Integrating captcha code into Contact Form gets "Wrong Code Entered"

[Chrisj]

I merged this code from a captcha script:

 

<?php
session_start();
if(isset($_POST["captcha"])&&$_POST["captcha"]!=""&&$_SESSION["code"]==$_POST["captcha"])
{
echo "Correct Code Entered";
//Do your stuff
}
else
{
die("Wrong Code Entered");
}
?>

with a working Contact Form script code:

<?php
$data = json_decode(file_get_contents("php://input"));
$name = trim($data->name);
$name = str_replace(array("\r", "\n"), array(" ", " "), $name);
$email = filter_var(trim($data->email), FILTER_SANITIZE_EMAIL);
$message = trim($data->message);
// Check that data was sent.
if (empty($name) || empty($message) || !filter_var($email, FILTER_VALIDATE_EMAIL)) {
echo "One or more invalid entries. Please try again.";
exit;
}

$to = "support@...com";
$from = "From: contact-form@...com". "\r\n";
$body = "A message has been sent via the website contact form.\n\n";
$body .= "Name: $name\n";
$body .= "Email: $email\n\n";
$body .= "Message:\n$message\n";

if (mail($to, 'Customer Inquiry', $body)){
echo "Thank You. Your Message Has Been Sent.";
} else {
echo "An error has occurred and your message could not be sent.";
}
?>

to get this:

<?php
	session_start();
	
	$data = json_decode(file_get_contents("php://input"));
	$name = trim($data->name);
	$name = str_replace(array("\r", "\n"), array(" ", " "), $name);
	$email = filter_var(trim($data->email), FILTER_SANITIZE_EMAIL);
	$message = trim($data->message);
	// Check that data was sent.
	if (empty($name) || empty($message) || !filter_var($email, FILTER_VALIDATE_EMAIL)) {
	echo "One or more invalid entries. Please try again.";
	exit;
	}
	
	if(isset($_POST["captcha"])&&$_POST["captcha"]!=""&&$_SESSION["code"]==$_POST["captcha"])
	{
	echo "Correct Code Entered";
	//Do your stuff
	}
	else
	{
	die("Wrong Code Entered");
	}
	
	$to = "support@...com";
	$from = "From: contact-form@...com". "\r\n";
	$body = "A message has been sent via the website contact form.\n\n";
	$body .= "Name: $name\n";
	$body .= "Email: $email\n\n";
	$body .= "Message:\n$message\n";
	
	if (mail($to, 'Customer Inquiry', $body)){
	echo "Thank You. Your Message Has Been Sent.";
	} else {
	echo "An error has occurred and your message could not be sent.";
	}
?>

but after I tested/completed the Form, including entering the correct Captcha code, I see the message "Wrong Code Entered", and of course the Contact Form info does not send.

 

I added this (after the 'session start' line):

var_dump($_SESSION);

and ran the Form, and I see this:

array(2) { ["security_code"]=> string(6) "9569qb" ["code"]=> int(6133) } Wrong Code Entered

Any guidance with integrating captcha script successfuly will be appreciated.

[Jacques1]

So where's the actual CAPTCHA? All you've shown is the CAPTCHA check.

 

By the way, home-made CAPTCHAs are typically not very effective. Consider using a professional solution like Google's reCAPTCHA.

[Chrisj]

Thanks for your reply.

But, I'm not clear on what you're asking for. Is it this?:

<?php
session_start();
$code=rand(1000,9999);
$_SESSION["code"]=$code;
$im = imagecreatetruecolor(80, 24);
$bg = imagecolorallocate($im, 177, 78, 78);
$fg = imagecolorallocate($im, 255, 255, 255);
imagefill($im, 0, 0, $bg);
imagestring($im, 5, 24, 3,  $code, $fg);
header("Cache-Control: no-cache, must-revalidate");
header('Content-type: image/png');
imagepng($im);
imagedestroy($im);
?>

[Jacques1]

I'm talking about your form which must in some way include the CAPTCHA.

 

And again: You'll save yourself a lot of trouble now and in the future if you just use a known CAPTCHA library. Google has copypastable code and detailed instructions.

[Chrisj]

Thanks again for your reply.

 

Here's the Form:

		<form id="ajax-contact" method="post">
        <table class="table10">
        <tr>
        <td colspan="3"><textarea id="contact-message" placeholder="MESSAGE:" required/></textarea>
        </td>
		<tr>
		<td>
        <input id="contact-name" name="name" value="NAME" onfocus="if (this.value=='NAME') {this.value=''; this.style.color='#000000';}" onclick="clickclear(this, 'Enter Name')" onblur="clickrecall(this,'')" required/>
        </td>
		<td>
        <input id="contact-email1" name="email" value="EMAIL" onfocus="if (this.value=='EMAIL') {this.value=''; this.style.color='#696969';}" required/>
        </td>
        <tr>
		<td class="captcha">
		ENTER IMAGE TEXT:  <input name="captcha" style="width:100px" type="text" required/>  <img src="captcha.php" />
		</td>
		<td>
        <input type="hidden" name="submit" ><input class="my-input1" type="submit" value="SEND">
        </td>
        </tr>
        </table>
		</form>

[Jacques1]

You simultaneously assume that the request body uses custom JSON encoding:

json_decode(file_get_contents("php://input"))

and classical URL encoding:

$_POST["captcha"]

It can't both be true.

 

I recommend you get rid of the weird JSON stuff (as I already told you last time) and use plain old form parameters.

[Chrisj]

Thanks for your reply.

 

I saw this on a Support Forum (i'm not sure if it pertains to this) It said this:

"If you already have your parameters set like $_POST['eg'] for example and you don't wish to change it, simply do it like this:

$_POST = json_decode(file_get_contents('php://input'), true);

This will save you the hassle of changing all $_POST to something else and allow you to still make normal post requests."

 

Would that work in my situation?

[Jacques1]

What on earth is the point of the JSON encoding anyway? All it does right now is produce a lot of problems and extra code.