[RESOLVED] gdform.php & captcha

chanceibmny

Hi guys,

Having finally chosen one form to go with, I'm having some issues still... I went to Securimage.com to install captcha into my form.htm and gdform.php. The Captcha comes up just fine, refreshes the catpcha image without having to reload the page, and everything seems to be working fine, but even if you put in the wrong Captcha information, it sends it through no problem. I figure I put the code for Captcha to check that the input was correct wrong in the gdform.php file...

<?php session_start(); ?>
<?php
	$request_method = $_SERVER["REQUEST_METHOD"];
	if($request_method == "GET")
	{
		$query_vars = $_GET;
	} 
	elseif ($request_method == "POST")
	{
		$query_vars = $_POST;
	}

reset($query_vars);
$t = date("U");
$file = $_SERVER['DOCUMENT_ROOT'] . "\ssfm\gdform_" . $t;
$fp = fopen($file,"w");

while (list ($key, $val) = each ($query_vars)) 
{
	fputs($fp,"<GDFORM_VARIABLE NAME=$key START>\r\n"); 
	fputs($fp,"$val\r\n");
	fputs($fp,"<GDFORM_VARIABLE NAME=$key END>\r\n");
	if ($key == "redirect") 
	{ 
		$landing_page = $val;
	}
}

fclose($fp);

if ($landing_page != "")
{
	header("Location: http://".$_SERVER["HTTP_HOST"]."/$landing_page");
} 
else 
{
	header("Location: http://".$_SERVER["HTTP_HOST"]."/");
}
include_once $_SERVER['DOCUMENT_ROOT'] . '/securimage/securimage.php';
$securimage = new Securimage();
if ($securimage->check($_GET['captcha_code']) == false) {
// the code was incorrect
// handle the error accordingly with your other error checking

// or you can do something really basic like this
die('The code you entered was incorrect.  Go back and try again.');
}
?>

I thought I followed the directions from this site correctly, but I'm figuring somewhere at the bottom of the code starting with "include_once $_SERVER...." is where I put the code in improperly. This page is where my form and captcha image are. If someone could to please take a look and point out what I'm doing wrong, I'd greatly appreciate it. If you go to the page with the form, ignore the other content, just place holders until I get the form working properly ^. In my emails, I do see what Captcha information they entered, if any at all, but it's just not stopping them from submitting if they entered incorrectly.

Thanks,

Chance

jwagner

The reason it does not work is because you are redirecting the user to another page before even checking the CAPTCHA code.

chanceibmny

jwagner;10924469 wrote:
The reason it does not work is because you are redirecting the user to another page before even checking the CAPTCHA code.

Ok, so what I need to do then is move the

include_once $_SERVER['DOCUMENT_ROOT'] . '/securimage/securimage.php';
	$securimage = new Securimage();
	if ($securimage->check($_GET['captcha_code']) == false) {
  	// the code was incorrect
  	// handle the error accordingly with your other error checking

// or you can do something really basic like this
die('The code you entered was incorrect.  Go back and try again.');
}

Towards the top of the script? Or at least above

fclose($fp);

if ($landing_page != "")
{
	header("Location: http://".$_SERVER["HTTP_HOST"]."/$landing_page");
} 
else 
{
	header("Location: http://".$_SERVER["HTTP_HOST"]."/");
}

correct?

jwagner

I guess.

The best way to know is to try it...

chanceibmny

Alrighty, I tried like you said, putting the validation code above the landing page... got a bunch of errors about the file path of the /securimage.php etc... ended up figuring out that while I had uploaded the securimage folder to /testing directory, it wasn't in my root "/" directory which caused it to fail and cause errors. My only problem now, is that no matter what code you put in, correct or false, you get to the error page of

"The code you entered was incorrect. Go back and try again."

Here is the new gdform.php file to show changes for having the validation to the top of the form instead of after the redirect:

<?php session_start();
	$request_method = $_SERVER["REQUEST_METHOD"];
	if($request_method == "GET")
	{
		$query_vars = $_GET;
	} 
	elseif ($request_method == "POST")
	{
		$query_vars = $_POST;
	}

reset($query_vars);
$t = date("U");
$file = $_SERVER['DOCUMENT_ROOT'] . "\ssfm\gdform_" . $t;
$fp = fopen($file,"w");

include_once $_SERVER['DOCUMENT_ROOT'] . '/securimage/securimage.php';
$securimage = new Securimage();

if ($securimage->check($_GET['captcha_code']) == false) {
// the code was incorrect
// handle the error accordingly with your other error checking

