How to add this captcha into this existing Contact Form?

How can I add this captcha script into this existing Contact Form?

<form action="validate.php" method="post">
Enter Image Text
<input name="captcha" type="text">
<img src="captcha.php" /><br>
<input name="submit" type="submit" value="Submit">
</form>

Into this:


<form id="ajax-contact" method="post">
<table class="table">
<tr>
<td colspan="3"><textarea id="contact-message" placeholder="MESSAGE:" required/></textarea>
 </td>
<tr>
<td>
<input id="contact-name" name="name" value="NAME" onfocus="if (this.value=='NAME') {this.value=''; this.style.color='#000000';}" onclick="clickclear(this, 'Enter Name')" onblur="clickrecall(this,'')" required/>
</td>
<td>
<input id="contact-email" name="email" value="EMAIL" style="float:left" onfocus="if (this.value=='EMAIL') {this.value=''; this.style.color='#696969';}" onclick="clickclear(this, 'Enter Email')" onblur="clickrecall(this,'')" required/>
</td>
<input type="hidden" name="submit" ><input class="my-input" type="submit" value="SEND">
</td>
</tr>
</table>
</form>

Any guidance will be appreciated.

Just add these lines:

Enter Image Text
<input name="captcha" type="text">
<img src="captcha.php" /><br>

into your form. The img tag calls captcha.php which outputs the image that contains the captcha. I don’t see how you’ll validate it though, unless it’s storing the value somewhere that you then look up in your form processing.

Thanks for your reply. Much appreciated.

So, now my Form looks like this:

<form id="ajax-contact" method="post">
<table class="table">
<tr>
<td colspan="3"><textarea id="contact-message" placeholder="MESSAGE:" required/></textarea>
</td>
<tr>
<td>
<input id="contact-name" name="name" value="NAME" onfocus="if (this.value=='NAME') {this.value=''; this.style.color='#000000';}" onclick="clickclear(this, 'Enter Name')" onblur="clickrecall(this,'')" required/>
</td>
<td>
<input id="contact-email" name="email" value="EMAIL" style="float:left" onfocus="if (this.value=='EMAIL') {this.value=''; this.style.color='#696969';}" onclick="clickclear(this, 'Enter Email')" onblur="clickrecall(this,'')" required/>
</td>
<tr>
<td>
Enter Image Text
<input name="captcha" type="text">
<img src="captcha.php" /><br>
</td>
<td>
<input type="hidden" name="submit" ><input class="my-input" type="submit" value="SEND">
</td>
</tr>
</table>
</form>

And the validate.php that came with the captcha script is simply this:

<?php
session_start();
if(isset($_POST["captcha"])&&$_POST["captcha"]!=""&&$_SESSION["code"]==$_POST["captcha"])
{
echo "Correct Code Entered";
//Do your stuff
}
else
{
die("Wrong Code Entered");
}
?>

So, is it possible to integrate it into the contact_form.php? Here’s that code:

<?php
$data = json_decode(file_get_contents("php://input"));
$name = trim($data->name);
$name = str_replace(array("\r", "\n"), array(" ", " "), $name);
$email = filter_var(trim($data->email), FILTER_SANITIZE_EMAIL);
$message = trim($data->message);
// Check that data was sent.
if (empty($name) || empty($message) || !filter_var($email, FILTER_VALIDATE_EMAIL)) {
echo "One or more invalid entries. Please try again.";
exit;
}

$to = "support@...com";
$from = "From: contact-form@...com". "\r\n";
$body = "A message has been sent via the website contact form.\n\n";
$body .= "Name: $name\n";
$body .= "Email: $email\n\n";
$body .= "Message:\n$message\n";

if (mail($to, 'Customer Inquiry', $body)){
echo "Thank You. Your Message Has Been Sent.";
} else {
echo "An error has occurred and your message could not be sent.";
}
?>

Any assistance will be appreciated.

Ah, I see how it’s doing it - when the captcha.php script generates the image, it sets a session variable called $_SESSION['code'] containing the value it needs to be. So you need to merge the extra bits into your contact_form.php

  • Add the session_start() to the start of your code (just before the second line).
  • Add the check for the value from validate to your own validation - you could do this separately by copying the exact code from the sample before or after your own check, or you could just merge it in and give the same error message whatever they do wrongly.

That should do it, come back if you have problems with it.

Thanks for your reply.

