Adding security question to register form

jfleck

I need help adding a simple security question to my register form. a simple 2+2=? I can't find any answers via google.

jfleck

form

<?php
/* 
Created By Adam Khoury @ www.flashbuilding.com 
-----------------------June 20, 2008----------------------- 
*/
// Set error message as blank upon arrival to page

$templateerror = "";
// First we check to see if the form has been submitted 
if (isset($_POST['vibe'])){
	//Connect to the database through our include 
	include_once "account/connect_to_mysql.php";
	// Filter the posted variables
	$vibe = preg_replace("[^A-Za-z0-9 \. \s]", "", $_POST['vibe']); // filter everything but numbers and letters
	$firstname = preg_replace("[^A-Za-z0-9 \. \s]", "", $_POST['firstname']); // filter everything but numbers and letters
	$lastname = preg_replace("[^A-Za-z0-9 \. \s]", "", $_POST['lastname']); // filter everything but numbers and letters
	$email = stripslashes($_POST['email']);
	$email = strip_tags($email);
	$email = mysql_real_escape_string($email);
	$password = preg_replace("[^A-Za-z0-9 \. \s]", "", $_POST['password']); // filter everything but numbers and letters
	$security = preg_replace("[^A-Za-z0-9 \. \s]", "", $_POST['security']); // filter everything but numbers and letters


// Check to see if the user filled all fields with
// the "Required"(*) symbol next to them in the join form
// and print out to them what they have forgotten to put in
if((!$vibe) || (!$firstname) || (!$lastname) || (!$security) || (!$email) || (!$password)){

	$templateerror = "You did not submit the following required information!
<br /><br />";
		if(!$vibe){
			$templateerror .= "--- Vibe ID";include_once 'template.php';
		} else if(!$firstname){
			$templateerror .= "--- Your First Name";include_once 'template.php';
		} else if(!$lastname){
			$templateerror .= "--- Your Last Name";include_once 'template.php';
		} else if(!$security){
			$templateerror .= "--- 2+2=?";include_once 'template.php';
	   } else if(!$email){ 
	       $templateerror .= "--- Email Address";include_once 'template.php';
	   } else if(!$password){ 
	       $templateerror .= "--- Password"; include_once 'template.php';
	   }


} else {
// Database duplicate Fields Check
$sql_vibe_check = mysql_query("SELECT id FROM members WHERE vibe='$vibe' LIMIT 1");
$sql_email_check = mysql_query("SELECT id FROM members WHERE email='$email' LIMIT 1");
$sql_security_check = mysql_query("SELECT security FROM members WHERE security='$security' LIMIT 1");
$vibe_check = mysql_num_rows($sql_vibe_check);
$email_check = mysql_num_rows($sql_email_check); 
$security_check = mysql_num_rows($sql_security_check); 
if ($vibe_check > 0){ 
	$templateerror = "<u>ERROR:</u><br />Your User Name is already in use inside our system. Please try another.";include_once 'template.php';
} else if ($email_check > 0){ 
	$templateerror = "<u>ERROR:</u><br />Your Email address is already in use inside our system. Please try another.";include_once 'template.php';
} else {
	// Add MD5 Hash to the password variable
   $hashedPass = md5($password); 
	// Add user info into the database table, claim your fields then values 
	$sql = mysql_query("INSERT INTO members (vibe, firstname, lastname, security, email, security, password, signupdate) 
	VALUES('$vibe','$firstname', '$lastname','$security','$email','$hashedPass', now())") or die (mysql_error());
	// Get the inserted ID here to use in the activation email
	$id = mysql_insert_id();
	// Create directory(folder) to hold each user files(pics, MP3s, etc.) 
	mkdir("memberFiles/$id", 0755); 
	// Start assembly of Email Member the activation link
	$to = "$email";
	// Change this to your site admin email
	$from = "noreply@sourcevibe.com";
	$subject = "Complete your registration";
	//Begin HTML Email Message where you need to change the activation URL inside
	$message = '<html>
	<body bgcolor="white">
	Hi ' . $firstname . ',
	<br /><br />
	You must complete this step to activate your Source Vibe account.
	<br /><br />
	Please click here to activate now &gt;&gt;
	<a href="http://www.sourcevibe.com/account/activation.php?id=' . $id . '">
	ACTIVATE NOW</a>
	<br /><br />
	Your Login Data is as follows: 
	<br /><br />
	E-mail Address: ' . $email . ' <br />
	Password: ' . $password . ' 
	<br /><br /> 
	Thank you! 
	</body>
	</html>';
	// end of message
	$headers = "From: $from\r\n";
	$headers .= "Content-type: text/html\r\n";
	$to = "$to";

