Hi,

I've tried to integrate a math-captcha into an already present form, but it doesn't seem to be working properly as I can type any number into it and it sends.

This what I've added to the form itself:

<img src="image.php" alt="Click to reload image" title="Click to reload image" id="captcha" onclick="javascript:reloadCaptcha()" /><input type="text" name="secure" value="" onclick="this.value=''" />

This is placed at the top so the image can be reloaded:

<script language="javascript" type="text/javascript">
/* this is just a simple reload; you can safely remove it; remember to remove it from the image too */
function reloadCaptcha()
{
    document.getElementById('captcha').src = document.getElementById('captcha').src+ '?' +new Date();
}

Am I correct in assuming the following piece of code goes into the forms processing page?

    <?php
...

if( isset($_POST['someinput']) )
{
// validate neccessary fields here
if( $_POST['captcha_result'] != $_SESSION['captcha_result'] ) $error = 'Wrong result. Try again.';

if( !$error ){
/* send your message here */
}

}

...
?>

I can't figure out how to edit it properly so it'll work ... and I'm placing it at the very top.

Any suggestions?

I'd greatly appreciate it, thank you ~`!

3 answers

2
points

Hello - stackoverflow convert here but I think I may be able to help you.

The conditionals appear to be malformed.

I am assuming you are placing this code in the same script as the form calling it.

The first conditional, if put in the same PHP document as the submitting form, should check if the form has been submitted at all, and the else in it should display the form since input has not been applied yet.

<? if(isset($_POST['name_from_submit_element']{
//our processing script;
}else{ ?>
<form action="<?php echo $_SERVER['PHP_SELF'] ?>" method="POST">
//inputs etc.
</form>
<? } ?>

Then there should be another conditional within the one running upon submission to validate the captcha.

Replace the comment in the example above with this:

if( $_POST['captcha_result'] != $_SESSION['captcha_result'] ){
 $error = 'Wrong result. Try again.';
}else{
//run server side script
}

The method I typically use to echo back the error messages within a self-calling script is to have an isset conditional check for error messages right within the form - add to your form this code

<form>
<? if(isset($error)){ echo $error; } ?>
</form>

This is all of course assuming that your CAPTCHA script is storing the correct answers on in the SESSION super global. Did you also include your captcha script if there is one? This should be done before anything in the page.

So your completed code would look something like:

include('path_to_script_goes_here');
 <? if(isset($_POST['name_from_submit_element']{
         if( $_POST['captcha_result'] != $_SESSION['captcha_result'] ){
 $error = 'Wrong result. Try again.';
}else{
//run server side script
}
}else{ ?>
<form action="<?php echo $_SERVER['PHP_SELF'] ?>" method="POST">
<?if(isset($error)){ echo $error; } ?>
//inputs etc.
</form>
<? } ?>

Also make sure all form names match the POST keys being tested.

See if that helps and post back.

Answered almost 7 years ago by Mark Grey
1
point

Try changing this line in the PHP:

if( isset($_POST['captcha_result']) )

And change this part as well:

if(!$error) {
    /* send your message here */
    echo 'Message sent.';
} else {
    echo $error;
}

Basically, the name of the input element is what gets sent to the $_POST array. So, since you don't check against the right input, the $_POST['captcha_result'] never gets tested against the $_SESSION['captcha_result']. That is to say, you are checking against the variable $_POST['someinput']... so that might work if there is a form element with the name attribute set to someinput, but you don't show us your full form, so it is hard to say.

I added the second part so you can see the error message if things go wrong. But the main point is that whatever the name attribute is in the form, that is what you use to access it in the $_POST array. So even though you don't show the rest of your form, the input field for the captcha must have the name attribute set to captcha_result, like this:

<input type="text" name="captcha_result" />

There are other reasons that it might not be working. We don't know what the rest of your PHP looks like, so again it is hard to tell, but at the top of your script, you should have a call to the session_start() function. And at some point there should be a place where you are sending the form and another place where you are displaying the error message.

Answered almost 7 years ago by Abinadi Ayerdis
0
points

Thanks to both of you ... been trying a combination of everything, but still can't get it to work properly. I know very little about php, think it's time I made the effort to get a better grasp on it.

Currently, this is what my processing form looks like:

<?php

$EmailFrom = "..."; $EmailTo = "..."; $Subject = "..."; $Name = Trim(stripslashes($POST['Name'])); $email = Trim(stripslashes($POST['email'])); $phone = Trim(stripslashes($POST['phone'])); $comments = Trim(stripslashes($POST['comments']));

// validation $validationOK=true; if (!$validationOK) { print "POST['captcha_result'] != $SESSION['captcha_result'] ){ $error = 'Wrong result. Try again.'; }else{ //run server side script }

// prepare email body text $Body = ""; $Body .= "Name: "; $Body .= $Name; $Body .= "\n"; $Body .= "Phone: "; $Body .= $phone; $Body .= "\n"; $Body .= "Email: "; $Body .= $email; $Body .= "\n"; $Body .= "Comments: "; $Body .= $comments; $Body .= "\n";

// send email $success = mail($EmailTo, $Subject, $Body, "From: <$EmailFrom>");

// redirect to success page if ($success){ print "

Would someone please let me know what I'm doing wrong?

Thanks for you time, I appreciate it ~

Answered almost 7 years ago by Jennifer