PHP Captcha Integration Help

cedward · November 7, 2014

Hey guys... I need a little help in php, i started to learn php and i have one problem in captcha integration system.

I have a short link website and i want to integrate a captcha code on login page.

Login code looks like this

<?php$ref_title = "Login";include('header.php');include("include/functions.php");$uip = getIP();?><?phpif($loggedin == '1') {echo"<script type='text/javascript'>window.location= './acc.php'</script>";}if($aloggedin == '1') {echo"<script type='text/javascript'>window.location= './advpanel.php'</script>";}?>		<div class="rbcontent"><div style="position:relative; top: -25px;"><img src="./images/back-top.png"></div><div style="padding:0 35;"><br><h2 style="color: #E97F01;"> <span style="background-color: #ECECEC; padding:0 12px;"><?php echo"$loginPageT"; ?></span> </h2><br><form method="POST"><p><?php echo"$loginPageFormTU"; ?>  <input type='text' name='username' size='40' id='textval' style='float:none;'></p><p><?php echo"$loginPageFormTP"; ?> <input type='password' name='password' size='40' id='textval' style='float:none;'></p><br><br><input type="submit" name="submit" value='<?php echo"$submitButtonSumbit"; ?>' class="btnreg"></form><?phpif (isset($_POST['submit'])) {$username = mysql_real_escape_string($_POST['username']);$password = mysql_real_escape_string(md5($_POST['password']));$selecttype = mysql_query("SELECT * FROM members WHERE username='$username'");$selecttypeadv = mysql_query("SELECT * FROM advertisers WHERE username='$username'");$pubrows = mysql_num_rows($selecttype);$advrows = mysql_num_rows($selecttypeadv);if($pubrows == '1') {$acctype = 'publisher';}if($advrows == '1') {$acctype = 'advertiser';}	if ($username&&$password)	{		if($acctype == '') {	echo"<center><span style='color: #C0003B; font-weight: bold;'>$errorUsername</span></center>";	}            if($acctype == 'publisher') {           		$query = mysql_query("SELECT * FROM members WHERE username='$username'");		$numrows = mysql_num_rows($query);			if ($numrows!=0)			{				 while ($row = mysql_fetch_assoc($query))				  {					     $dbusername = $row['username'];					     $dbpassword = $row['password'];				   }					  // check to see if they match!				  if ($username==$dbusername&&$password==$dbpassword)				  {					    $_SESSION['username'] = $username;                                            $_SESSION['password'] = $password;                                          $updateip = mysql_query("UPDATE members SET lastip='$uip' WHERE username='$username'"); 					    echo "<script type='text/javascript'>window.location= './acc.php'</script>";					  }				  else  					  { echo "<center><span style='color: #C0003B; font-weight: bold;'>$errorPassword</span></center>";  } 			}			else{			  echo "<center><span style='color: #C0003B; font-weight: bold;'>$errorUsername</span></center>"; }}else if($acctype == 'advertiser') {		$query = mysql_query("SELECT * FROM advertisers WHERE username='$username'");		$numrows = mysql_num_rows($query);			if ($numrows!=0)			{				 while ($row = mysql_fetch_assoc($query))				  {					     $dbusername = $row['username'];					     $dbpassword = $row['password'];				   }					  // check to see if they match!				  if ($username==$dbusername&&$password==$dbpassword)				  {					    $_SESSION['username']=$username;                                            $_SESSION['password']=$password;                                            $_SESSION['acctype'] = 1;                                           $updateip = mysql_query("UPDATE advertisers SET lastip='$uip' WHERE username='$username'"); 					    echo "<script type='text/javascript'>window.location= './advpanel.php'</script>";					  }				  else  					  { echo "<center><span style='color: #C0003B; font-weight: bold;'>$errorPassword</span></center>";  } 			}			else{			  echo "<center><span style='color: #C0003B; font-weight: bold;'>$errorUsername</span></center>"; }}		}		else{	 echo "<center><span style='color: #C0003B; font-weight: bold;'>$errorComplete</span></center>"; }}?><br><center><div id="regnow"> <div style="padding:10 70;"><?php echo"$loginPageFormQ"; ?></div></div> <br> Forgot your password? <a href='./recoverp.php'>Click here to recover</a></center><br></div><div style="position:relative; top: 25px;"><img src="./images/back-bottom.png"></div>		</div><!-- /rbcontent --><?phpinclude('footer.php');?>