	// Finally send the activation email to the member
	mail($to, $subject, $message, $headers);
	// Then print a message to the browser for the joiner 
	$templateerror =  "<br><br><center><font color=\"#0071BC\"><small>Thank you for joining, one last step to verify your email identity:<center><br />
	An activation link has been sent to your email: $email<br /><br />
	<strong>Please check your email inbox in a moment to click on the Activation <br />
	Link inside the message. After email activation you can log in.</smal>";include_once 'template.php';
	exit(); // Exit so the form and page does not display, just this success message
} // Close else after database duplicate field value checks
  } // Close else after missing vars check
} //Close if $_POST
?>

jfleck

Parse

<html>
<head>

<style type="text/css">
 table.c8 {width: 350px; text-align: left; margin-left: auto; margin-right: auto;}
 td.c7 {width: 297px; height: 20px; text-align: right; vertical-align: top;}
 a.c6 {font-weight:normal;}
 span.c5 {color: #0071BC; font-size:80%;}
 span.c4 {color: #0071BC; font-size:70%;}
 td.c3 {height: 20px; vertical-align: top; width: 297px; text-align: left;}
 td.c2 {width: 297px; height: 30px; text-align: right; vertical-align: top;}
 span.c1 {color: #0071BC; font-size:90%;}
</style>
</head>
<body>
<div id="joinaccountformbackdrop"><br>
<br>
<br>
<br>
<br>
<form action="join_form.php" method="post" enctype="multipart/form-data">
<table class="c8" border="0" cellpadding="0" cellspacing="0">
<tbody>
<tr>
<td class="c2"><span class="c1">Vibe ID: *    </span></td>
<td class="c3"><input name="vibe" type="text" value="" size="30" maxlength="24"></td>
</tr>
<tr>
<td class="c2"><span class="c1">First Name *</span>    </td>
<td class="c3"><input name="firstname" type="text" value="" size="30" maxlength="24"></td>
</tr>
<tr>
<td class="c2"><span class="c1">Last Name *</span>    </td>
<td class="c3"><input name="lastname" type="text" value="" size="30" maxlength="24"></td>
</tr>
<tr>
<td class="c2"><span class="c1">Email *</span>    </td>
<td class="c3"><input name="email" type="text" value="" size="30" maxlength="44"></td>
</tr>
<tr>
<td class="c2"><span class="c1">Password *</span>    </td>
<td class="c3"><input name="password" type="password" id="password" size="30" maxlength="24"></td>
</tr>
<tr>
<td class="c2"><span class="c1">2+2=? *</span>    </td>
<td class="c3"><input name="security" type="security" id="security" size="2" maxlength="2"></td>
</tr>
<tr>
<td class="c2"></td>
<td class="c3"><span class="c4">By clicking Sign up free,<br>
you agree to Source Vibe</span><br>
<a class="c6" href="http://www.sourcevibe.com/account/termsofservice.php" target="_blank"><span class="c5">terms of service and</span></a><br>
<a class="c6" href="http://www.sourcevibe.com/account/privacypolicy.php" target="_blank"><span class="c5">privacy policy</span></a><br>
<br></td>
</tr>
<tr>
<td class="c7"></td>
<td class="c3"><input type="submit" name="Submit" value="Sign up free"></td>
</tr>
</tbody>
</table>
</form>
</div>
</body>
</html>

jeepin81

try the following google searches:

1.) php form security captcha

2.) php form honeypot

I prefer the honeypot method.

HTH.

Weedpacket

Something like what you can see at the bottom of http://www.php.net/manual/add-note.php
The source code for that can be seen by requesting http://www.php.net/cached.php?f=/manual/add-note.php
The whole site is at https://github.com/php/web-php
And from the source of the above page, the file to look at is called [font=monospace]spam_challenge.php[/font].

jfleck

Okay Thanks! I like that honeypot method, I have spent the past 3 hours trying to get it to work for me...