Yes, I could use a little more help.
I merged the code together, as suggested, but after I tested/completed the Form and entered the correct Captcha code, the Form info sends successfully, but the message shows:
“Thank You. Your Message Has Been Sent.Wrong Code Entered”

Any additional help wil be appreciated. Here’s the merged code:


<?php
session_start();

$data = json_decode(file_get_contents("php://input"));
$name = trim($data->name);
$name = str_replace(array("\r", "\n"), array(" ", " "), $name);
$email = filter_var(trim($data->email), FILTER_SANITIZE_EMAIL);
$message = trim($data->message);
// Check that data was sent.
if (empty($name) || empty($message) || !filter_var($email, FILTER_VALIDATE_EMAIL)) {
echo "One or more invalid entries. Please try again.";
exit;
}

$to = "support@...com";
$from = "From: contact-form@...com". "\r\n";
$body = "A message has been sent via the website contact form.\n\n";
$body .= "Name: $name\n";
$body .= "Email: $email\n\n";
$body .= "Message:\n$message\n";

if (mail($to, 'Customer Inquiry', $body)){
echo "Thank You. Your Message Has Been Sent.";
} else {
echo "An error has occurred and your message could not be sent.";
}

if(isset($_POST["captcha"])&&$_POST["captcha"]!=""&&$_SESSION["code"]==$_POST["captcha"])
{
echo "Correct Code Entered";
//Do your stuff
}
else
{
die("Wrong Code Entered");
}
?>

The logic is a but jumbled up. Why are you checking captcha after sending the mail?

Some proper indenting may make your code easier to debug.

1 Like

Thanks for your reply.
Yes, it is “a bit jumbled up”. I’m hoping someone can help me un-jumble it.

I tried it this way(below), but, now I just get “Wrong Code Entered” when I enter the correct code, and of course the Contact Form info does not send. Any additional guidance will be appreciated.

<?php
	session_start();
	
	$data = json_decode(file_get_contents("php://input"));
	$name = trim($data->name);
	$name = str_replace(array("\r", "\n"), array(" ", " "), $name);
	$email = filter_var(trim($data->email), FILTER_SANITIZE_EMAIL);
	$message = trim($data->message);
	// Check that data was sent.
	if (empty($name) || empty($message) || !filter_var($email, FILTER_VALIDATE_EMAIL)) {
	echo "One or more invalid entries. Please try again.";
	exit;
	}
	
	if(isset($_POST["captcha"])&&$_POST["captcha"]!=""&&$_SESSION["code"]==$_POST["captcha"])
	{
	echo "Correct Code Entered";
	//Do your stuff
	}
	else
	{
	die("Wrong Code Entered");
	}
	
	$to = "support@...com";
	$from = "From: contact-form@...com". "\r\n";
	$body = "A message has been sent via the website contact form.\n\n";
	$body .= "Name: $name\n";
	$body .= "Email: $email\n\n";
	$body .= "Message:\n$message\n";
	
	if (mail($to, 'Customer Inquiry', $body)){
	echo "Thank You. Your Message Has Been Sent.";
	} else {
	echo "An error has occurred and your message could not be sent.";
	}
?>

What’s in the session variable when your PHP code is called? Add var_dump($_SESSION) after you have called session_start().

I added this:
var_dump($_SESSION);

after this:
session_start();

completed and submitted the Form and I see this:

array(2) { ["security_code"]=> string(6) "9569qb" ["code"]=> int(6133) } Wrong Code Entered

I look forward to any assistance with this.

Not sure if this will make any difference. Try adding this bit of code just before the line that starts IF (isset($_POST['captcha']) ...

$capt = trim($data->captcha);

and change any reference to $_POST['captcha'] to use $capt instead. I’ve read a note that suggests that if you pass the form data through in JSON-encoded form, $_POST may not handle it correctly.

Thanks again for your reply/suggestion.

I believe I followed your instuctions correctly:

<?php
session_start();
var_dump($_SESSION);
$data = json_decode(file_get_contents("php://input"));
$name = trim($data->name);
$name = str_replace(array("\r", "\n"), array(" ", " "), $name);
$email = filter_var(trim($data->email), FILTER_SANITIZE_EMAIL);
$message = trim($data->message);
// Check that data was sent.
if (empty($name) || empty($message) || !filter_var($email, FILTER_VALIDATE_EMAIL)) {
echo "One or more invalid entries. Please try again.";
exit;
}

$capt = trim($data->captcha);
//if(isset($_POST["captcha"])&&$_POST["captcha"]!=""&&$_SESSION["code"]==$_POST["captcha"])
if(isset($capt["captcha"])&&$capt["captcha"]!=""&&$_SESSION["code"]==$capt["captcha"])
{
echo "Correct Code Entered";
//Do your stuff
}
else
{
die("Wrong Code Entered");
}

$to = "support@...com";
$from = "From: contact-form@...com". "\r\n";
$body = "A message has been sent via the website contact form.\n\n";
$body .= "Name: $name\n";
$body .= "Email: $email\n\n";
$body .= "Message:\n$message\n";

if (mail($to, 'Customer Inquiry', $body)){
echo "Thank You. Your Message Has Been Sent.";
} else {
echo "An error has occurred and your message could not be sent.";
}
?>

And then ran the Form and see this:
array(2) { ["security_code"]=> string(6) "kZ2psm" ["code"]=> string(4) "6065" } Wrong Code Entered

Any additional suggestions will be greatly appreciated.

Also, I saw this on a Support Forum (i’m not sure if it pertains to this but if it does, can you suggest where I would add that? It said this:

"If you already have your parameters set like $_POST[‘eg’] for example and you don’t wish to change it, simply do it like this:

$_POST = json_decode(file_get_contents('php://input'), true);

This will save you the hassle of changing all $_POST to something else and allow you to still make normal post requests."

