|
PHP - One Part Of Script Gets Through Captcha
Hi I have a script below which I have put together from a couple of other scripts which simply adds an email address to a database for a newsletter and sends an email to the owner and to the user it then shows a success page.
The script checks that the email is valid and there is also a captcha. The script works in that it only send out the emails if the captcha etc is entered correctly but the email is being added to the database regardless of whether the capture is correct or not. I was proud of myself for getting this far but would love some instruction on what I have missed and how to stop the email adding to the database unless it has passed the captcha. Below you will see the script. The commented out sections are parts of the old script I don't use. <?php require('includes/application_top.php'); require(DIR_WS_LANGUAGES . $language . '/' . FILENAME_TESTING); $error = false; if (isset($HTTP_GET_VARS['action']) && ($HTTP_GET_VARS['action'] == 'send')) { //$name = tep_db_prepare_input($HTTP_POST_VARS['name']); $email_address = tep_db_prepare_input($HTTP_POST_VARS['email']); //$enquiry = tep_db_prepare_input($HTTP_POST_VARS['enquiry']); if (tep_validate_email($email_address) == false) { $error = true; $messageStack->add('testing', ENTRY_EMAIL_ADDRESS_CHECK_ERROR); } //CAPTHCA CODE start require(DIR_WS_FUNCTIONS . 'capcha_code.php'); $code_query = tep_db_query("select code from capcha_code where oscsid = '" . tep_session_id($HTTP_GET_VARS[tep_session_name()]) . "'"); $code_array = tep_db_fetch_array($code_query); $code = $code_array['code']; tep_db_query("DELETE FROM " . TABLE_CAPCTHA_CODE . " WHERE oscsid='" . $vvcode_oscsid . "'"); //remove the visual verify code associated with this session to clean database and ensure new results $user_entered_code = $HTTP_POST_VARS['capcha_code']; if (!(strcasecmp($user_entered_code, $code) == 0)) { //make the check case insensitive $error = true; $messageStack->add('testing', CAPCTHA_CODE_ENTRY_ERROR); } //CAPTHCA CODE stop /* testing sign up start */ if (isset($HTTP_POST_VARS['testing_sign_up'])) { $testing_query = tep_db_query("select testing_id_number from " . TABLE_TESTING_SIGN_UP . " where testing_email_address = '" . tep_db_input($email_address) . "'"); if(tep_db_num_rows($testing_query) == 0) { $sql_data_array = array('testing_email_address' => $email_address, 'testing_firstname' => "", 'testing_lastname' => ""); tep_db_perform(TABLE_TESTING_SIGN_UP, $sql_data_array); } } /* testing sign up end */ if ($error == false) { tep_mail(STORE_OWNER, STORE_OWNER_EMAIL_ADDRESS, EMAIL_SUBJECT, $email_address,STORE_OWNER_EMAIL_ADDRESS); tep_mail(MESSAGE_TEXT, $email_address, CUSTOMER_SUBJECT, NUMBER_ONE, STORE_OWNER_EMAIL_ADDRESS); tep_redirect(tep_href_link(FILENAME_TESTING, 'action=success')); } } $breadcrumb->add(NAVBAR_TITLE, tep_href_link(FILENAME_TESTING)); ?> <!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN"> <html <?php echo HTML_PARAMS; ?>> <head> <meta http-equiv="Content-Type" content="text/html; charset=<?php echo CHARSET; ?>"> <title><?php echo TITLE; ?></title> <base href="<?php echo (($request_type == 'SSL') ? HTTPS_SERVER : HTTP_SERVER) . DIR_WS_CATALOG; ?>"> <link rel="stylesheet" type="text/css" href="stylesheet.css"> </head> <body marginwidth="0" marginheight="0" topmargin="0" bottommargin="0" leftmargin="0" rightmargin="0"> <!-- header //--> <?php require(DIR_WS_INCLUDES . 'header.php'); ?> <!-- header_eof //--> <!-- body //--> <table border="0" width="100%" cellspacing="3" cellpadding="3"> <tr> <td width="<?php echo BOX_WIDTH; ?>" valign="top"><table border="0" width="<?php echo BOX_WIDTH; ?>" cellspacing="0" cellpadding="2"> <!-- left_navigation //--> <?php require(DIR_WS_INCLUDES . 'column_left.php'); ?> <!-- left_navigation_eof //--> </table></td><!-- body_text //--> <td width="100%" valign="top"><?php echo tep_draw_form('testing', tep_href_link(FILENAME_TESTING, 'action=send')); ?><table border="0" width="100%" cellspacing="0" cellpadding="0"> <tr> <td><table border="0" width="100%" cellspacing="0" cellpadding="0"> <tr> <td class="pageHeading"><?php echo HEADING_TITLE; ?></td><td class="pageHeading" align="right"><?php echo tep_image(DIR_WS_IMAGES . 'table_background_contact_us.gif', HEADING_TITLE, HEADING_IMAGE_WIDTH, HEADING_IMAGE_HEIGHT); ?></td></tr> </table> </td></tr><td class="main"><?php echo INFORMATION_TEXT; ?></td> <tr> <td><?php echo tep_draw_separator('pixel_trans.gif', '100%', '10'); ?></td></tr> <?php if ($messageStack->size('testing') > 0) { ?> <tr> <td><?php echo $messageStack->output('testing'); ?></td> </tr> <tr> <td><?php echo tep_draw_separator('pixel_trans.gif', '100%', '10'); ?></td> </tr> <?php } if (isset($HTTP_GET_VARS['action']) && ($HTTP_GET_VARS['action'] == 'success')) { ?> <tr> <td class="main" align="left"><?php echo tep_image(DIR_WS_IMAGES . 'clever.gif', HEADING_TITLE, '0', '0', 'align="left"') . TEXT_COMPLETE; ?></td> </tr> <tr> <td><?php echo tep_draw_separator('pixel_trans.gif', '100%', '10'); ?></td> </tr> <tr> <td><table border="0" width="100%" cellspacing="1" cellpadding="2" class="infoBox"> <tr class="infoBoxContents"> <td><table border="0" width="100%" cellspacing="0" cellpadding="2"> <tr> <td width="10"><?php echo tep_draw_separator('pixel_trans.gif', '10', '1'); ?></td> <td align="right"><?php echo '<a href="' . tep_href_link(FILENAME_DEFAULT) . '">' . tep_image_button('button_continue.gif', IMAGE_BUTTON_CONTINUE) . '</a>'; ?></td> <td width="10"><?php echo tep_draw_separator('pixel_trans.gif', '10', '1'); ?></td> </tr> </table></td> </tr> </table></td> </tr> <?php } else { ?> <tr> <td><table border="0" width="100%" cellspacing="1" cellpadding="2" class="infoBox"> <tr class="infoBoxContents"> <td><table border="0" width="100%" cellspacing="0" cellpadding="2" > <!--<tr> <td class="main"><?php echo ENTRY_NAME; ?></td> </tr> <tr> <td class="main"><?php echo tep_draw_input_field('name'); ?></td> </tr>//--> <tr><td class="main"><?php echo INSTRUCTIONS_TEXT; ?></td></tr> <tr> <td class="main"><?php echo ENTRY_EMAIL; ?> <?php echo tep_draw_input_field('email'); ?></td> </tr> <tr> <td><?php echo tep_draw_separator('pixel_trans.gif', '100%', '10'); ?></td> </tr> <!--<tr> <td class="main"><?php echo ENTRY_ENQUIRY; ?></td> </tr> <tr> <td><?php echo tep_draw_textarea_field('enquiry', 'soft', 50, 15, $infotext); ?></td> </tr>//--> <!-- CAPTHCA CODE-- START--> <tr> <td class="main"><?php echo CAPCTHA_CODE_CATEGORY; ?></td> </tr> <tr> <td><table border="0" width="100%" cellspacing="1" cellpadding="2" class="infoBox"> <tr class="infoBoxContents"> <td><table border="0" cellspacing="2" cellpadding="2"> <tr> <td class="main"><?php echo CAPCTHA_CODE_TEXT_INSTRUCTIONS; ?