I have a form that collects input (name, email address, a few other fields). All we do with the input is send it via the mail() function to someone at an organization for processing. We also use the collected email address to send a thank you note -- mail() function again -- to the person who submitted info.
We've been super duper spammed through this form and so decided to implement a CAPTCHA script. I'm wondering if we have done this in the best way:
1) Visitor fills out form and clicks a "next" button
2) Input is passed to a second form in the same script with input stored in hidden form fields. The second form does the CAPTCHA image verification.
3) Clicking submit on this second form calls up a new php script that checks that the image verification info was correct. If incorrect, person is given another chance to verify the image with input still stored in hidden fields. If so -- emailing happens.
I'm using an open source script called Gotcha!.
Does breaking this out over two forms cause any problems? Is there a more secure way to set this up? Appreciate any insight! Thanks!
