captcha on one page

0
August 17, 2011

Hi, using the following mail script, I'm trying to integrate CAPTCHA so that I don't have to redirect off the page. Can some illustrate how this works? Most CAPTCHA tutorials I've been able to find (and understand) require submitting to a thank you page or redirecting somehow but I just don't need that.

<?php

$to = "some@email.com";

$name = $_POST['name'];

$name = stripslashes($name);

$phone = $_POST['phone'];

$phone = stripslashes($phone);

$email = $_POST['email'];

$email = stripslashes($email);

$subject = "A message from the website.\n";

$headers = "From: website-user@thedomain.com

\r\n";

$headers .= "Reply-To: $email\r\n";

$headers .= "Return-Path: some@email.com\r\n";

$body = stripslashes($body);

$message = "Name: $name\nPhone: $phone\nEmail: $email\nDate: " . date("l, F jS, Y @ g:ia") . "\n\nMessage:\n$body\n";

$submit = $_POST['submit'];

if(isset($submit)) { // CAPTCHA success here?

echo "Your message was sent successfully!\n";

echo "Thank you for the message.\n";

echo "· <a href=\"$PHP_SELF\">Send another message</a><br>\n";

mail($to,$subject,$message

,$headers)

;

} else {

echo "All fields should be considered <em>required</em>.\n";

echo "Your Full Name:<br />\n";

echo "<input name=\"name\" type=\"text\" id=\"name\" style=\"width: 250px; margin-bottom: 10px;\" /><br />\n";

echo "Email Address:<br />\n";

echo "<input name=\"email\" type=\"text\" id=\"email\" style=\"width: 250px; margin-bottom: 10px;\" /><br />\n";

echo "Phone Number:<br />\n";

echo "<input name=\"phone\" type=\"text\" id=\"phone\" style=\"width: 250px; margin-bottom: 10px;\" /><br />\n";

echo "Question or Comment:<br />\n";

echo "<textarea name=\"body\" wrap=\"VIRTUAL\" id=\"query\" style=\"width: 250px; height: 100px; margin-bottom: 10px;\" /></textarea><br />\n";

echo "<input type=\"submit\" name=\"submit\" id=\"submit\" value=\"Send It\"> <input type=\"reset\" name=\"reset\" id=\"reset\" value=\"Reset\">\n";

}

?>

7

answers

Comments See all(0)

Add comment
0
August 17, 2011

which part can't you get your head around?

generating the captcha (tons of examples)

saving something for comparison upon submittal

testing properly upon submittal

The link I gave is actually REALLY simple code, really easy to use.  I'd start with that, and if sessions don't work we can try cookies.  embedding the result in the form in this particular case becomes a bit trickier as the image-generator doesn't store the result except in session/cookie (as it runs as part of the html load of the form...).

Here's what I'd do.  Use his captcha_image.php file, with one minor modification: change $_SESSION["pass"] to something more like $_SESSION["mailform_captch

a_pass"], to be specific (so it doesn't conflict with 'pass' in some other code in the future...).

Then, modifying your code above to be something like the following (I haven't tested this!):







<?php

session_start();

$submit = $_POST['submit'];

if(isset($submit))

{

      // validate the captcha here:

      if ( ($_POST["captcha_input"] == $_SESSION["mailform_captch

a_pass"]) &&  

          (!empty($_POST["captcha_in

put"]) && !empty($_SESSION["mailform

_captcha_p

ass"])) )

      {

            // succeeded, so we go through the rest of the post variables, collect, and email.

            $to = "some@email.com";

            $name = $_POST['name'];

            $name = stripslashes($name);

            $phone = $_POST['phone'];

            $phone = stripslashes($phone);

            $email = $_POST['email'];

            $email = stripslashes($email);

            $subject = "A message from the website.\n";

            $headers = "From: website-user@thedomain.com

\r\n";

            $headers .= "Reply-To: $email\r\n";

            $headers .= "Return-Path: some@email.com\r\n";

            $body = stripslashes($body);

            $message = "Name: $name\nPhone: $phone\nEmail: $email\nDate: " . date("l, F jS, Y @ g:ia") . "\n\nMessage:\n$body\n";

            mail($to,$subject,$message

,$headers)

;

            // NOTE: you'd normally ERROR CHECK the call to mail, in case it doesn't succeed...

            echo "Your message was sent successfully!\n";

            echo "Thank you for the message.\n";

            echo "· <a href=\"$PHP_SELF\">Send another message</a><br>\n";

            // we're done, exit this script.

            exit();

      }

}

// ELSE, we either failed the captcha test, failed to enter a needed field, or this is a new page...

if (isset($submit)) // if got here with a submit, must have failed.  Give some useful output?

      echo "Please try entering your information again, with the proper code.<br/>";

// html form below, as html for ease of coding.