></td> <td class="main"> <?php // ----- begin garbage collection -------- tep_db_query("DELETE FROM " . TABLE_CAPCTHA_CODE . " WHERE dt < DATE_SUB(NOW(), INTERVAL 5 HOUR)"); // ----- end garbage collection -------- //can replace the following loop with $capcha_code = substr(str_shuffle (CAPCTHA_CODE_CHARACTER_POOL), 0, rand(3,4)); if you have PHP 4.3 $capcha_code = ""; for ($i = 1; $i <= rand(3,4); $i++){ $capcha_code = $capcha_code . substr(CAPCTHA_CODE_CHARACTER_POOL, rand(0, strlen(CAPCTHA_CODE_CHARACTER_POOL)-1), 1); } $vvcode_oscsid = tep_session_id($HTTP_GET_VARS[tep_session_name()]); tep_db_query("DELETE FROM " . TABLE_CAPCTHA_CODE . " WHERE oscsid='" . $vvcode_oscsid . "'"); $sql_data_array = array('oscsid' => $vvcode_oscsid, 'code' => $capcha_code); tep_db_perform(TABLE_CAPCTHA_CODE, $sql_data_array); $capcha_code = ""; echo('<img src="' . FILENAME_CAPCTHA_CODE_DISPLAY . '?vvc=' . $vvcode_oscsid . '"'); ?> </td> <td class="main"><?php echo CAPCTHA_CODE_BOX_IDENTIFIER; ?></td> <td class="main"><?php echo tep_draw_input_field('capcha_code'); ?></td> </tr> </table></td> </tr> </table></td> </tr> <!-- testing sign up start//--> <TD WIDTH="100%"> <tr> <td class="main" align="right"><?php echo ENTRY_TESTING_SIGN_UP; ?> <?php echo tep_draw_checkbox_field('testing_sign_up', '1', true); ?> </td></tr> <!--testing sign up end //--> <!-- CAPTHCA CODE-- STOP --> <td width="10"><?php echo tep_draw_separator('pixel_trans.gif', '10', '1'); ?></td> </table></td> </tr> </table></td> </tr> <tr> <td><?php echo tep_draw_separator('pixel_trans.gif', '100%', '10'); ?></td> </tr> <tr> <td><table border="0" width="100%" cellspacing="1" cellpadding="2" class="infoBox"> <tr class="infoBoxContents"> <td><table border="0" width="100%" cellspacing="0" cellpadding="2"> <tr> <td width="10"><?php echo tep_draw_separator('pixel_trans.gif', '10', '1'); ?></td> <td align="right"><?php echo tep_image_submit('button_continue.gif', IMAGE_BUTTON_CONTINUE); ?></td> <td width="10"><?php echo tep_draw_separator('pixel_trans.gif', '10', '1'); ?></td> </tr> </table></td> </tr> </table></td> </tr> <?php } ?> </table></form></td> <!-- body_text_eof //--> <td width="<?php echo BOX_WIDTH; ?>" valign="top"><table border="0" width="<?php echo BOX_WIDTH; ?>" cellspacing="0" cellpadding="2"> <!-- right_navigation //--> <?php require(DIR_WS_INCLUDES . 'column_right.php'); ?> <!-- right_navigation_eof //--> </table></td> </tr> </table> <!-- body_eof //--> <!-- footer //--> <?php require(DIR_WS_INCLUDES . 'footer.php'); ?> <!-- footer_eof //--> <br> </body> </html> <?php require(DIR_WS_INCLUDES . 'application_bottom.php'); ?> Similar TutorialsThis is my first captcha script...it has 2 files, check.php and insert.php It works fine but I would like to hear your opinion what can I do to make it better? Is there any way that I can add random images ? Here is insert.php Code: [Select] <html> <body> <form action="check.php" method="post"> <img src="captcha.jpg"/> Insert captcha: <input type="text" name="cap"/> <input type="submit" value="submit"/> </form> </body> </html> here is check.php Code: [Select] <html> <body> <?php $cap= "flirc"; if ($_POST["cap"]==$cap) echo "Captcha is right!"; else echo " Captcha is wrong! "; ?> </body> </html>It is pretty basic, I know You can see it in action here My website is being overrun with spam and I am trying to install a php captcha script. I have installed php 5 on my website askthephysicist.com which is hosted on a 1&1 Windows server, but I think the problem is that I do not know where to point my script to find the lib. I have very little fluency with any scripting languages. Anyhow, the beginning of the script reads: <?php require 'CaptchasDotNet.php'; // Required Parameters // Replace the values you receive upon registration at http://captchas.net. // // client: 'demo' // // secret: 'secret' // and when I run it I get the message: Fatal error: require(): Failed opening required 'CaptchasDotNet.php' (include_path='.:/usr/lib/php5.5') in /homepages/29/d191906528/htdocs/askthephysicist/query.php on line 4 The whole code may be found at http://captchas.net/sample/php/ if that is helpful, but the error occurs with the first statement require 'CaptchasDotNet.php'; Hi guys, i found simple php script which allow all visitors of my web site to create free email address thru my webmail service (like yahoo,hotmail,gmail,etc) and it works great, but in last month stupid bots created lots of funny user accounts and sending SPAM emails Signup script is one file (signup.php) doing all the stuff i need (registration form,lost passwords form,etc). Now i want to put captcha code into signup.php to have captcha image cheking to prevent bots from creating more user accounts ... i`m not a php programer but i know how to change some things, but not all Signup scripts is free, so i will post it here that you can help me with this (it does not have my mysql and other information,because of security issue) - i will be happy if some of you guys put all the code i need for captcha to work with signup.php script Here is the signup.php script: Code: [Select] <?php // HMailServer New user signup Script Configuration $dbhost = "localhost"; // host of the MySQL database $dbuser = "root"; // Database username $dbpassword = ""; // Your database password $dbname = "hmail"; // the name of the database that has the hmailserver tables $webmailurl = "http://www.yurdomainname.com/webmail/login.php"; // The url to login in the webbased mail system $quota = "50"; // The mailbox free space if (strlen($_POST["pas1"]) <= 4 && IsSet($_POST["pas1"])) { $error .= "<centeR>Error: Your password must be longer than 4 characters</center>"; } else if ($_POST["pas1"] == "12345" && IsSet($_POST["pas1"])) { $error .= "<centeR>Error: Too simple password</center>"; } // Get the action if (IsSet($_POST["action"])) { $action = $_POST["action"]; } else { $action = $_GET["action"]; } // A function to check addresses, probably i will have to use it later. function normalmail($visitormail) { if(!$visitormail == "" && (!strstr($visitormail,"@") || !strstr($visitormail,"."))) { return FALSE; } else { return TRUE; } } // If there is no action, open the page for a new registration if (!IsSet($action)) { // Load the domain names and their ids into a variable $db = mysql_connect($dbhost, $dbuser, $dbpassword); mysql_select_db($dbname); $result = mysql_query("SELECT * FROM hm_domains WHERE domainactive = '1' ", $db); $domains = "<select name=\"domain\">"; while ($row = mysql_fetch_array($result)) { $domainid = $row['domainid']; $domainname = $row['domainname']; $domains .= "\n<option value=\"$domainid\">$domainname</option>"; } $domains .= "\n</select>"; mysql_close(); echo " <center><b>Open a new E-Mail Account</b> <p> (*) fields are reguired.<br> <form action=\"\" name=\"registration\" method=\"post\"> <table border=\"0\"> <tr> <td>* Username: <td><input type=\"text\" name=\"username\">@<td>$domains<tr> <td>* First name: <td><input type=\"text\" name=\"firstname\"><td><tr> <td>* Last name: <td><input type=\"text\" name=\"lastname\"><td><tr> <td>* Password: <td><input type=\"password\" name=\"pas1\"><Td><tr> <td>* Password again: <td><input type=\"password\" name=\"pas2\"><Td><tr> <td>Old email Address: <td><input type=\"text\" name=\"oldmail\"><td>(in case you forgot your password)<tr> <td>* Secret question: <td><input type=\"text\" name=\"squestion\"><td><tr> <td>* Secret answe <td><input type=\"text\" name=\"sanswere\"><td><tr> <td><td> <input type=\"hidden\" name=\"action\" value=\"register\"> <input type=\"Submit\" value=\"Signup\"><td><tr></td></tr></table></table> "; } else if ($action == "register") { // Load the variables from the posting $domainid = $_POST["domain"]; $username = $_POST["username"]; $pas1 = $_POST["pas1"]; $pas2 = $_POST["pas2"]; $firstname = $_POST["firstname"]; $lastname = $_POST["lastname"]; $squestion = $_POST["squestion"]; $sanswere = $_POST["sanswere"]; $oldmail = $_POST["oldmail"]; // Do all the checks if ($oldmail != NULL && normalmail($oldmail) == FALSE) { $error .