Here is the parse with the honeypot implemented... It's not toggling 🙁 Please help

<html>
<head>

<style type="text/css">
 table.c8 {width: 350px; text-align: left; margin-left: auto; margin-right: auto;}
 td.c7 {width: 297px; height: 20px; text-align: right; vertical-align: top;}
 a.c6 {font-weight:normal;}
 span.c5 {color: #0071BC; font-size:80%;}
 span.c4 {color: #0071BC; font-size:70%;}
 td.c3 {height: 20px; vertical-align: top; width: 297px; text-align: left;}
 td.c2 {width: 297px; height: 30px; text-align: right; vertical-align: top;}
 span.c1 {color: #0071BC; font-size:90%;}
#honeypot {
visibility:hidden;
}
input:checked ~ br + #honeypot {
visibility:visible;
}
</style>
</head>
<body>
<div id="joinaccountformbackdrop"><br>
<br>
<br>
<br>
<br>
<form action="join_form.php" method="post" enctype="multipart/form-data">
<table class="c8" border="0" cellpadding="0" cellspacing="0">
<tbody>
<tr>
<td class="c2"><span class="c1">Vibe ID: *    </span></td>
<td class="c3"><input name="vibe" placeholder="Your Unique Master ID" type="text" value="" size="30" maxlength="24"></td>
</tr>
<tr>
<td class="c2"><span class="c1">First Name *</span>    </td>
<td class="c3"><input name="firstname" placeholder="John?" type="text" value="" size="30" maxlength="24"></td>
</tr>
<tr>
<td class="c2"><span class="c1">Last Name *</span>    </td>
<td class="c3"><input name="lastname" placeholder="Smith?" type="text" value="" size="30" maxlength="24"></td>
</tr>
<tr>
<td class="c2"><span class="c1">Email *</span>    </td>
<td class="c3"><input name="email" placeholder="you@youremail.com" type="text" value="" size="30" maxlength="44"></td>
</tr>
<tr>
<td class="c2"><span class="c1">Password *</span>    </td>
<td class="c3"><input name="password" placeholder="No Restrictions" type="password" id="password" size="30" maxlength="24"></td>
</tr>
<tr>
<td class="c2"><span class="c1">Security*</span></td>
<td class="c3"><input type="checkbox" id="toggle">
 <input type="text" id="honeypot" name="honeypot" placeholder="Leave Blank If Human" autocomplete="off"></td>
</tr>
<tr>
<td class="c2"></td>
<td class="c3"><span class="c4">By clicking Sign up free,<br>
you agree to Source Vibe</span><br>
<a class="c6" href="http://www.sourcevibe.com/account/termsofservice.php" target="_blank"><span class="c5">terms of service and</span></a><br>
<a class="c6" href="http://www.sourcevibe.com/account/privacypolicy.php" target="_blank"><span class="c5">privacy policy</span></a><br>
<br></td>
</tr>
<tr>
<td class="c7"></td>
<td class="c3"><input type="submit" name="Submit" value="Sign up free"></td>
</tr>
</tbody>
</table>
</form>
</div>
</body>
</html>

jfleck

Nevermind I fixed it!!! forgot the <br> The toggle works and all, now I need help implimenting the PHP

<?php
   if($_POST['honeypot'] != ''){
   die("You spammer!
   <p><a href=\"http://www.sourcevibe.com">&laquo; If you are not a spammer, leave checkbox blank</a></p>");
   }

Here is my parse

<?php
/* 
Created By Adam Khoury @ www.flashbuilding.com 
-----------------------June 20, 2008----------------------- 
*/
// Set error message as blank upon arrival to page