?>

All fields should be considered <em>required</em>.<br/>

Your Full Name:<br />

<input name="name" type="text" id="name" style="width: 250px; margin-bottom: 10px;" /><br/>

Email Address:<br />

<input name=\"email\" type=\"text\" id=\"email\" style=\"width: 250px; margin-bottom: 10px;\" /><br />

Phone Number:<br />

<input name=\"phone\" type=\"text\" id=\"phone\" style=\"width: 250px; margin-bottom: 10px;\" /><br />

Question or Comment:<br />

<textarea name="body" wrap="VIRTUAL" id="query" style="width: 250px; height: 100px; margin-bottom: 10px;" /></textarea><br/>

Please enter the text you see in the following graphic:<br/>

<img src="captcha_image.php" />: <input type="text" name="captcha_input" size="15"><br/>

<input type="submit" name="submit" id="submit" value="Send It"> <input type="reset" name="reset" id="reset" value="Reset">

<?php /* end of form */ ?>

0
August 17, 2011

did u try this

http://www.webcheatsheet.c om/php/ cre atecaptch aprotecti on.php

kiranvj

0
August 17, 2011

It looks like you've got your basic solution in-place already.  You obviously need a way to generate a captcha graphic, store the result to test against, and test the captcha was valid as part of your submit test.  I'd assume you can handle most of that.  If not, I liked the sample code at:

http://frikk.tk/comments-2 73-04.28.0 6.htm

It's a decent starting point to look at.  The captcha process for generating a code should be easy enough to understand.  You create some alphanumeric string (usually hexadecimal), store it where it can be retrieved, and output the graphic into the form.  When the form is submitted, one field has the entered test, you need to compare that against the generated result.

Most people use either a cookie or session variable to store the result (or an md5 encryption of the result, to prevent hacking), though in theory you could embed the encrypted version in the form just as easily since a bot/hacker would need to know your precise encryption process/string in order to decrypt to find the right match to enter.  So any of the three will work.

Modifying your current form, here's what I might do:

instead of the if-submitted-else-form code, I'd do something like:

if-submitted

test captcha

captcha valid and passed, send email, exit();

NO else

just fall through to the form output code.  you could set a flag to 0 before the if-submitted, set to 1 inside the if, to let the form output code know an attempt was made, so you could output something at the top of the form like "sorry, you didn't enter the correct string, please try again".

to prevent hackery, you could store a counter in the form of the number of attempts.  After say three attempts, log it to disk, and don't print the form out again, print a "Try again later" kind of innocuous prompt.

encode the captcha string into the form if you don't want to worry about cookies or sessions.  just encrypt it first, combining some other private-but-known string/key onto the match string, then MD5 hash the entire thing, and put that encoded version into a hidden field in the form.  Then you can calculate the same encoding of the user's match input with the pre-encoded version in the form, rather than checking session or cookie.

-d

0
August 17, 2011

KIRANVJ, thanks I took a look but your example was seriously over my head. Sorry.

DAVEBYTES, thanks. I checked out the url you posted and I'm willing to bet it would work famously but my problem is more with integrating Captcha into my (or a) mail form. I have set up basic, working captcha before but I just can't swing my head around making the form process the image and then mail properly - frankly, I've never had much luck with cookies or sessions at all. Would you be willing to post some code examples? I could post more points and I'd really like to get this figured out . . .

0
August 17, 2011

Excellent, THAT helps :) I'm having trouble just figuring out the logical order and the verifying of the image although that example should help tons. I'll give it a try this evening and post back. Thanks!

0
August 17, 2011

logical order is:

is post[submit] set?  if so:

  - is captcha set and valid?  if so:

    - grab other vars, send email, exit.

ELSE, all other cases fall through to output the form, part of the form is an image tag that requests the captcha.php script to generate a captcha image, and at same time it sets session variable for the submit-time validation check.

-d

0
August 17, 2011

There we go. I got something jury rigged up over here now. Thanks for the help!

Related Questions

How can I modify the Drupal comment module so that it does not include a homepage field?

Looking for a way to change the comment field in Drupal so that it does not ask for a user&#39;s homepage. &#160;I considered simply commenting out the homepage definition in the module&#39;s PHP, but Read More

Views

60

Votes

0

Answers

1

August 17, 2011

Capturing a "captcha generator" image

I work for a company that does online marketing. One of the things we do is submit our clients to various web directories. Part of what we do is pull-in a web page and attempt to determine which image Read More

Views

42

Votes

0

Answers

1

August 16, 2011

We are being over run with spam!  We even have a JS CAPTCHA.