= "Error: Please enter a valid email address\n<br>"; } if ($squestion == NULL) { $error .= "Error: You have to enter your secret question\n<br>"; } if ($sanswere == NULL) { $error .= "Error: You have to enter your secret aswere\n<br>"; } if ($username == NULL) { $error .= "Error: You have to enter your desired username\n<br>"; } if ($domainid == NULL) { $error .= "Error: You have to choose a domain\n<Br>"; } if ($pas1 == NULL) { $error .= "Error: You have to enter your password\n<Br>"; } if ($pas1 != $pas2) { $error .= "Error: Your passwords does not match\n<Br>"; } if ($firstname == NULL) { $error .= "Error: You have to enter your first name\n<Br>"; } if ($lastname == NULL) { $error .= "Error: You have to enter your last name\n<Br>"; } //Check if the user exists for that domain $db = mysql_connect($dbhost, $dbuser, $dbpassword); mysql_select_db($dbname); $result = mysql_query("SELECT * FROM hm_domains WHERE domainid = '$domainid' ", $db); $result = @mysql_fetch_array($result); $address = $username . "@" . $result['domainname']; $result = mysql_query("SELECT * FROM hm_accounts WHERE accountaddress = '$address' ", $db); $result = @mysql_fetch_array($result); if ($result['accountid'] != "") { $error .= "Error: The E-Mail address $address is already registered, please coose another username or domain\n<Br>"; mysql_close(); } if (IsSet($error)) { echo "<Center>Oops, There was some errors, please submit the form again<br>"; echo $error; } else { // Insert the new user infos into the database $passwd = md5($pas1); $db = mysql_connect($dbhost, $dbuser, $dbpassword); mysql_select_db($dbname); $query = "INSERT INTO hm_accounts (accountaddress, accountdomainid, accountadminlevel, accountpassword, accountactive, accountisad, accountmaxsize, accountpwencryption, accountvacationmessageon, accountoldaddress, accountfirstname, accountlastname, accountsecretque, accountsecretans) VALUES ('$address','$domainid','0','$passwd','1','0','$quota','2','0','$oldmail','$firstname','$lastname','$squestion','$sanswere')"; mysql_query($query) or die("Error: Can not query to the database"); mysql_close(); echo "<center><B>Completed!</b> <br><br> You have created an email account with us! you can use the E-Mail services eather by pop3/imap or by using the webmail system. <p>Please <A href=\"$webmailurl\">Login</a> to read or to send emails <p>Thank you $firstname $lastname for joining us"; } } else if ($action == "install") { $db = mysql_connect($dbhost, $dbuser, $dbpassword); mysql_select_db($dbname); mysql_query("ALTER TABLE `hm_accounts` ADD `accountoldaddress` VARCHAR(50) NOT NULL"); mysql_query("ALTER TABLE `hm_accounts` ADD `accountfirstname` VARCHAR(50) NOT NULL"); mysql_query("ALTER TABLE `hm_accounts` ADD `accountlastname` VARCHAR(50) NOT NULL"); mysql_query("ALTER TABLE `hm_accounts` ADD `accountsecretque` VARCHAR(120) NOT NULL"); mysql_query("ALTER TABLE `hm_accounts` ADD `accountsecretans` VARCHAR(120) NOT NULL"); mysql_query("ALTER TABLE `hm_accounts` ADD `accounttmpverify` VARCHAR(120) NOT NULL"); mysql_close(); Echo "The script is istalled successfuly"; } // If the user forgot his password, this is the page to recover it. else if ($action == "forgotpass") { echo "<Center><b>Welcome to the password recovery page</b> <br><br> This page will help you to recover your lost password, if you had filled the oldmail at the registration time You will be able to recover it by using the oldmail method, else you will have to use the secret question method"; echo "<br><br><center> <table border=1 cellspacing=0 cellpadding=0> <tr><td><center>Old Email Method<tr><td> <form name=\"forgot\" action=\"\" method=\"post\"> <table border=0><tr><td> Old email<td><input type=\"text\" name=\"oldemail\"><tr> <td>Your email with us in form of (username@domain.tld) <td><input type=\"text\" name=\"current\"><tr> <input type=\"hidden\" name=\"action\" value=\"fpassoldemail\"> <td><td><input type=\"submit\" value=\"Send me Recovery code\"></tr></td> </form></td></tr></table></table> <center><p> <table border=1 cellspacing=0 cellpadding=0> <tr><td><center>Secret Question Method<tr><td> <form name=\"forgot\" action=\"\" method=\"post\"> <table border=0> <tr><td>Frist name<td><input type=\"text\" name=\"firstname\"><tr> <tr><td>Last name<td><input type=\"text\" name=\"lastname\"><tr> <td>Your email with us in form of (username@domain.tld) <td><input type=\"text\" name=\"current\"><tr> <input type=\"hidden\" name=\"action\" value=\"fpassgetquestion\"> <td><td><input type=\"submit\" value=\"Submit\"></tr></td> </form></td></tr></table></table></center>"; } // if the user submited data for the secret question method, // load the variables, and do the checks else if ($action == "fpassgetquestion") { $username = $_POST["current"]; $firstname = $_POST["firstname"]; $lastname = $_POST["lastname"]; if (normalmail($username) == FALSE) { $error .= "Error: Please enter a valid ID in form of email address\n<br>"; } if ($username == NULL) { $error .= "Error: You have to enter your current ID (in form of username@domain.ltd)\n<br>"; } if ($firstname == NULL) { $error .= "Error: You have to enter your first name\n<Br>"; } if ($lastname == NULL) { $error .= "Error: You have to enter your last name\n<Br>"; } if (IsSet($error)) { echo "<Center>Oops, There was some errors, please submit the form again<br>"; echo $error; //else do the rest of the checks } else { $db = mysql_connect($dbhost, $dbuser, $dbpassword); mysql_select_db($dbname); $result = mysql_query("SELECT * FROM hm_accounts WHERE accountaddress = '$username' ", $db); $result = @mysql_fetch_array($result); $questi = $result['accountsecretque']; echo "<center><b>Please answere your secret question: $questi </b>"; echo "<p><form name=\"forgot\" action=\"\" method=\"post\"> <table border=0> <input type=\"hidden\" value=\"$firstname\" name=\"firstname\"> <input type=\"hidden\" value=\"$lastname\" name=\"lastname\"> <input type=\"hidden\" value=\"$questi\" name=\"squestion\"> <input type=\"hidden\" value=\"$username\" name=\"current\"> <td>Answe <td><input type=\"text\" name=\"sanswere\"><tr> <input type=\"hidden\" name=\"action\" value=\"fpassquestion\"> <td><td><input type=\"submit\" value=\"Submit\"></tr></td> </form></td></tr></table></table></center>"; } } else if ($action == "fpassquestion") { $username = $_POST["current"]; $firstname = $_POST["firstname"]; $lastname = $_POST["lastname"]; $squestion = $_POST["squestion"]; $sanswere = $_POST["sanswere"]; // Do all the checks if (normalmail($username) == FALSE) { $error .