// or you can do something really basic like this
die('The code you entered was incorrect.  Go back and try again.');
}

while (list ($key, $val) = each ($query_vars)) 
{
	fputs($fp,"<GDFORM_VARIABLE NAME=$key START>\r\n"); 
	fputs($fp,"$val\r\n");
	fputs($fp,"<GDFORM_VARIABLE NAME=$key END>\r\n");
	if ($key == "redirect") 
	{ 
		$landing_page = $val;
	}
}

fclose($fp);

if ($landing_page != "")
{
	header("Location: http://".$_SERVER["HTTP_HOST"]."/$landing_page");
} 
else 
{
	header("Location: http://".$_SERVER["HTTP_HOST"]."/");
}
?>

Now to just figure out how to make the validator realize that the captcha code entered was correct? Thanks! http://testing.lift4ullc.com/index2.htm is the site where you can see what I mean.

jwagner

Can I see the HTML you use to generate your form? Seems to me like your CAPTCHA is not a GET but a POST

chanceibmny

<form method="post" id="contactform" action="gdform2.php" onsubmit="return formCheck(this);">
<div>
<p>All required fields are denoted by an asterix (<span class="required style4">*</span>).</p>
<fieldset>
<legend>Your Details</legend>
<label for="contact_name">Your Name <span class="required style4">*</span></label>
<br />
<input type="text" id="contact_name" name="Name" size="30" />
<br />
<label for="contact_email">Your Email <span class="required style4">*</span></label>
<br />
<input type="text" id="contact_email" name="E-Mail" size="30" />
<br />
<label for="contact_phone">Your Telephone Number <span class="required style4">*</span></label>
<br />
<input type="text" id="contact_phone" name="Phone" size="30" />
<br />
<label for="best_time">Best time to contact you</label>
<br />
<select id="best_time" name="best_time">
<option value="">Choose a time</option>
<option value="Morning">Morning 8a-11a</option>
<option value="Afternoon">Afternoon 12p-5p</option>
<option value="Evening">Evening 5p-9p</option>
</select>
</fieldset>
<fieldset>
<legend>Your Comment</legend>
<label for="contact_comment">Comment Text</label>
<br />
<textarea name="comment" cols="35" rows="5" id="contact_comment"></textarea>
</fieldset>
<img id="captcha" src="/securimage/securimage_show.php" alt="CAPTCHA Image" />
<input type="text" name="captcha_code" size="8" maxlength="6" />
<a href="#" onclick="document.getElementById('captcha').src = '/securimage/securimage_show.php?' + Math.random(); return false">Reload Image</a>
<br />
<input type="hidden" name="sendcontact" value="Contact Sent" />
<input type="submit" value="Send Email" />
</div>
</form>

There's the HTML.

Thank you for helping me with this, jwagner

chanceibmny

I think I have it working now... going by the <form method="post"... you were right, it was post and I looked in my gdform.php file, and noticed I had it set as $GET so changed that to $POST. Now, if I enter the wrong information, I get the landing page of "You have entered the incorrect code, please try again" and created a thankyou.php file for on success. I'd love to learn how to get a pop-up box for on successful submission, kinda like how using the javascript if they do not enter a required field, it asks you to fill those in, but my brain is about fried from the last 3 days of struggling with this lol. Thank you very much for the help jwagner, and pointing out those newbie mistakes.

Hopefully, one day I'll be able to just write all my own code and know enough not to run into these problems ;-)

Here is the final code of the 3 pages I'm using (index2.htm, gdform2.php, and thankyou.php). If you get some time, please look over them to make sure I did not mess up in fixing it...thanks!!

Index2.htm (everything from <form> to </form>)

