. My sites don't get a lot of traffic so it shouldn't be a big problem. But if it becomes one, I'll know what to do.

 

Again, Thank You! :happy-04:

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.