= "Error: Please enter a valid ID in form of email address\n<br>"; } if ($squestion == NULL) { $error .= "Error: You have to enter your secret question\n<br>"; } if ($sanswere == NULL) { $error .= "Error: You have to enter your secret aswere\n<br>"; } if ($username == NULL) { $error .= "Error: You have to enter your current ID (in form of username@domain.ltd)\n<br>"; } if ($firstname == NULL) { $error .= "Error: You have to enter your first name\n<Br>"; } if ($lastname == NULL) { $error .= "Error: You have to enter your last name\n<Br>"; } // If there was error, stop if (IsSet($error)) { echo "<Center>Oops, There was some errors, please submit the form again<br>"; echo $error; //else do the rest of the checks } else { $db = mysql_connect($dbhost, $dbuser, $dbpassword); mysql_select_db($dbname); $result = mysql_query("SELECT * FROM hm_accounts WHERE accountaddress = '$username' ", $db); $result = @mysql_fetch_array($result); // check if the information does match with the stored data if ( $result['accountlastname'] == NULL || $result['accountfirstname'] == NULL || $result['accountsecretque'] == NULL || $result['accountsecretans'] == NULL) { die("Error: Cant find infos in database for $username"); mysql_close(); } if (strtolower($result['accountlastname']) == strtolower($lastname) && strtolower($result['accountfirstname']) == strtolower($firstname) && strtolower($result['accountsecretque']) == strtolower($squestion) && strtolower($result['accountsecretans']) == strtolower($sanswere)) { echo "<b><center>Your info does match, please enter a new password for $username bellow</b>"; echo "<p><br><center> <table><tr><td> <center>Change password for $username<tr><Td> <center><table> <form name=\"forgot\" action=\"\" method=\"post\"> <tr><Td>Enter new password<td><input type=\"password\" name=\"pas1\"><Tr> <Td>Verify password<td><input type=\"password\" name=\"pas2\"><Tr> <input type=\"hidden\" value=\"$firstname\" name=\"firstname\"> <input type=\"hidden\" value=\"$lastname\" name=\"lastname\"> <input type=\"hidden\" value=\"$squestion\" name=\"squestion\"> <input type=\"hidden\" value=\"$sanswere\" name=\"sanswere\"> <input type=\"hidden\" value=\"$username\" name=\"current\"> <input type=\"hidden\" value=\"forgpassquepro\" name=\"action\"> <Td><td><input type=\"submit\" value=\"Change it\"></Tr></table></table></form></center>"; } else { echo "<b><center>Your info does NOT match</b><p> Your data does not match with the stored informations of $username, please enter the exact info"; } } } else if ($action == "forgpassquepro") { $username = $_POST["current"]; $firstname = $_POST["firstname"]; $lastname = $_POST["lastname"]; $squestion = $_POST["squestion"]; $sanswere = $_POST["sanswere"]; $newpassword = $_POST["pas1"]; $newpassword = md5($newpassword); if (normalmail($username) == FALSE) { die("Error"); } $db = mysql_connect($dbhost, $dbuser, $dbpassword); mysql_select_db($dbname); $result = mysql_query("SELECT * FROM hm_accounts WHERE accountaddress = '$username' ", $db); $result = @mysql_fetch_array($result); // check if the information does match with the stored data if ( $result['accountlastname'] == NULL || $result['accountfirstname'] == NULL || $result['accountsecretque'] == NULL || $result['accountsecretans'] == NULL) { die("Error: Cant find infos in database for $username"); mysql_close(); } if ($_POST["pas1"] != $_POST["pas2"]) { $error = "<center><B>Your passwords does not match, please submit the form again</b></centeR>"; } if ($error != NULL) { echo $error; } else { if (strtolower($result['accountlastname']) == strtolower($lastname) && strtolower($result['accountfirstname']) == strtolower($firstname) && strtolower($result['accountsecretque']) == strtolower($squestion) && strtolower($result['accountsecretans']) == strtolower($sanswere)) { $accountid = $result['accountid']; //ok change the password $query = "UPDATE hm_accounts SET accountpassword = '$newpassword' WHERE accountid = '$accountid'"; mysql_query($query); echo "<center><b>Ok Your password has changed, sign in now with your new password, and your ID $username</b></center>"; mysql_close(); } } } // forgot password, old email method. else if ($action == "fpassoldemail") { $username = $_POST["current"]; $oldmail = $_POST["oldemail"]; // Do all the checks if (normalmail($username) == FALSE) { $error .= "Error: Please enter a valid ID in form of email address\n<br>"; } if (normalmail($oldmail) == FALSE) { $error .= "Error: Please enter a valid email address\n<br>"; } $db = mysql_connect($dbhost, $dbuser, $dbpassword); mysql_select_db($dbname); $result = mysql_query("SELECT * FROM hm_accounts WHERE accountaddress = '$username'", $db); $result = @mysql_fetch_array($result); $accountid = $result['accountid']; if ($result['accountoldaddress'] == NULL) { $error .= "Error: Missing infos in the database for $username <Br>"; } if ($result['accountoldaddress'] != $oldmail) { $error .= "Error: The address $oldmail does not match with the old address of $username <Br>"; } if ($error != NULL) { echo "<Center>Oops, There was some errors, please submit the form again<br>"; echo $error; mysql_close(); } else { // in that case somehow we have to generate a random code for($x=0;$x<10;$x++) { $y = rand(0,61); $z .= $y + (($y<10) ? 48 : (($y<20) ? 21 : 10)); } $db = mysql_connect($dbhost, $dbuser, $dbpassword); mysql_select_db($dbname); $query = "UPDATE hm_accounts SET accounttmpverify = '$z' WHERE accountid = '$accountid'"; mysql_query($query); mysql_close(); $body = " The user account $username has this email associated with it. A Web user from " . $_SERVER['REMOTE_ADDR'] . " has just requested a Confirmation Code to change the password. Your Confirmation Code is: $z With this code you can now assign a new password at http://" . $_SERVER['HTTP_HOST'] . $_SERVER['SCRIPT_NAME'] . "?action=fpassconfirm&addr=$username&code=$z If you cant click in the link, copy paste the URL into your browser. If you didn't asked for this, don't worry. Just delete this Email."; $body = wordwrap($body, 70); $subject = "Lost password: confirmation code"; $headers=""; $headers = 'From: ' . $username; if (mail($oldmail, $subject, $body, $headers)) { echo "<b>Message successfully sent!</b> <p>Please read the email in your old address $oldmail to get the verification code and reset your password <p>Your IP address is loged for security reasons."; } else { echo "<b>Message delivery failed!</b>"; } } } else if ($action == "fpassconfirm") { $code = $_POST["code"]; $username = $_POST["addr"]; if (!IsSet($code)) { $code = $_GET["code"]; } if (!IsSet($username)) { $username = $_GET["addr"]; } $db = mysql_connect($dbhost, $dbuser, $dbpassword); mysql_select_db($dbname); $result = mysql_query("SELECT * FROM hm_accounts WHERE accountaddress = '$username' ", $db); $result = @mysql_fetch_array($result); if ($username == NULL || normalmail($username) == FALSE) { $error .= "Error: Please enter your E-mail address in the correct form<Br>"; } if ($code == NULL) { $error .= "Error: Please enter the confirmation code<br>"; } if ($result['accounttmpverify'] != $code) { $error .