We are continuously getting spam from on of our web pages here http://www.kearneyfire.org /send_msg. php , there is no direct link to this page, it comes from our contact page or Read More

Views

19

Votes

0

Answers

43

August 16, 2011

need to create a two page profile web site.

I have to build a two page registration with the asp.net built in registration. &#160;If you goto the site omegalove.com and click on registration then u can see that I have only one page. How can I b Read More

Views

19

Votes

0

Answers

21

August 16, 2011

online form not working

We are using http://www.tectite.com/ for an online form on the below website: http://myrascakes.com/orde r.html We keep getting an error and don&#39;t know how to fix it. &#160;There is a r Read More

Views

818

Votes

0

Answers

15

August 15, 2011

need a little php help please

I have a php script that emails the contents of a form submitted to it. I have a need for the information from this form to not only be sent out via email but to also be submitted to a second script o Read More

Views

49

Votes

0

Answers

3

August 16, 2011

Google error :  403 forbidden when search

Hi, we have a network of 2000 users. When we try to search in Google we get... ... but your query looks similar to automated requests from a computer virus or spyware application. To protect our users Read More

Views

17

Votes

0

Answers

3

August 15, 2011

Problem viewing some web pages with Firefox

Been having this issue with Firefox forever. &#160;Some web pages and some images do not display properly. &#160;Best example is the two images attached. &#160;One is from Internet Explorer and the ot Read More

Views

10

Votes

0

Answers

6

August 15, 2011

jquery Html form processing not working

Hi, I have a form to mail script that takes data entered by the user and emails the result to me. For some reason of the following: Name: &quot; . $_POST[&#39;field_1&#39;] . &quot; City: &quot; . $_P Read More

Views

24

Votes

0

Answers

11

August 16, 2011

VS2005: Publish Fails in Pre Configuration step

I recently had to reimage my work machine and have been cleaning up issues since. Here is one I have been unable to get past. I have a website (not a web application) that I am trying to publish. I ha Read More

Views

15

Votes

0

Answers

4

August 16, 2011

Php session variables

I am trying to install &#160;a contact.php form with captcha. I bought the script from a website and software developer. The working version of his form is at http://www.easyflv.com/con tac Read More

Views

19

Votes

0

Answers

14

August 15, 2011

This is the very first question

Hello guys! This is the first post in this site Read More

Views

2k

Votes

4

Answers

2

January 08, 2016

report values not showing up.

I have a crystal report which I pass a DataSet to using VB.NET. The report was working fine, but then I make some changes to the import query and now nothing shows up in the crystal report. Crystal do Read More

Views

1k

Votes

0

Answers

12

September 06, 2005

Event log doesn't overwrite as needed in SP4

Hello All, After upgrading from SP3 to SP4 on several Windows 2000 PRO machines everything looked fine, but from time to time applications can&#39;t write to the event log. When I try to view the appl Read More

Views

1k

Votes

0

Answers

9

May 11, 2003

"Failed to self-register XYZ.dll"

Hi there, I wrote a OLE-automation-server DLL in VB4.0. I use Installshield Express to install it as part of my program on the target computers. Now on some computers I get the message &quot;Failed to Read More

Views

2k

Votes

0

Answers

2

November 08, 1998

Please help understand these notes on image processing

Can someone please help me understand these lecture notes... On the right of the page; What does &quot;normalised by one notion of the area of a pixel&quot; mean? On the first formula for A, Is that a Read More

Views

1k

Votes

0

Answers

3

February 05, 2009

Can someone please explain this paragram on the chain rule in image processing

Please see the screenshot, How is 3133030 got from 10103322? Read More

Views

1k

Votes

0

Answers

1

January 05, 2009

AD on 2003

We have created an AD Domain on Windows 2000 Server with no problems. We just created an AD Domain on Windows 2003 and we&#39;re getting some weird problems. Both of these domains are behind firewalls Read More

Views

1k

Votes

0

Answers

15

May 11, 2003

ADDT ASP Upload Error " Type mismatch: 'tNG_isFileInsideBaseFolder' "

I am trying to create a simple insert record and upload image function on an ASP page built using Adobe Dreamweaver Developer Toolkit. I have done this many times before with no problem, however, i ha Read More

Views

1k

Votes

0

Answers

0

November 02, 2008

MYSQL Select query with custom ORDER BY

Hi, is it possible to customize the order of the returned rows in mysql? Example: I have a Table with a column &quot;name&quot;, now I want to have all entries ordered by name, but I want the entries Read More

Views

1k

Votes

0

Answers

5

July 02, 2010