Problem with Captcha

cretam

Hi, I have inserted a captcha in my new members form to prevent hackers but the image isn't showing up even though GD is enabled.
Can someone look at my code please.

<?php
	include("Connections/conn.php"); 

  $regions = @mysql_query('SELECT id, name FROM region ORDER BY name ASC');
  if (!$regions) {
    exit('<p>Unable to obtain region list from the database.</p>');
  }

  ?>
        <td class="bodyText"><form action="login.php?do=new" method="post">              

   <p>
   <table border="0" width="100%">
    <?php
      if (isset($message_new))                                  

           echo "<tr><td colspan='2'><b>$message_new</b></td></tr>";
    ?>
    <tr><td align="right"><b>*Username</b></td>
     <td><input type="text" name="newname" 
               value="<?php echo @$newname ?>" 
               size="20" maxlength="20"></td></tr>
    <tr><td align="right"><b>*Password</b></td>
     <td><input type="password" name="newpass" 
         value="<?php echo @$newpass ?>" 
             size="10" maxlength="8"></td></tr>
    <tr><td align="right"><b>*First Name</b></td>
     <td><input type="text" name="firstName" 
             value="<?php echo @$firstName ?>"
             size="40" maxlength="40"></td></tr>
    <tr><td align="right"><b>*Last Name</b></td>
     <td><input type="text" name="lastName" 
             value="<?php echo @$lastName ?>"
             size="40" maxlength="40"></td></tr>
			  <tr><td align="right"><b>*Date of Birth</b>(dd/mm/yyyy)</td>
     <td><input type="text" name="dob" 
             value="<?php echo @$dob ?>"
             size="10" maxlength="10"></td></tr>
    <tr><td align="right"><b>*Street</b></td>
     <td><input type="text" name="street" 
             value="<?php echo @$street ?>"
             size="55" maxlength="50"></td></tr>
    <tr><td align="right"><b>*City</b></td>
     <td><input type="text" name="city" value="<?php echo @$city ?>"
             size="40" maxlength="40"></td></tr>
   <tr><td align="right"><b>*State</b></td>
     <td><input type="text" name="state" value="<?php echo @$state ?>"
             size="4" maxlength="4"></td></tr>
      <tr><td align="right"><b>*Postcode</b></td>
      <td><input type="text" name="zip" value="<?php echo @$zip ?>"
             size="4" maxsize="4"></td></tr>
    <tr><td align=right><b>*Phone</b></td>
     <td><input type="text" name="phone" value="<?php echo @$phone ?>" 
             size="15" maxlength="20"></td></tr>
        <tr><td align="right"><b>Fax</b></td>
      <td><input type="text" name="fax" value="<?php echo @$fax ?>"
             size="15" maxsize="20"></td></tr>
			 <tr><td align=right><b>Mobile</b></td>
     <td><input type="text" name="mobile" value="<?php echo @$mobile ?>"
             size="15" maxlength="15"></td></tr>
    <tr><td align=right><b>*Email Address</b></td>
     <td><input type="text" name="email" value="<?php echo @$email ?>"
             size="55" maxlength="67"></td></tr>
			  <tr><td align=right><b>Drivers Licence</b></td>
     <td><input type="text" name="driverlicence" value="<?php echo @$driverlicence ?>"
             size="20" maxlength="20"></td></tr>
			  <tr><td colspan="2"><strong></br>*Select regions you are willing to work in:</strong></tr><br><?php

  while ($region = mysql_fetch_array($regions)) {

$rid = $region['id'];

$rname = htmlspecialchars($region['name']);

echo "<tr><td colspan=\"2\"><input type='checkbox' name='regions[]' value='$rid' />$rname </td></tr>\n";
}

//remember session_start(); somewhere in the beginning of your script. 
$ImageString = rand("0", "9").rand("0", "9").rand("0", "9").rand("0", "9").rand("0", "9"); 
    $_SESSION['image_string'] = $ImageString; 
    echo "<tr><td colspan=\"2\"></br><img src=\"image.php\" alt=\"captcha bilde\" style=\"border: 1px dotted #000000;\" />&nbsp;&nbsp;Code:&nbsp;<input type=\"text\" name=\"captcha\" /></td></tr>\n";

?>


<tr><td>&nbsp;</td>
 <td align="center">
   <input type="submit" value="Become a Member"></td>
</tr>
   </table>
   </form></td>
      </tr>
    </table>

case "new":                                                 

      foreach($HTTP_POST_VARS as $key => $value)                