= "Error: You entered an invalid confirmation code. <Br>"; } if ($error != NULL) { echo "<Center>Oops, There was some errors, please submit the form again<br>"; echo $error; echo "<br><br> <form name=\"forgot\" action=\"\" method=\"post\"> <center> <table><tr> <Td>E-Mail address<td><input name=\"addr\" type=\"text\"> <tr><td>Code<td><input name=\"code\" type=\"text\"><tr> <input type=\"hidden\" value=\"fpassconfirm\" name=\"action\"> <td><td><input type=\"submit\" value=\"Submit\"></tr> </td></table></table></form></centeR> "; mysql_close(); } else { echo "<b><center>Confirmation code is valid, Please enter your new password bellow</b>"; echo "<p><br> <center><table><tr><Td> Change password for $username<tr><Td> <table><tr> <form name=\"forgot\" action=\"\" method=\"post\"> <Td>Enter new password<td><input type=\"password\" name=\"pas1\"> <Tr><Td>Verify password<td><input type=\"password\" name=\"pas2\"><Tr> <input type=\"hidden\" value=\"$code\" name=\"code\"> <input type=\"hidden\" value=\"$username\" name=\"addr\"> <input type=\"hidden\" value=\"forgpasscodepro\" name=\"action\"> <Td><td><input type=\"submit\" value=\"Change it\"></Tr></table></table></form>"; mysql_close(); } } // ok lets check the code again, and change the password. else if ($action = "forgpasscodepro") { $code = $_POST["code"]; $username = $_POST["addr"]; $newpassword = $_POST["pas1"]; $newpassword = md5($newpassword); $db = mysql_connect($dbhost, $dbuser, $dbpassword); mysql_select_db($dbname); $result = mysql_query("SELECT * FROM hm_accounts WHERE accountaddress = '$username' ", $db); $result = @mysql_fetch_array($result); $accountid = $result['accountid']; if ($username == NULL || normalmail($username) == FALSE) { $error .= "Error: Please enter your E-mail address in the correct form<Br>"; } if ($code == NULL) { $error .= "Error: Please enter the confirmation code<br>"; } if ($result['accounttmpverify'] != $code) { $error .= "Error: You entered an invalid confirmation code. <Br>"; } if ($_POST["pas1"] != $_POST["pas2"]) { $error .= "Error: Passwords does not match. <Br>"; } if ($error != NULL) { echo $error; } else { $query = "UPDATE hm_accounts SET accountpassword = '$newpassword' WHERE accountid = '$accountid'"; mysql_query($query); echo "<b>Your password has changed!</B><br><br> now you can sign in with your new password and your ID $username"; mysql_close(); } } echo "<center><p><em><font size=\"2\">Powered by <a target=\"hmail\" href=\"http://www.hmailserver.com\">HMailServer</a> @ All rights reserved</em></font></centeR>"; ?> Tnx Hi I have previously posted this in the Jquery section but im not so sure its a Jquery issue now, so apoligies for the double post. I am having an issue with a rating system that works if i access the gamecards.php file through its absolute path (www..../...../gamecards.php) but will not work if i access it through a file that it is an include of (www..../reviews.php) Basicaly, when i click on the link through the include, the data is not sent to the DB and the data does not refresh. gamecards.php all works fine when its not as an include. Any ideas why? Gamecards.php is posted below Code: [Select] <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <script type="text/javascript" src="jquery.js"></script> <script type="text/javascript"> $(function() { $(".vote").click(function() { var id = $(this).attr("id"); var name = $(this).attr("name"); var dataString = 'id='+ id ; var parent = $(this); if(name=='up') { $(this).fadeIn(200).html('<img src="dot.gif" align="absmiddle">'); $.ajax({ type: "POST", url: "up_vote.php", data: dataString, cache: false, success: function(html) { parent.html(html); } }); } else { $(this).fadeIn(200).html('<img src="dot.gif" align="absmiddle">'); $.ajax({ type: "POST", url: "down_vote.php", data: dataString, cache: false, success: function(html) { parent.html(html); } }); } return false; }); }); </script> </head> <body> <?php include('config.php'); //get results from db if (isset($_GET['gameid']) && is_numeric($_GET['gameid'])) { $gameid = mysql_real_escape_string($_GET['gameid']); $sql = "SELECT * FROM Games WHERE gameid = $gameid"; $res = mysql_query($sql); $data = mysql_fetch_assoc($res); // However you'd like to format the html to output $title=$data['gametitle']; $cover=$data['cover']; $gameid=$data['gameid']; $info=$data['info']; $genre=$data['genre']; $rdate=$data['releasedate']; $format=$data['format']; $dir1="coverart"; $reviews="Enter Reviews Here"; date("d/m/y",$rdate); echo "<div id='cardcontainer_full'> <div id='coverart'><img src='$dir1/{$cover}' width='100' height='140'><br></div> <div id='gametitle'>$title</div> <div id='features'>Gen $genre<br><br> Release Date: $rdate<br><br> Available for: $format<br><br> </div> <div id='gameinfo'><div style='font-weight:bold'>Summary</div><br>$info <p><div style='font-weight:bold'>Reviews</div><p>$reviews </div> </div>"; } else { $data = ''; if(isset($_GET['filter']) && $_GET['filter'] != ''){ $filter = $_GET['filter']."%"; }else{ // set A as default $filter = "a%"; } $sql = "SELECT * FROM Games WHERE gametitle LIKE '$filter' ORDER BY gametitle"; $res = mysql_query($sql) or die(mysql_error()); if(mysql_num_rows($res) == 0) die("No records found"); // loop through the results returned by your query while($row = mysql_fetch_assoc($res)) { $title=$row['gametitle']; $cover=$row['cover']; $gameid=$row['gameid']; $up=$row['up']; $down=$row['down']; // directory for images $dir="coverart"; ?> <div id="cardcontainer"> <div id="coverart"> <?php echo "<img src='$dir/{$cover}' width='100' height='140'><br>"; ?> </div> <div id="gametitle"> <a href="Reviews.php?gameid=<?php echo $gameid ?>"><?php echo $title ?></a> </div> <div id="friendrating">Rate It<br /><a href="" class="vote" id="<?php echo $gameid; ?>" name="up"><?php echo $up; ?></a></div> <div id="globalrating">Hate It<br /><a href="" class="vote" id="<?php echo $gameid; ?>" name="down"><?php echo $down; ?></a></div> </div> <br /> <?php } } ?> </body> </html> I have an open source project (https://github.com/j.../patchdashboard)
Here's my .htaccess for this:
RewriteEngine On
RewriteBase "/pm/"
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule /patches/server/(.*)$ patch_list?server= [QSA,NC,L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule /packages/server/(.*)$ packages?server= [QSA,NC,L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule /search/exact/(.*)$ search?package=&exact=true [QSA,NC,L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule /search/(.*)$ search?package= [QSA,NC,L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule /rewrite_check/(.*)$ rewrite_check.php [QSA,NC,L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^([^/]*)$ index.php?page= [QSA,L]
Basically, I want it so that no matter where they drop this script ("/", "/patch_dashboard/", "/pb/", etc.) it will redirect as intended.
In the example I provided, the document root is "/pm/". When I try to hit a page ("http://dev2.curltool...es/server/demo1" for example), it gives a 404.
If I hard code in each rule the base path, it just redirects everything to the main page.
Any help would be greatly appreciated.
