Captcha with errors

Kaleidoscope

Hi! I have used the code by Simon Jarvis for the captcha but it takes two or three times to send the form. http://3dprintedsplint.com/
Can you help me, please? Thanks a lot

Regards

sneakyimp

You should start by sharing your code that is causing problems.

Kaleidoscope

sneakyimp;11049223 wrote:
You should start by sharing your code that is causing problems.

Yes, this is the code. There are two sections: before the </head> and in the <body> </body>.
Thank you for your help

<?php 
$your_email ='name@domain.com';

session_start();
$errors = '';
$name = '';
$visitor_email = '';
$telephone = '';
$payment = '';
$user_message = '';

if(isset($_POST['submit']))
{

$name = $_POST['name'];
$visitor_email = $_POST['email'];
$telephone = $_POST['telephone'];
$payment = $_POST['payment'];
$user_message = $_POST['message'];
///------------Do Validations-------------
if(empty($name)||empty($visitor_email))
{
	$errors .= "\n Name and Email are required fields. ";	
}
if(IsInjected($visitor_email))
{
	$errors .= "\n Bad email value!";
}
if(empty($_SESSION['6_letters_code'] ) ||
  strcasecmp($_SESSION['6_letters_code'], $_POST['6_letters_code']) != 0)
{
//Note: the captcha code is compared case insensitively.
//if you want case sensitive match, update the check above to
// strcmp()
	$errors .= "\n The captcha code does not match!";
}

if(empty($errors))
{
	//send the email
	$to = $your_email;
	$subject="3dprintedsplint.com - Domain For Sale, Rent or Lease";
	$from = $your_email;
	$ip = isset($_SERVER['REMOTE_ADDR']) ? $_SERVER['REMOTE_ADDR'] : '';

	$body = "A user  $name submitted the contact form:\n".
	"Name: $name\n".
	"Email: $visitor_email \n".
	"Telephone: $telephone\n".
	"Payment: $payment\n".
	"Message: \n ".
	"$user_message\n".
	"IP: $ip\n";	

	$headers = "From: $from \r\n";
	$headers .= "Reply-To: $visitor_email \r\n";

	mail($to, $subject, $body,$headers);

	header('Location: thank-you.php');
}
}

// Function to validate against any email injection attempts
function IsInjected($str)
{
  $injections = array('(\n+)',
              '(\r+)',
              '(\t+)',
              '(%0A+)',
              '(%0D+)',
              '(%08+)',
              '(%09+)'
              );
  $inject = join('|', $injections);
  $inject = "/$inject/i";
  if(preg_match($inject,$str))
    {
    return true;
  }
  else
    {
    return false;
  }
}
?>
<!DOCTYPE html>
<meta charset="utf-8">
	<title>This domain name is FOR SALE, RENT or LEASE - 3dprintedsplint.com</title>
<meta name="description" content="This domain name is FOR SALE, RENT or LEASE. 3dprintedsplint.com">
<META NAME="Robots" CONTENT="INDEX,FOLLOW">

<script language="JavaScript" src="scripts/gen_validatorv31.js" type="text/javascript"></script>	
</head>

And the body section:

<?php
if(!empty($errors)){
echo "<p class='err'>".nl2br($errors)."</p>";
}
?>
<div id='contact_form_errorloc' class='err'></div>
<form method="POST" name="contact_form" 
action="<?php echo htmlentities($_SERVER['PHP_SELF']); ?>"> 
<p>
<label for='name'>Name</label>
<input type="text" name="name" value='<?php echo htmlentities($name) ?>'>
</p>
<p>
<label for='email'>Email</label>
<input type="text" name="email" value='<?php echo htmlentities($visitor_email) ?>'>
</p>

<p>
<label for='telephone'>Telephone</label>
<input type="text" name="telephone" value='<?php echo htmlentities($telephone) ?>'>
</p>

<p>
<label for='payment'>Payment terms (select an option)</label>
 <select name="payment">
                   <option value="Buy" id="form-payment">Buy</option>
                   <option value="Rent" id="form-payment">Rent</option>
                   <option value="Lease" id="form-payment">Lease</option>
                   <option value="Make an offer" id="form-payment">Make an offer</option>
                   </select>
</p>

<p class="pmessage">
<label for='message'>Message</label> 
<textarea name="message" rows=3 cols=30><?php echo htmlentities($user_message) ?></textarea>
</p>
<p>
<img src="captcha_code_file.php?rand=<?php echo rand(); ?>" id='captchaimg' >
<label for='message'>Enter the code above here</label>
<input id="6_letters_code" name="6_letters_code" type="text"><br>
<span style="color: #333; font-size: 12px;">Can't read the image? click <a class="refresh" href='javascript: refreshCaptcha();'>here</a> to refresh</span>
</p>
<input type="submit" value="Submit" name='submit' id='submit'>
</form>
<script language="JavaScript">
var frmvalidator  = new Validator("contact_form");
//remove the following two lines if you like error message box popups
frmvalidator.EnableOnPageErrorDisplaySingleBox();
frmvalidator.EnableMsgsTogether();

frmvalidator.addValidation("name","req","Please provide your name"); 
frmvalidator.addValidation("telephone","req","Please provide your telephone"); 
frmvalidator.addValidation("email","req","Please provide your email"); 
frmvalidator.addValidation("email","email","Please enter a valid email address"); 
</script>
<script language='JavaScript' type='text/javascript'>
function refreshCaptcha()
{
	var img = document.images['captchaimg'];
	img.src = img.src.substring(0,img.src.lastIndexOf("?"))+"?rand="+Math.random()*1000;
}
</script>

sneakyimp

If this works at all, that is promising.

OK I don't see where you ever set 6_letters_code in session but I'm guessing that it happens when you put this <img> tag in your page:
<html><img src="captcha_code_file.php?rand=<?php echo rand(); ?>" id='captchaimg' > </html>

I can't see anything obviously wrong with this script except:

1) You should always exit or die after trying to redirect the user somewhere else. Change this:

header('Location: thank-you.php');

to this:

header('Location: thank-you.php');
exit;

That may or may not fix your form. It may be that the session value is getting set properly and you are entering it properly but the header redirect doesn't happen quickly enough. Without the exit command, your script will continue executing all the rest of the code in your page.

2) It's very good that you are trying to avoid email header injection with your isInjected function, but I'd recommend using [man]filter_var[/man] instead. This won't fix the captcha not working issue but it's a better check. Change this:

    if(IsInjected($visitor_email))
    {
        $errors .= "\n Bad email value!";
    }

to this:

    if(!filter_var($visitor_email, FILTER_VALIDATE_EMAIL))
    {
        $errors .= "\n Bad email value!";
    }

Kaleidoscope

It works!! Thanks a lot 🙂