Looking for a PHP captcha script

jgmouton · Mar 11, 2007

AdRock wrote:
also on your form, have a text field called verify or wahtever you want and use this after the form is displayed
[/code]

Thank you AdRock for helping me.

I am not sure I understand your sentence above. My form is on a contact page and the form data are sent to a CGI script of the company hosting my site through the form action element and there is also a redirect to a "thank you for contacting me" page. So, where exactly should I put the code you wrote?

leatherback · Mar 11, 2007

He says that you need to have a text input field on your contact form, where users copy the code from the image. the name of this field you use on the processing page to check whether the correct code was entered, as is normal with these anti-bot images.

edit:
And as with all the dynamic images you do not place the script for the image in yourpages. You safe it externally, and use the script as a source for an image:
<image src="script.php">

jgmouton · Mar 11, 2007

Yes I understand for the text input field but where should I place the code below since the CGI script will send the form data before the "thank you" page is displayed:
if (empty($POST['verify']) && $POST['verify'] == $_SESSION['captchstr']) {
do some error message
}

else {
do the rest

leatherback · Mar 11, 2007

You place it on top of your processing script.

However, you would have to do the processing of the script in PhP, as the verification of the captcha occurs server-side.

jgmouton · Mar 11, 2007

I tried the above code but no captcha appears on my form although I put <img src="captcha.php" />...

AdRock · Mar 11, 2007

is the GD grphics library instlled on the server?

Also where are you putting the captcha.php file. I have it in my inlcudes directory so I use <img src="includes/captcha.php">

If you have the GD library enables I could look at your code and test it locally

jgmouton · Mar 11, 2007

Yes the GD library is installed. The captcha.php file is in the root directory with all my php files.

Here is the html:

	<img src="captcha.php" />
	<label for="verify"><strong><span class="req">*</span>Ecrire le code :</strong>
      <input class="f-name" name="verify" id="verify" size="30" type="text" />
      <br />
      </label>

bradgrafelman · Mar 11, 2007

Is captcha.php in the same directory as this form? What if you visit the captcha.php script directly, do you see an image? Is error_reporting set to E_ALL and display_errors set to On ?

jgmouton · Mar 12, 2007

If I visit captcha.php, I get this error: Warning: imagettftext() [function.imagettftext]: Could not find/open font

Weedpacket · Mar 12, 2007

That means that it could not find or open the font. Have you checked that the font file is where it is supposed to be?

AdRock · Mar 12, 2007

You need to upload an Arial.ttf font to the same directory

Thats why i put the captcha.php script and the font in the includes folder

That should work then

jgmouton · Mar 12, 2007

I did not know I needed a font file. The code is displayed now. Thank you.

The trouble is that I am not sure I understand the code I should put on top of my "thank you" page:

if (empty($POST['verify']) && $POST['verify'] == $_SESSION['captchstr']) {
do some error message
}

else {
do the rest

With this code, even if I write the correct captcha, there will be an error...?

Also I put this code on my "thank you" page:

echo ($POST['verify']);
echo ($SESSION['captchstr']);

But it does not print anything in the browser.

leatherback · Mar 12, 2007

Hi JG Mouton,

You may show some self-help too...

if (empty($_POST['verify']) || $_POST['verify'] <> $_SESSION['captchstr']) {
do some error message
}

else {
// do the rest
}

You can check the variables by placinf
print_r($POST);
and
print_r($SESSION);
at the start of your page.

AdRock · Mar 12, 2007

Have a look at my contact form.

There is some form validation in there too

// This is what is displayed in the email subject line
// Change it if you want
$subject = "Message via your contact form";

// This is displayed when the email has been sent
$thankyou_message = "<p>Thankyou. Your message has been sent.</p>";

$self = $_SERVER['REQUEST_URI'];

$name = $_POST['txtName'];
$email = $_POST['txtEmail'];
$message = $_POST['txtMessage'];
$send = $_POST['send'];

$msg="<p>Please fill in this form if you have any queries or suggestions.</p>";

echo ($msg);

$form = "
    <form method=\"post\" action=\"$self\">

<p><label for=\"txtName\">Name:</label>
<input type=\"text\" title=\"Please enter your name\" id=\"txtName\" name=\"txtName\" size=\"40\" value=\"$name\" /></p>

<p><label for=\"txtEmail\">Email:</label>
<input type=\"text\" title=\"Please enter your email address\" id=\"txtEmail\" name=\"txtEmail\" size=\"40\" value=\"$email\"/></p>

<p><label for=\"txtMessage\">Comments:</label>
<textarea title=\"Please enter your message\" id=\"txtMessage\" name=\"txtMessage\" rows=\"20\" cols=\"45\">$message</textarea></p>