Code: [Select] <? $out = preg_replace('/^(.{701}[^.]*).*/i','$1.',$detrsltnewsrow[news_desc]); echo $out; ?> </td></tr><tr><td colspan="2" class="para" style="padding-left:10px;"> <?= substr(stripslashes(trim($detrsltnewsrow[news_desc])),701) ?> </td></tr> I have the above snippet.. The first php statement, basically grasp the first 701 characters with the closet next stop "." character and out puts it. then out puts the HTML tags I have a problem with the second statement. I want to output anything after what has been outputted by: Code: [Select] <? $out = preg_replace('/^(.{701}[^.]*).*/i','$1.',$detrsltnewsrow[news_desc]); echo $out; ?> So need the correct syntax for Code: [Select] <?= substr(stripslashes(trim($detrsltnewsrow[news_desc])),701) ?> Currently it breaks at exactly the 701 character, want it to continue from the sentence the first code ended in. My query gets the results and orders by one of the fields. Once I get the MySQL results I would like to find the first entry that has a letter as the first character of the same field that the list was ordered by, then split the results in to two parts and swap them. So that the results that have a letter at the start of the same sorted field are as the begining and the results that have the numbers as the start at the end of the array. But also so that the array works the same way as the original results string, so i can use say $results['mysqlfield'] I want to build a captcha from scratch, as I'm all about doing things myself, and I've proposed a nice idea on how I can achieve that, but I'm sort of lost... What I want to do is write a script that will generate a random string of both letters and numbers, with the ability to set a limit on how many characters are generated. Then, I want to store that string within a variable called "random_string". Once the user types in that code, their input would get captured in a separate php file and stored within a variable like so: $captcha_code = $_POST['catpcha_code']; Then, I would write a code to see if the user's input matches the random character string from the html: Code: [Select] <?php if ($random_string == $captcha_code) { mail($to, $subject, $body); } else { echo ("The code you entered did not match the captcha. Please go back and try again."); } ?> Is this possible? I haven't yet tried it myself, because I don't know how to generate random strings of characters, but I was just wondering if perhaps I'm on the right track? Any suggestions or advice is appreciated =) Hi, I am making a CAPTCHA image. I am pretty sure the code I have is correct, but I am getting these error messages when I run the script. I use GoDaddy for hosting. The font that I reference in the script is in the root directory with the script. Any ideas? Thanks, Craig ------------ Warning: imagefilledrectangle(): supplied argument is not a valid Image resource in /home/content/68/6372768/html/captcha.php on line 19 Warning: imageline(): supplied argument is not a valid Image resource in /home/content/68/6372768/html/captcha.php on line 22 Warning: imageline(): supplied argument is not a valid Image resource in /home/content/68/6372768/html/captcha.php on line 22 Warning: imageline(): supplied argument is not a valid Image resource in /home/content/68/6372768/html/captcha.php on line 22 Warning: imageline(): supplied argument is not a valid Image resource in /home/content/68/6372768/html/captcha.php on line 22 Warning: imageline(): supplied argument is not a valid Image resource in /home/content/68/6372768/html/captcha.php on line 22 Warning: imagesetpixel(): supplied argument is not a valid Image resource in /home/content/68/6372768/html/captcha.php on line 27 Warning: imagesetpixel(): supplied argument is not a valid Image resource in /home/content/68/6372768/html/captcha.php on line 27 Warning: imagesetpixel(): supplied argument is not a valid Image resource in /home/content/68/6372768/html/captcha.php on line 27 Warning: imagesetpixel(): supplied argument is not a valid Image resource in /home/content/68/6372768/html/captcha.php on line 27 Warning: imagesetpixel(): supplied argument is not a valid Image resource in /home/content/68/6372768/html/captcha.php on line 27 Warning: imagesetpixel(): supplied argument is not a valid Image resource in /home/content/68/6372768/html/captcha.php on line 27 Warning: imagesetpixel(): supplied argument is not a valid Image resource in /home/content/68/6372768/html/captcha.php on line 27 Warning: imagesetpixel(): supplied argument is not a valid Image resource in /home/content/68/6372768/html/captcha.php on line 27 Warning: imagesetpixel(): supplied argument is not a valid Image resource in /home/content/68/6372768/html/captcha.php on line 27 Warning: imagesetpixel(): supplied argument is not a valid Image resource in /home/content/68/6372768/html/captcha.php on line 27 Warning: imagesetpixel(): supplied argument is not a valid Image resource in /home/content/68/6372768/html/captcha.php on line 27 Warning: imagesetpixel(): supplied argument is not a valid Image resource in /home/content/68/6372768/html/captcha.php on line 27 Warning: imagesetpixel(): supplied argument is not a valid Image resource in /home/content/68/6372768/html/captcha.php on line 27 Warning: imagesetpixel(): supplied argument is not a valid Image resource in /home/content/68/6372768/html/captcha.php on line 27 Warning: imagesetpixel(): supplied argument is not a valid Image resource in /home/content/68/6372768/html/captcha.php on line 27 Warning: imagesetpixel(): supplied argument is not a valid Image resource in /home/content/68/6372768/html/captcha.php on line 27 Warning: imagesetpixel(): supplied argument is not a valid Image resource in /home/content/68/6372768/html/captcha.php on line 27 Warning: imagesetpixel(): supplied argument is not a valid Image resource in /home/content/68/6372768/html/captcha.php on line 27 Warning: imagesetpixel(): supplied argument is not a valid Image resource in /home/content/68/6372768/html/captcha.php on line 27 Warning: imagesetpixel(): supplied argument is not a valid Image resource in /home/content/68/6372768/html/captcha.php on line 27 Warning: imagesetpixel(): supplied argument is not a valid Image resource in /home/content/68/6372768/html/captcha.php on line 27 Warning: imagesetpixel(): supplied argument is not a valid Image resource in /home/content/68/6372768/html/captcha.php on line 27 Warning: imagesetpixel(): supplied argument is not a valid Image resource in /home/content/68/6372768/html/captcha.php on line 27 Warning: imagesetpixel(): supplied argument is not a valid Image resource in /home/content/68/6372768/html/captcha.php on line 27 Warning: imagesetpixel(): supplied argument is not a valid Image resource in /home/content/68/6372768/html/captcha.php on line 27 Warning: imagesetpixel(): supplied argument is not a valid Image resource in /home/content/68/6372768/html/captcha.php on line 27 Warning: imagesetpixel(): supplied argument is not a valid Image resource in /home/content/68/6372768/html/captcha.php on line 27 Warning: imagesetpixel(): supplied argument is not a valid Image resource in /home/content/68/6372768/html/captcha.php on line 27 Warning: imagesetpixel(): supplied argument is not a valid Image resource in /home/content/68/6372768/html/captcha.php on line 27 Warning: imagesetpixel(): supplied argument is not a valid Image resource in /home/content/68/6372768/html/captcha.php on line 27 Warning: imagesetpixel(): supplied argument is not a valid Image resource in /home/content/68/6372768/html/captcha.php on line 27 Warning: imagesetpixel(): supplied argument is not a valid Image