      {

    if (ereg("{Name)",$key))                                
    {
     if (!ereg("^[A-Za-z' -]{1,50}$",$key)) 
     {
       unset($do);
       $message_new = "$lastName is not a valid name. 
                        Please try again.";
       include("new_member.php");
       exit();
     }
    }
    $$key = strip_tags(trim($value));                       
  }
  if (!ereg("^([0-9]{4,5})$", $zip))            
  {
    unset($do);
    $message_new = "$zip is not a valid zip code. 
                    Please try again.";
    include("new_member.php");
    exit();
  }
  if (!ereg("^[0-9)(xX -]{7,20}$",$phone))                  
  {
    unset($do);
    $message_new = "$phone is not a valid phone number. 
                    Please try again.";
    include("new_member.php");
    exit();
  }
  if ($fax != "")                                          
  {
    if (!ereg("^[0-9)(xX -]{7,20}$",$fax)) 
    {
      unset($do);
      $message_new = "$fax is not a valid phone number. 
                       Please try again.";
      include("new_member.php");
      exit();
    }
  }
  if (!ereg("^.+@.+\\..+$",$email))                       
  {
    unset($do);
    $message_new = "$email is not a valid email address. 
                     Please try again.";
    include("new_member.php");
    exit();
  }
  if (empty($regions)) {
$message_new = "You must select a region. 
                       Please try again.";
      include("new_member.php");
      exit();
    }

  /* check to see if login name already exists */

  $sql = "SELECT loginName FROM member 
            WHERE loginName='$newname'";
  $result = mysql_query($sql)
            or die("Couldn't execute query.");
  $num = mysql_numrows($result);
  if ($num > 0)                                           
  {
    unset($do);
    $message_new = "$newname already used. Select another 
                     member ID.";
    include("new_member.php");
    exit();
  }
  else                                                    
  {   
    $today = time("Y-m-d");
    $sql = "INSERT INTO member (loginName,createDate,password,
              firstName,lastName,dob,street,city,state,zip,phone,
              fax,email,driverlicence) VALUES
            ('$newname','$today',password('$newpass'),
             '$firstName', '$lastName','$dob','$street','$city','$state',
             '$zip','$phone','$fax','$email','$driverlicence')";
	 mysql_query($sql); 
    $auth="yes";                                          
    $logname = $newname; 		 



   if (isset($_POST['regions'])) {
    $regions = $_POST['regions'];
  } else {
    $regions = array();
  }

  $numRegions = 0;
  foreach ($regions as $regionID) {

$sql = "INSERT IGNORE INTO memberregion
        SET memberloginName='$newname', regionid='$regionID'";
$ok = @mysql_query($sql);
if ($ok) {
  $numRegions = $numRegions + 1;
} else {
  echo "<p>Error inserting contact into region $regionID: " .
      mysql_error() . '</p>';
}
  }		
	if ($_POST['captcha']==$_SESSION['image_string']) //send mail 
	else echo "Code does not match, please try again"; 




    /* send email to new member */                        
    $emess1="A new Member Account has been setup for you. ";
    $emess2="Your new Member ID and password for the Skills Database are: ";
    $emess3="\n\n\t$newname\n\t$newpass\n\n";
    $emess4="We appreciate your interest in the Aboriginal NRM Skills Register ";
    $emess5="at www.aboriginalnrm.com.au\n\n";
    $emess6="If you have any questions or problems, email ";
    $emess7="new.david@saugov.sa.gov.au\r\n";
    $emess = 
       $emess1.$emess2.$emess3.$emess4.$emess5.$emess6.$emess7;
    $ehead="From: new.david@saugov.sa.gov.au\r\n";          
    $subject = "Your new Member Account from Aboriginal NRM";
    $mailsend=mail("$email","$subject","$emess","$ehead");
    header("Location: first_time.php");                   
  }
break;

image.php

<?php 
header("Content-type: image/gif"); 
session_start(); 
$CAPTCHA = @imagecreate(50, 20)or die("There was a problem creating the Image string"); 
$bgcolor = imagecolorallocate($CAPTCHA, 255, 255, 255); 
$textcolor = imagecolorallocate($CAPTCHA, 0, 0, 0); 
imagestring($CAPTCHA, 4, 5, 5,  $_SESSION['image_string'], $textcolor); 
imagegif($CAPTCHA); 
imagedestroy($CAPTCHA); 
?>

Hope someone can tell me why it's not showing up.

big_nerd

I am too tired to look trhough the rest of it, but your image.php code seems to be right, I did this:

<?php 
header("Content-type: image/gif"); 
$istr = "lakssadfasd";
$CAPTCHA = @imagecreate(70, 20)or die("There was a problem creating the Image string"); 
$bgcolor = imagecolorallocate($CAPTCHA, 125, 255, 255); 
$textcolor = imagecolorallocate($CAPTCHA, 0, 0, 0); 
imagestring($CAPTCHA, 4, 5, 5,  $istr, $textcolor); 
imagegif($CAPTCHA); 
imagedestroy($CAPTCHA); 
?>

I changed the BG Color to see it clearer. It is showing up as a GIF on my end.

I hope this helps to narrow it down.

NogDog

I ran your image.php file locally (adding a couple lines to set the $_SESSION['image_string'] value for testing), and it seemed to work OK. However, looking back at your code again, I do not see a session_start() in your form page where you set that value, so perhaps that is the problem?

cretam

Hi,
Thanks for your help on this but after some googling I have decided not to use captcha. Think it is best if an email is sent with link for user to click on to verify is actual user.
Cheers