No, in this instance $capt is a simple variable, not an array, just like the other variables like $name that you extract in the same way at the top of the code. So we haven’t replaced $_POST with $capt, we’ve replaced $_POST['captcha'] with $capt. So lose the references to the array element of $capt in your if() check.

Your other note is a reasonable way to do it but the rest of your code already doesn’t use the $_POST decoding method, so if you make that change you’ll have to change the stuff at the top. Might make it easier to read.

Thanks SO much for your reply. Greatly appreciate the effort.
So, if I understand you correctly I just need to add This:

$capt = trim($data->captcha);

like this:

<?php
session_start();
var_dump($_SESSION);
$data = json_decode(file_get_contents("php://input"));
$name = trim($data->name);
$name = str_replace(array("\r", "\n"), array(" ", " "), $name);
$email = filter_var(trim($data->email), FILTER_SANITIZE_EMAIL);
$message = trim($data->message);
// Check that data was sent.
if (empty($name) || empty($message) || !filter_var($email, FILTER_VALIDATE_EMAIL)) {
echo "One or more invalid entries. Please try again.";
exit;
}

**$capt = trim($data->captcha);**
if(isset($_POST["captcha"])&&$_POST["captcha"]!=""&&$_SESSION["code"]==$_POST["captcha"])
{
echo "Correct Code Entered";
//Do your stuff
}
else
{
die("Wrong Code Entered");
}

$to = "support@...com";
$from = "From: contact-form@...com". "\r\n";
$body = "A message has been sent via the website contact form.\n\n";
$body .= "Name: $name\n";
$body .= "Email: $email\n\n";
$body .= "Message:\n$message\n";

if (mail($to, 'Customer Inquiry', $body)){
echo "Thank You. Your Message Has Been Sent.";
} else {
echo "An error has occurred and your message could not be sent.";
}
?>

Unfortunately, however, the output is:

array(2) { ["security_code"]=> string(6) "XkxHqD" ["code"]=> int(3239) } Wrong Code Entered

I guess I don’t understand from earlier “change any reference to $_POST[‘captcha’] to use $capt instead” and “we’ve replaced $_POST[‘captcha’] with $capt”, in regard to what exactly I need to change.

I also tried this:

$capt = trim($data->captcha);
if(isset($capt)&&$capt!=""&&$_SESSION["code"]==$capt)

Any additional guidance will be greatly appreciated.

Oh, this is what I meant:

$capt = trim($data->captcha);
if(isset($capt)&&$capt!=""&&$_SESSION["code"]==$capt)

Didn’t that work? What was in $capt?

Thanks a lot for your reply. Sorry to report that this:

<?php
session_start();
var_dump($_SESSION);
$data = json_decode(file_get_contents("php://input"));
$name = trim($data->name);
$name = str_replace(array("\r", "\n"), array(" ", " "), $name);
$email = filter_var(trim($data->email), FILTER_SANITIZE_EMAIL);
$message = trim($data->message);
// Check that data was sent.
if (empty($name) || empty($message) || !filter_var($email, FILTER_VALIDATE_EMAIL)) {
echo "One or more invalid entries. Please try again.";
exit;
}
$capt = trim($data->captcha);
if(isset($capt)&&$capt!=""&&$_SESSION["code"]==$capt)
//if(isset($_POST["captcha"])&&$_POST["captcha"]!=""&&$_SESSION["code"]==$_POST["captcha"])
{
echo "Correct Code Entered";
//Do your stuff
}
else
{
die("Wrong Code Entered");
}

$to = "support@...com";
$from = "From: contact-form@...com". "\r\n";
$body = "A message has been sent via the website contact form.\n\n";
$body .= "Name: $name\n";
$body .= "Email: $email\n\n";
$body .= "Message:\n$message\n";

if (mail($to, 'Customer Inquiry', $body)){
echo "Thank You. Your Message Has Been Sent.";
} else {
echo "An error has occurred and your message could not be sent.";
}
?>

outputs this:

array(2) { ["security_code"]=> string(6) "ys3ckT" ["code"]=> int(2493) } Wrong Code Entered

I don’t know how to answer your question “What was in $capt?” How do I get that information for you?

Exactly the same way that you display the contents of the $_SESSION array at the start of the code - using var_dump(). Incidentally now it’s clear that the session variables contain what you expect, you can remove that line to stop it interfering with the display.

If there’s nothing in $capt - can you show the code that assembles the form data and sends it via ajax to your contact_form.php file? I am assuming that’s how the form is submitted as the form tag has no “action” tag, and I do wonder whether the javascript code has to be modified to make it gather and submit the extra field you’ve added.

Thanks again for your replies.

Regarding “I do wonder whether the javascript code has to be modified to make it gather and submit the extra field you’ve added”, yes, I’ve gotten some off-forum help with the js and it works successfully now.
Thanks again for your replies.

This topic was automatically closed 91 days after the last reply. New replies are no longer allowed.