resource in /home/content/68/6372768/html/captcha.php on line 27 Warning: imagesetpixel(): supplied argument is not a valid Image resource in /home/content/68/6372768/html/captcha.php on line 27 Warning: imagesetpixel(): supplied argument is not a valid Image resource in /home/content/68/6372768/html/captcha.php on line 27 Warning: imagesetpixel(): supplied argument is not a valid Image resource in /home/content/68/6372768/html/captcha.php on line 27 Warning: imagesetpixel(): supplied argument is not a valid Image resource in /home/content/68/6372768/html/captcha.php on line 27 Warning: imagesetpixel(): supplied argument is not a valid Image resource in /home/content/68/6372768/html/captcha.php on line 27 Warning: imagesetpixel(): supplied argument is not a valid Image resource in /home/content/68/6372768/html/captcha.php on line 27 Warning: imagesetpixel(): supplied argument is not a valid Image resource in /home/content/68/6372768/html/captcha.php on line 27 Warning: imagesetpixel(): supplied argument is not a valid Image resource in /home/content/68/6372768/html/captcha.php on line 27 Warning: imagesetpixel(): supplied argument is not a valid Image resource in /home/content/68/6372768/html/captcha.php on line 27 Warning: imagesetpixel(): supplied argument is not a valid Image resource in /home/content/68/6372768/html/captcha.php on line 27 Warning: imagesetpixel(): supplied argument is not a valid Image resource in /home/content/68/6372768/html/captcha.php on line 27 Warning: imagesetpixel(): supplied argument is not a valid Image resource in /home/content/68/6372768/html/captcha.php on line 27 Warning: imagesetpixel(): supplied argument is not a valid Image resource in /home/content/68/6372768/html/captcha.php on line 27 Warning: imagesetpixel(): supplied argument is not a valid Image resource in /home/content/68/6372768/html/captcha.php on line 27 Warning: imagesetpixel(): supplied argument is not a valid Image resource in /home/content/68/6372768/html/captcha.php on line 27 Warning: imagesetpixel(): supplied argument is not a valid Image resource in /home/content/68/6372768/html/captcha.php on line 27 Warning: imagesetpixel(): supplied argument is not a valid Image resource in /home/content/68/6372768/html/captcha.php on line 27 Warning: imagesetpixel(): supplied argument is not a valid Image resource in /home/content/68/6372768/html/captcha.php on line 27 Warning: imagettftext() expects parameter 1 to be resource, null given in /home/content/68/6372768/html/captcha.php on line 30 Warning: imagedestroy(): supplied argument is not a valid Image resource in /home/content/68/6372768/html/captcha.php on line 35 Code: [Select] <?php session_start(); // Set some important CAPTCHA constants define('CAPTCHA_NUMCHARS', 6); // number of characters in pass-phrase define('CAPTCHA_WIDTH', 100); // width of image define('CAPTCHA_HEIGHT', 25); // height of image // Generate the random pass-phrase $pass_phrase = ""; for ($i = 0; $i < CAPTCHA_NUMCHARS; $i++) { $pass_phrase .= chr(rand(97, 122)); } // Store the encrypted pass-phrase in a session variable $_SESSION['pass_phrase'] = sha1($pass_phrase); // Create the image $img = imagecreatetruecolor(CAPTCHA_WIDTH, CAPTCHA_HEIGHT); // Set a white background with black text and gray graphics $bg_color = imagecolorallocate($img, 255, 255, 255); // white $text_color = imagecolorallocate($img, 0, 0, 0); // black $graphic_color = imagecolorallocate($img, 64, 64, 64); // dark gray // Fill the background imagefilledrectangle($img, 0, 0, CAPTCHA_WIDTH, CAPTCHA_HEIGHT, $bg_color); // Draw some random lines for ($i = 0; $i < 5; $i++) { imageline($img, 0, rand() % CAPTCHA_HEIGHT, CAPTCHA_WIDTH, rand() % CAPTCHA_HEIGHT, $graphic_color); } // Sprinkle in some random dots for ($i = 0; $i < 50; $i++) { imagesetpixel($img, rand() % CAPTCHA_WIDTH, rand() % CAPTCHA_HEIGHT, $graphic_color); } // Draw the pass-phrase string imagettftext($img, 18, 0, 5, CAPTCHA_HEIGHT - 5, $text_color, 'Courier New Bold.ttf', $pass_phrase); // Output the image as a PNG using a header header("Content-type: image/png"); imagepng($img); // Clean up imagedestroy($img); ?> The following code is what I am trying to use for doing a form captcha style verification and all it is throwing back when I load the page is an image of the website address. Does anyone here know where I am going wrong? I have been at this all day and gotten nowhere. Thanks in advance <?php session_start(); $rndval = rand(1000, 9999); $_SESSION['rndnum'] = md5($rndval); $img = imagecreate(60, 30); $bgc = imagecolorallocate ($img, 255, 251, 205); $fontcolor = imagecolorallocate ($img, 0, 0, 0); imagestring ($img, 5, 5, 8, $rndval, $fontcolor); header('Content-type: image/jpeg'); imagejpeg($img); imagedestroy($img); ?> why does this not display my hosting supports gd Code: [Select] <?php session_start(); create_image(); function create_image() { $rand = md5(rand(0, 9999999)); $vaule = substr ($rand, 10, 8); //widht and height is the width of the box $width = 150; $height = 30; //the will be ther sixe of the box $image = imagecreate($width, $height); $black = imagecolorallocate($image, 0, 0, 0); $white = imagecolorallocate($image, 255, 255, 255); $grey = imagecolorallocate ($image, 132, 132, 132); $blue = imagecolorallocate ($image, 138, 197, 255); //the bg of the image imagefill($image, 0, 0, $blue); //imagetext imagestring($image, 5, 15, 7, $vaule, $black); //middle line and down line imageline($image, 0, $height/2, $width, $height/2, $grey); imageline($image, $width/2, 0, $width/2, $height, $grey); //hor line image($image, 0, 0, $width, $height, $grey); image($image, 0, $height, $width, 0, $grey); //desplay image imagepng($image); imagedestroy($image); //start session $_SESSION[captcha_key]; } ?> hi ,frds i am getting trouble . here is my problem captcha is working fine in firefox 3.6.16 but not in IE6 help me frds. Can anyone please take a quick glance at this form the captcha messages are not appearing correctly. The message keeps getting sent. Thank You Code: [Select] <?php if(($_SESSION['security_code'] != $_POST['security_code']) || (empty($_SESSION['security_code'])) ){ $to = "info@*******.com"; // change to your email address $name = htmlentities ($_POST['name']); $email = htmlentities ($_POST['email']); $phone = htmlentities ($_POST['phone']); $msg = htmlentities ($_POST['msg']); $d = date('l dS \of F Y h:i:s A'); $sub = "form to mail"; $headers = "From: $name <$email>\n"; $headers .= "Content-Type: text/plain; charset=iso-8859-1\n"; $mes = "phone: ".$phone."\n"; $mes .= "Message: ".$msg."\n"; $mes .= "Name: ".$name."\n"; $mes .= 'Email: '.$email."\n"; $mes .= 'Date & Time: '.$d; { mail($to, $sub, $mes, $headers); } echo "<p> </p><p> </p><p> </p><br />CAPTCHA CODE does not match! <p> </p><p> </p><a href='javascript:javascript:history.go(-1)'>Click here to go back to previous page</a>"; } else echo "THANK YOU"; ?> Hello everybody, I am new to these forums and registered due to my problems which has been annoying me all the evening... I've been googling for 3 hours and still haven't found a proper answer. The situation is: I started to use session in my page. <?php ini_set('session.use_cookies', 0); ini_set('session.use_only_cookies', 0); ini_set('session.name', 'sid'); ini_set('session.auto_start', 0); ini_set('session.use_trans_sid', 1); session_start(); ?> these lines are included in, let's say, my register.php file. (please, don't recommend me cookies as i'm developing a site for mobiles) And then, there is a form: <?php echo '<form action="register.php?sid='.session_id().'" method="POST"> Įveskite kodą:<br/> <input class="input" type="text" name="captcha" maxlength="4"/><br/> <img id="captcha" src="captcha.php?sid='.session_id().'" /><br/> <input type="submit" name="submit" value="Registruotis" /><br/> </form>';?