<p>For security purposes, please enter the image shown in the text box below.</p>

<p><label>&nbsp;</label></p>
<div class=\"captcha\"><img src=\"/includes/captcha.php\" alt=\"security image\" /></div>

<p><label for=\"verify\">Security image:</label>
<input type=\"text\" title=\"Please enter the image text\" id=\"verify\" name=\"verify\" id=\"verify\" size=\"9\" /></p>

<p><label>&nbsp;</label>
<input type=\"submit\" name=\"send\" value=\"Send\" class=\"submit-button\" /></p>

</form>";

if($send)
{
    $valid=true;

if( !$name )
{ 
    $errmsg.="Please enter your name:<br />";
    $valid=false;
}

if( !$email )
{
    $errmsg.="Please enter your email address:<br />";
    $valid=false;
}
else
{
	$email = trim($email);
	$_name = "/^[-!#$%&\'*+\\.\/0-9=?A-Z^_`{|}~]+";
	$_host = "([-0-9A-Z]+\.)+";
	$_tlds = "([0-9A-Z]){2,4}$/i";

	if( !preg_match($_name."@".$_host.$_tlds,$email))
	{
		$errmsg.="Email address has incorrect format!<br />";
		$valid=false;
	}
}

if( !$message )
{ 
    $errmsg.="Please enter your message:<br />";
    $valid=false; 
}

if (empty($_POST['verify']) && $_POST['verify'] == $_SESSION['captchstr'])
{
    $errmsg.="Please enter security image:<br />";
    $valid=false;
}
}

if( $valid !=true )
    {
	echo( "<span style=\"font-weight: bold; color:red;\">".$errmsg."</span>" . $form );
    }

else {

// Stop the form being used from an external URL
// Get the referring URL
$referer = $_SERVER['HTTP_REFERER'];
// Get the URL of this page
$this_url = "http://".$_SERVER['HTTP_HOST'].$_SERVER["REQUEST_URI"];
// If the referring URL and the URL of this page don't match then
// display a message and don't send the email.
if ($referer != $this_url) {
    echo "You do not have permission to use this script from another URL.<br />";
echo "If you are behind a firewall please check your referrer settings.";
    exit;
}

// The URLs matched so send the email
if( mail($your_email, $subject, $message, "From: $name <$email>"));
{
	// Display the thankyou message
	echo $thankyou_message;
}
}

?>

jgmouton · Mar 13, 2007

leatherback wrote:
You can check the variables by placinf
print_r($POST);
and
print_r($SESSION);
at the start of your page.

The first command gives an empty array: Array ( ) and the second command gives the correct captcha. That means the form variables are not sent to the "thank you" page. Is it because it is a redirect?

jgmouton · Mar 13, 2007

AdRock wrote:
if (empty($POST['verify']) && $POST['verify'] == $_SESSION['captchstr'])

I do not understand the above line because it implies that 2 conditions are to be met to produce an error message and one of these conditions is that the captcha entered by the user is correct: $POST['verify'] == $SESSION['captchstr']

leatherback · Mar 13, 2007

Redirecting your user to a page without moving the posted variables would do that, yes. Why don't you just post the data to the correct page, I wonder?

See my previous post (#18) regarding the IF statement. The problem you noticed in message 21 I already cleaned up for you.

jgmouton · Mar 13, 2007

leatherback wrote:
Redirecting your user to a page without moving the posted variables would do that, yes. Why don't you just post the data to the correct page, I wonder?

That is because I am using a cgi script of the company hosting my site (hostmonster.com). I have to place a call to this script in the form page:

<form method="post" action="here is the path to the cgi script">
    <input type="hidden" name="sendtoemail" value="my email is here" />
    <input type="hidden" name="redirect" value="my thank you page is here" />

leatherback · Mar 13, 2007

Hm.. Seems like you miss the point of the captcha image. You want the processing of the input to happen only after thecode submitted has been verified against the code in the capthac-session var.

One way to achieve that in your case would be to have a confirmation page in between:
You spit all the vars out to a script, which check that the captcha is correct & that all th other vars are correct. You place those in a hidden form, and ask the user to confirm (e.g., show them a table with all the details). Upon that accept you submit the form to the cgi script.

Looking for a PHP captcha script

Jjgmouton

Lleatherback

Jjgmouton

Lleatherback

Jjgmouton

AAdRock

Jjgmouton

Bbradgrafelman

Jjgmouton

Weedpacket

AAdRock

Jjgmouton

Lleatherback

AAdRock

Jjgmouton

Jjgmouton

Lleatherback

Jjgmouton

Lleatherback