<form method="post" id="contactform" action="gdform2.php" onsubmit="return formCheck(this);">
<div>
<p>All required fields are denoted by an asterix (<span class="required style4">*</span>).</p>
<fieldset>
<legend>Your Details</legend>
<label for="contact_name">Your Name <span class="required style4">*</span></label>
<br />
<input type="text" id="contact_name" name="Name" size="30" />
<br />
<label for="contact_email">Your Email <span class="required style4">*</span></label>
<br />
<input type="text" id="contact_email" name="E-Mail" size="30" />
<br />
<label for="contact_phone">Your Telephone Number <span class="required style4">*</span></label>
<br />
<input type="text" id="contact_phone" name="Phone" size="30" />
<br />
<label for="best_time">Best time to contact you</label>
<br />
<select id="best_time" name="best_time">
<option value="">Choose a time</option>
<option value="Morning">Morning 8a-11a</option>
<option value="Afternoon">Afternoon 12p-5p</option>
<option value="Evening">Evening 5p-9p</option>
</select>
</fieldset>
<fieldset>
<legend>Your Comment</legend>
<label for="contact_comment">Comment Text</label>
<br />
<textarea name="comment" cols="35" rows="5" id="contact_comment"></textarea>
</fieldset>
<img id="captcha" src="/securimage/securimage_show.php" alt="CAPTCHA Image" />
<input type="text" name="captcha_code" size="8" maxlength="6" />
<a href="#" onclick="document.getElementById('captcha').src = '/securimage/securimage_show.php?' + Math.random(); return false">Reload Image</a>
<br />
<input type="hidden" name="sendcontact" value="Contact Sent" />
<input type="hidden" name="redirect" value="thankyou.php" />
<input type="submit" value="Send Email" />
</div>
</form>

gdform2.php

<?php session_start();
	$request_method = $_SERVER["REQUEST_METHOD"];
	if($request_method == "GET")
	{
		$query_vars = $_GET;
	} 
	elseif ($request_method == "POST")
	{
		$query_vars = $_POST;
	}

reset($query_vars);
$t = date("U");
$file = $_SERVER['DOCUMENT_ROOT'] . "\ssfm\gdform_" . $t;
$fp = fopen($file,"w");

include_once $_SERVER['DOCUMENT_ROOT'] . '/securimage/securimage.php';
$securimage = new Securimage();

if ($securimage->check($_POST['captcha_code']) == false) {
// the code was incorrect
// handle the error accordingly with your other error checking

// or you can do something really basic like this
die('The code you entered was incorrect.  Go back and try again.');
}

while (list ($key, $val) = each ($query_vars)) 
{
	fputs($fp,"<GDFORM_VARIABLE NAME=$key START>\r\n"); 
	fputs($fp,"$val\r\n");
	fputs($fp,"<GDFORM_VARIABLE NAME=$key END>\r\n");
	if ($key == "redirect") 
	{ 
		$landing_page = $val;
	}
}

fclose($fp);

if ($landing_page != "")
{
	header("Location: http://".$_SERVER["HTTP_HOST"]."/$landing_page");
} 
else 
{
	header("Location: http://".$_SERVER["HTTP_HOST"]."/");
}
?>

thankyou.php

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Untitled Document</title>
</head>
<body>
<?php
echo"Thank you for your submission! We will be in touch soon. Please click your browser's Back button to return to the website.".$_GET['number']."|";
?>
</body>
</html>

jwagner

I'm glad you got it working in the end. You should mark this thread as "resolved" by using the "thread tools" in the top right part of this page.

Now, as to the JavaScript, I see that you already have placed
onsubmit="return formCheck(this);
in your <form> tag, so I guess you already got something going. Right?

In order to just display a plain alert box, you can use something like this:

function formCheck( )
{
    valid = true;

if ( document.contactform.whatever.value == "" )
{
    alert ( "Please fill in whatever...." );
    valid = false;
}

return valid;
}

chanceibmny

Yes, I got the JavaScript from another web site about making certain fields required. Mainly the Name, E-Mail, and Phone fields.

With that code, I would just insert it between my already existing <script> </script> fields? Heh, sorry again for newbieness, I honestly don't know JavaScript that well either (although better than PHP). Mainly, just a box to pop up so that if they entered all of the required fields, AND filled out the Captcha correctly, the box would pop up saying something like "Thank you for your submission" or "Form submitted!" but if they forgot a field the box would pop up like it does now, asking them to "Please fill in whatever....". If they filled in the required fields correctly, yet did not fill in the Captcha correctly, it will still redirect them to the "you have entered the Captca incorrectly, please go back and try again".

I suppose this is a little difficult. Please let me know if I need to explain better, or make a new thread ^. Thanks again for all your help!

jwagner

It's not difficult, but if you know any JavaScript it's a piece of cake. I have basically given you the code for it, but of course, in order to implement it you got to know a bit what you are doing.

chanceibmny

I'm pretty sure I know how, or at least can figure it out easily enough, I just wasn't sure I could have two boxes pop up like that ;-) I've done very little JS, mostly for the images on my live site, to make them rotate out etc without the heavy client side loading that it would take with html etc etc. I'll definately play with it though, thank you for that bit!

jjames99

Chanceibmny, I know this is an old thread but how did you get the JS to verify that the required fields were entered before the Captcha verification took place and either failed or redirected to your thankyou page?