> although captcha is shown, when I submit the form and i have to check inputs I get this error: Notice: Undefined index: randomnr2 in C:\Program Files\EasyPHP-5.3.3.1\www\new\register.php on line 144 Well, my captcha.php file: <?php $randomnr = rand(1000, 9999); $_SESSION['randomnr2'] = $randomnr; $im = imagecreatetruecolor(100, 38); $white = imagecolorallocate($im, 255, 255, 255); $grey = imagecolorallocate($im, 150, 150, 150); $black = imagecolorallocate($im, 0, 0, 0); imagefilledrectangle($im, 0, 0, 200, 35, $black); //path to font - this is just an example you can use any font you like: $font = dirName(__FILE__).'/font/karate/Karate.ttf'; imagettftext($im, 20, 4, 22, 30, $grey, $font, $randomnr); imagettftext($im, 20, 4, 15, 32, $white, $font, $randomnr); //prevent caching on client side: header("Expires: Wed, 1 Jan 1997 00:00:00 GMT"); header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT"); header("Cache-Control: no-store, no-cache, must-revalidate"); header("Cache-Control: post-check=0, pre-check=0", false); header("Pragma: no-cache"); header ("Content-type: image/gif"); imagegif($im); imagedestroy($im); ?> Any ideas? Thanks in advance. Hi, I really need to add a captcha to this PHP process form? How do I go about doing this? Code: [Select] <?php // Define some constants define( "RECIPIENT_NAME", "John Smith" ); define( "RECIPIENT_EMAIL", "john@example.com" ); define( "EMAIL_SUBJECT", "Visitor Message" ); // Read the form values $success = false; $senderName = isset( $_POST['senderName'] ) ? preg_replace( "/[^\.\-\' a-zA-Z0-9]/", "", $_POST['senderName'] ) : ""; $senderEmail = isset( $_POST['senderEmail'] ) ? preg_replace( "/[^\.\-\_\@a-zA-Z0-9]/", "", $_POST['senderEmail'] ) : ""; $message = isset( $_POST['message'] ) ? preg_replace( "/(From:|To:|BCC:|CC:|Subject:|Content-Type:)/", "", $_POST['message'] ) : ""; // If all values exist, send the email if ( $senderName && $senderEmail && $message ) { $recipient = RECIPIENT_NAME . " <" . RECIPIENT_EMAIL . ">"; $headers = "From: " . $senderName . " <" . $senderEmail . ">"; $success = mail( $recipient, EMAIL_SUBJECT, $message, $headers ); } // Return an appropriate response to the browser if ( isset($_GET["ajax"]) ) { echo $success ? "success" : "error"; } else { ?> <html> <head> <title>Thanks!</title> </head> <body> <?php if ( $success ) echo "<p>Thanks for sending your message! We'll get back to you shortly.</p>" ?> <?php if ( !$success ) echo "<p>There was a problem sending your message. Please try again.</p>" ?> <p>Click your browser's Back button to return to the page.</p> </body> </html> <?php } ?> ?? Thanks in advance! I'm trying to login to a vBulletin forum using a captcha login. I am, however, not able to download the captcha image. This is the result I get when I try to get the captcha: So how do I get the captcha image? This is my current login code: Code: [Select] <?php $user='username'; $pass='password'; $md5Pass = md5($pass); $data = "do=login&vb_login_md5password=$md5Pass&vb_login_md5password_utf=$md5Pass&vb_login_username=$user&cookieuser=1"; $ch = curl_init(); curl_setopt ($ch, CURLOPT_URL, "http://www.****.com/login.php?do=login"); curl_setopt ($ch, CURLOPT_USERAGENT, "Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)"); curl_setopt ($ch, CURLOPT_TIMEOUT, '10'); curl_setopt($ch, CURLOPT_POST, 1); curl_setopt($ch,CURLOPT_POSTFIELDS,$data); curl_setopt($ch, CURLOPT_COOKIEJAR, "cookie.txt"); curl_setopt($ch, CURLOPT_COOKIEFILE, "cookie.txt"); curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1); curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1); $store = curl_exec ($ch); curl_close($ch); echo $store; ?> Maybe the site looks for a cookie and only shows the captcha if it finds the cookie file? Ideally just one word authentication and pretty simple, but effective. Preferebly one that does not use Sessions because then the user is unable to press the back button to go back to the original page after submitting the form... I know I could just put a text link there but not all users would click that link... SO I have been developing a log in system and wanted to make my own simple CAPTCHA. I found one on the internet and ported the code across to get started and see how someone had made it. The issue I am having is that the dynamically generated image that I have created it seems is one step ahead of the session variable (the string is generated and then saved into session - then generates the image). But when i echo back the session it is always one step behind the actual image... Anyway here is my code and ask away please
<?php
require('includes/util.inc.php');
$form = '
<form action="register.php" method="post">
<p>username <input type="text" name="username" id="usrinp"></p>
<p>email <input type="text" name="email" id="emainp"></p>
<p>password <input type="password" name="password1" id="psw1inp"></p>
<p>re-enter password <input type="password" name="password2" id="psw2inp"></p>
<p><img src="captcha.php"/></p>
<p>captcha <input type="text" name="captcha" id="capinp"></p>
<p><input type="submit" value="Register" id="subinp"></p>
</form>
';
if(isset($_SESSION['captcha'])) {
echo $_SESSION['captcha'];
}
if ($_SERVER['REQUEST_METHOD'] == 'POST' && !empty($_POST['username']) && !empty($_POST['email'])) {
if($_POST['captcha'] == $_SESSION['captcha']) {
$username = $_POST['username'];
$email = $_POST['email'];
$password = SHA1($_POST['password1']);
$password = SHA1($_POST['password2']);
$q = 'SELECT username FROM users WHERE username = :username';
$stmt = $pdo->prepare($q);
$stmt->bindParam(':username', $username);
$stmt->execute();
if($stmt->rowCount() > 0) {
echo "<pre>This username has already been taken</pre>";
} else {
$qi = 'INSERT INTO users ( username, password, email ) VALUES ( :username, SHA1(:password), :email )';
$query = $pdo->prepare($qi);
$result = $query->execute( array( ':username'=>$username, ':password'=>$password, ':email'=>$email ) );
if($result) {
header("location:login.php");
exit;
} else {
echo '<pre>Error, please try again</pre>';
}
}
}
}
$pageTitle = 'Register';
include('includes/header.inc.php');
include('pages/register.html');
?>
<?php
require('includes/util.inc.php');
$string = '';
for ($i = 0; $i < 5; $i++) {
$string .= chr(rand(97, 122));
}
$_SESSION['captcha'] = $string;
$font_path = 'includes/fonts/';
$captcha_image = imagecreatetruecolor(150, 60);
$text_color = imagecolorallocate($captcha_image, 0, 0, 0);
$bg_color = imagecolorallocate($captcha_image, 255, 255, 255);
imagefilledrectangle($captcha_image, 0, 0, 399, 99, $bg_color);
imagettftext($captcha_image, 30, 0, 10, 40, $text_color, $font_path . "dashdot.ttf", $_SESSION['captcha']);
header("Content-type: image/png");
imagepng($captcha_image);
?>
<?php
session_start();
function class_loader($class) {
require 'classes/' . $class . '.class' . '.php';
}
spl_autoload_register('class_loader');
$user = (isset($_SESSION['user'])) ? $_SESSION['user'] : null;
$cat = (isset($_SESSION['cat'])) ? $_SESSION['cat'] : null;
try {
$pdo = new PDO('mysql:dbname=phpcat; host=localhost', 'root', '');
} catch (PDOException $e) {
$pageTitle = 'Error!';
include('header.inc.php');
include('../pages/error.html');
exit();
}
How effective is Captcha anymore? How does using Captcha compare to using a Challenge Question like "2 + 3 = ??" I am creating a form on my website where users can e-mail me their comments - although my e-mail is hidden - and I don't want this to become a spam-magnet?! Debbie |
|||||||