$templateerror = "";
// First we check to see if the form has been submitted 
if (isset($_POST['vibe'])){
	//Connect to the database through our include 
	include_once "account/connect_to_mysql.php";
	// Filter the posted variables
	$vibe = preg_replace("[^A-Za-z0-9 \. \s]", "", $_POST['vibe']); // filter everything but numbers and letters
	$firstname = preg_replace("[^A-Za-z0-9 \. \s]", "", $_POST['firstname']); // filter everything but numbers and letters
	$lastname = preg_replace("[^A-Za-z0-9 \. \s]", "", $_POST['lastname']); // filter everything but numbers and letters
	$email = stripslashes($_POST['email']);
	$email = strip_tags($email);
	$email = mysql_real_escape_string($email);
	$password = preg_replace("[^A-Za-z0-9 \. \s]", "", $_POST['password']); // filter everything but numbers and letters



// Check to see if the user filled all fields with
// the "Required"(*) symbol next to them in the join form
// and print out to them what they have forgotten to put in
if((!$vibe) || (!$firstname) || (!$lastname) || (!$email) || (!$password)){

	$templateerror = "You did not submit the following required information!
<br /><br />";
		if(!$vibe){
			$templateerror .= "--- Vibe ID";include_once 'template.php';
		} else if(!$firstname){
			$templateerror .= "--- Your First Name";include_once 'template.php';
		} else if(!$lastname){
			$templateerror .= "--- Your Last Name";include_once 'template.php';


   } else if(!$email){ 
       $templateerror .= "--- Email Address";include_once 'template.php';
   } else if(!$password){ 
       $templateerror .= "--- Password"; include_once 'template.php';
   }




} else {
// Database duplicate Fields Check
$sql_vibe_check = mysql_query("SELECT id FROM members WHERE vibe='$vibe' LIMIT 1");
$sql_email_check = mysql_query("SELECT id FROM members WHERE email='$email' LIMIT 1");
$vibe_check = mysql_num_rows($sql_vibe_check);
$email_check = mysql_num_rows($sql_email_check); 
if ($vibe_check > 0){ 
	$templateerror = "<u>ERROR:</u><br />Your User Name is already in use inside our system. Please try another.";include_once 'template.php';
} else if ($email_check > 0){ 
	$templateerror = "<u>ERROR:</u><br />Your Email address is already in use inside our system. Please try another.";include_once 'template.php';
} else {
	// Add MD5 Hash to the password variable
   $hashedPass = md5($password); 
	// Add user info into the database table, claim your fields then values 
	$sql = mysql_query("INSERT INTO members (vibe, firstname, lastname, email, password, signupdate) 
	VALUES('$vibe','$firstname', '$lastname','$email','$hashedPass', now())") or die (mysql_error());
	// Get the inserted ID here to use in the activation email
	$id = mysql_insert_id();
	// Create directory(folder) to hold each user files(pics, MP3s, etc.) 
	mkdir("memberFiles/$id", 0755); 
	// Start assembly of Email Member the activation link
	$to = "$email";
	// Change this to your site admin email
	$from = "noreply@sourcevibe.com";
	$subject = "Complete your registration";
	//Begin HTML Email Message where you need to change the activation URL inside
	$message = '<html>
	<body bgcolor="white">
	Hi ' . $firstname . ',
	<br /><br />
	You must complete this step to activate your Source Vibe account.
	<br /><br />
	Please click here to activate now &gt;&gt;
	<a href="http://www.sourcevibe.com/account/activation.php?id=' . $id . '">
	ACTIVATE NOW</a>
	<br /><br />
	Your Login Data is as follows: 
	<br /><br />
	E-mail Address: ' . $email . ' <br />
	Password: ' . $password . ' 
	<br /><br /> 
	Thank you! 
	</body>
	</html>';
	// end of message
	$headers = "From: $from\r\n";
	$headers .= "Content-type: text/html\r\n";
	$to = "$to";

	// Finally send the activation email to the member
	mail($to, $subject, $message, $headers);
	// Then print a message to the browser for the joiner 
	$templateerror =  "<br><br><center><font color=\"#0071BC\"><small>Thank you for joining, one last step to verify your email identity:<center><br />
	An activation link has been sent to your email: $email<br /><br />
	<strong>Please check your email inbox in a moment to click on the Activation <br />
	Link inside the message. After email activation you can log in.</smal>";include_once 'template.php';
	exit(); // Exit so the form and page does not display, just this success message
} // Close else after database duplicate field value checks
  } // Close else after missing vars check
} //Close if $_POST
?>