As for Site Security

[Roybot06]

I am now creating a CAPTCHA image for my site to use in submitting the contact information from the "Contact Us" section. The problem lies in I don't know how to make the PHP allow for the Submit button/function to be hidden until they get the CAPTCHA image correct. I know it would be in the case somewhere, but how would I make the whole page submittable through a function in the PHP is my first problem and the second would be how do I go about hiding this function until the CAPTCHA is solved.

 

 

Any input would be greatly valued.

 

 

[cooldude832]

That would be javascript.  Capctcha sets a session = to the code and then the test is if($_POST['code'] == $_SESION['capctcha']) {// Code matches}  Basically in javascript modify that using objects and then make a div with the submit button that says if(Match show that div)  although this isn't secure because a bot can raddle off a billion tries to get the code right very quickly because it doesn't require a submit to test the values.  And the code would be in the source code making it almost pointless.  Just use a second page detection.

[Roybot06]

I'm still lost to that, they made it a PHP function.

 

As a matter of fact here is the code:

 

<?php

 

require_once('recaptchalib.php');

$publickey = "...";

$privatekey = "...";

 

# the response from reCAPTCHA

$resp = null;

# the error code from reCAPTCHA, if any

$error = null;

 

# are we submitting the page?

if ($_POST["submit"]) {

  $resp = recaptcha_check_answer ($privatekey,

                                  $_SERVER["REMOTE_ADDR"],

                                  $_POST["recaptcha_challenge_field"],

                                  $_POST["recaptcha_response_field"]);

 

  if ($resp->is_valid) {

    echo "You got it!";

    # in a real application, you should send an email, create an account, etc

 

  } else {

  die("Invalid Input, you must be a spam bot.")

    # set the error code so that we can display it. You could also use

    # die ("reCAPTCHA failed"), but using the error message is

    # more user friendly

    $error = $resp->error;

 

  }

}

echo recaptcha_get_html($publickey, $error);

?>

 

The problem is the submit function on this only works for submitting that form to test the text. So I need to have a global submit function or something like that to send it if they are right, and stop it all together if they aren't. Or something like I stated earlier, have a trigger from them getting this image correct and causing the actual submit button to appear.

 

Thank you, the Javascript idea does make sense though.

[cooldude832]

I don't know what version of capcthca you are using but this  is how I do it

form page

<html>
<img src="captcha/captcha_image.php" alt="security image" border="0"/>
Security Code: <input type="text" name="secure"/></br>
<input type="submit" value="Register"/>

That creates the image off the php doc which also sets sessions

then on the processing page

<?php
session_start();
if($_SESSION['captcha'] != trim($_POST['secure'])){
$error['secruity'] = "The Secruity code does not match the image provided";
}
//I create this array called $error which gets filled with arrays and then say
if(empty($error)){
//Submit data no errors
}
else{
echo "<ol>";
foreach($error as $value){
echo "<li>".$value."</li>";
}
echo "</ol>";
}
?>

[Roybot06]

I am using a program called reCAPTCHA [http://www.recaptcha.com]; it is some university project that is supposed to be the best CAPTCHA out there. I don't understand too much of PHP, I understand what little it reminds me of C; but I am lost as to what I am going to do about this segment of PHP.

 

So is that exactly what you used to make your CAPTCHA?

[cooldude832]

Yup the img src is a php doc that makes the magic code and draws the image, as being good if you are on a help site I think any version is good enough