Captcha code

PHP
1

I am trying to implement
http://www.php-mysql-tutorial.com/wikis/php-tutorial/user-authentication-with-image-verification.aspx on my site

In the form I have verify set as the text field for the user input of the captcha number

I have the captcha image script

But smething is not connecting here

session_start();

$errorMessage = '';

 $number = $_POST['verify'];

if ($number == 1) {
   // first check if the number submitted is correct
  
   if (md5($number) == $_SESSION['image_random_value']) 
{
         // remove the random value from session
         $_SESSION['image_random_value'] = '';

         // after login we move to the main page
         //header('Location: main.php');
         exit;
          
   } 
}
2

I should add I removed the checks that if a user is logged in because it is not needed. I added the image code without any changes. The form looks like

<input name=\"verify\" type=\"text\" id=\"verify\" value=\"\">
&nbsp;&nbsp;<img src=\"icaptcha.php\">

   <input type=\"submit\" value=\"Post Comment\" name=\"submit\">

EDIT
This post has been reformatted by enclosing the code block in 3 backticks
```
on their own lines.

3

You would be better off implementing ReCaptcha than to create your own solution.

Take a look, it is simple to implement to your system and free to use.

4

Thanks I would still rather get this to work. But yes I looked at recaptcha.

5

Thanks I would still rather get this to work. But yes I looked at recaptcha.

Peter

6

Can you tell us exactly what isn’t working?

I see your form processing code is always checking for the user entering ‘1’ as the captcha image value, is that correct? They don’t do that in the page you referenced.

7

That could be the issue, whether the captcha number value is correct or false it still posts the form(comment)

8

Well, it’s impossible to say any more unless you post all your code. The extracts you’ve got there don’t show enough to offer any more.

9

is there a simple way to just check that what is in verify field matches the captcha image value, my code is bad. I don’t need to check username and password.

10

There is no more code besides what I had there, I am going to add this to several different areas so i am looking for a simple way to initialize the captcha

11

That’s what the line that starts ‘if MD5(’ is doing - it’s encoding the number that the user typed into the form and comparing it to the value of the captcha image (which was stored in a session variable when the image was generated). The trouble here is that before that line, you’ve added a check to see if the user typed ‘1’ into the form, so unless the captcha image showed a number one, you never get as far as checking the proper value.

12

There must be. There’s no code above to post the comment, yet you say it is posting it regardless of whether the user types the correct captcha number. There’s loads of code missing from your form as well, including the open and close form tags.

13

Sorry if i didn’t explian that

   $verify = prepValue($_POST['verify']);


$errorMessage = '';


  
   if (md5($verify) == $_SESSION['image_random_value']) 
{
         // remove the random value from session
         $_SESSION['image_random_value'] = '';

         // after login we move to the main page
         header('Location: main.php');
         exit;
          
   } 
}
14

I was thinking to have a basic way for the captcha to intialize and then add that block of code to the several php pages that have forms that will need this. The other code in the php files should not have any affect with this I just need it driven by the form. Thanks for helping, did you need to see code from other php files that may use this? It would help everyone more if there was just a simple block of code they can add to thier own pages.

15

I’m not sure where you stand on getting your script to work.

I made this little captcha awhile back and it writes the number (5 letter uppercase Alpha-numeric) on a “blank” image, captcha_blank.png, (actually the image 80 X 30 has a background) , saves it as a temp image C_temp.png and sets the number to session.

<?php
$session_start;
    if(file_exists("captcha/C_temp.png")):
        unlink("captcha/C_temp.png");
    endif;
    
    function swd_rand($length = 10, $letters = true, $numbers = true, $case = 'u'){
        $chars = array();       
        if ($numbers){
            $chars = array_merge($chars, range(48, 57));
        }    
        if ($letters OR !$numbers){
            $chars = array_merge($chars, range(65, 90), range(97, 122));
        }       
        for ($string = ''; strlen($string) < $length; $string .= chr($chars[array_rand($chars)]));       
        switch ($case){
            case 'i': default: return $string;
            case 'u': return strtoupper($string);
            case 'l': return strtolower($string);
        }
    }
    
$number = swd_rand(5);
$_SESSION['captcha'] = $number; 
$my_img = imagecreatefrompng("captcha/captcha_blank.png");
$text_color = imagecolorallocate( $my_img, 255, 255, 255 );
imagestring( $my_img, 5, 18, 7, $number, $text_color );//captcha Number 

$Newfilename = "captcha/C_temp.png";

imagepng($my_img, $Newfilename);    

$captcha = "<img src=\"captcha/C_temp.png\" style=\"width:80px; height:30px; border:1px solid #F2F5FD\" />";
?>

I then echo $captcha image code down in the form by the input field.

I compare the POST captcha to the session value using strtoupper() to give the user the benefit of hitting the correct keys even if they miss the casing.

$_SESSION['captcha'] == strtoupper($_POST['captcha'])
16

The problem is that in isolation, your latest code seems fine, though I am not familiar with the “prepvalue()” function that you use at the start of it. I see you get the form post value, send it through that function, then compare the MD5 of the result to the session variable that your captcha function created. But I can’t see any code where it’s posting the comment (presumably by ‘posting’ you mean it’s being stored in the database) so I don’t know where it’s being called from to be able to comment on why it does it when you think it should not. Maybe a more experienced PHPer can give more insight.

From the code you posted, what is the content of the ‘verify’ text box before you send it through prepvalue(), and what is the content of it afterwards? What does it produce as an MD5, and what is the value of the image-random-value session variable? And where do you call the code that posts the comment? You’ve got a comment just before redirecting that you’re doing so after login, but you said earlier that you don’t make users log in, so that’s confusing me too.

17

Drummin,

Yes it looks great I would love to use it. How does the logic work? So I have a template file that is the form where the text field and captcha would appear, what code do I use in there. Since it is a template that is used by php it can’t be too advanced with the coding. Then I would put the code in the main form for processing. Your captcha is easier to use and has better features.

Peter

18

To use the code I posted, place that code at the top of the template file page just after session_start()
As I mentioned, down in the form you would echo $captcha next to your form input field like so

<?php if(isset($captcha)){echo $captcha;}?> Enter TEXT here -- > <input type="text" name="captcha" />

On your processing page you would do the captcha comparison along with your other checks.

$_SESSION['captcha'] == strtoupper($_POST['captcha'])

For example:

if(filter_var($_POST['email'], FILTER_VALIDATE_EMAIL) && !empty($_POST['message']) && $_SESSION['captcha'] == strtoupper($_POST['captcha'])){

Note: Processing would need to be done on a separate file than the form page.
Also note in the code I have a directory called captcha where the blank and temp image is stored. Adjust path if needed.

19

This topic was automatically closed 91 days after the last reply. New replies are no longer allowed.