And i have this captcha code

 To use minteye Captcha with PHP, download minteye Captcha PHP library, just to make things easier for you.Extract and save adscaptchalib.php on your website directory.In order to use the PHP library, you'll need to include the library in the page/s which use it:<?phprequire_once('adscaptchalib.php');?>                                Client Side - Display your CAPTCHANow you're ready to display your CAPTCHA.Place this code inside your <form> where the minteye Captcha will be placed:$captchaId  = '';   // Set your captcha id here$publicKey  = '';   // Set your public key hereecho GetCaptcha($captchaId, $publicKey);                                Don't forget to set your Captcha ID and public key values.Server Side - Validate your CAPTCHAOn your validation process, place this code:$captchaId  = '';   // Set your captcha id here$privateKey = '';   // Set your private key here$challengeValue = $_POST['adscaptcha_challenge_field'];$responseValue  = $_POST['adscaptcha_response_field'];$remoteAddress  = $_SERVER["REMOTE_ADDR"];if ("true" == ValidateCaptcha($captchaId, $privateKey, $challengeValue, $responseValue, $remoteAddress)){    // Corrent answer, continue with your submission process} else {    // Wrong answer, you may display a new minteye Captcha and add an error args }

i managed to make it work as you can see on http://millionadvertising.com/login.php but it won`t work because eighter you complete or not capcha user can login.

Can you help me out ?

Thanks

Edited November 7, 2014 by cedward

justsomeguy · November 7, 2014

Your login code doesn't include the code to check the captcha, did you add that?

cedward · November 7, 2014

I posted here the original scripts. Original Login and original captcha code so you can easly see where i need to integrate the captcha code to work good ...

justsomeguy · November 7, 2014

They show code that is similar to what you need to add. You need to include the required file on your form processing page, and do the same kind of checks that they show. It sounds like you only done half of it.

cedward · November 9, 2014

I managed to do this integration:

<?php$ref_title = "Login";include('header.php');include("include/functions.php");$uip = getIP();?><?phprequire_once('adscaptchalib.php');?><?phpif($loggedin == '1') {echo"<script type='text/javascript'>window.location= './acc.php'</script>";}if($aloggedin == '1') {echo"<script type='text/javascript'>window.location= './advpanel.php'</script>";}?>		<div class="rbcontent"><div style="position:relative; top: -25px;"><img src="./images/back-top.png"></div><div style="padding:0 35;"><br>		<h2 style="color: #E97F01;"> <span style="background-color: #ECECEC; padding:0 12px;"><?php echo"$loginPageT"; ?></span> </h2><br>							Solve Captcha to Login			<?php						$captchaId  = '6731';   // Set your captcha id here		$publicKey  = 'a5cd8e41e8ac4d66a02f2634edb051f3';   // Set your public key here		$privateKey = '9de3dab7d68843f1a1d3cc7e9af142fe';   // Set your private key here		$challengeValue = $_POST['adscaptcha_challenge_field'];		$responseValue  = $_POST['adscaptcha_response_field'];		$remoteAddress  = $_SERVER["REMOTE_ADDR"];				if ($challengeValue == null) {			echo GetCaptcha($captchaId, $publicKey);			?>	<form method="POST"><p><?php echo"$loginPageFormTU"; ?>  <input type='text' name='username' size='40' id='textval' style='float:none;'></p><p><?php echo"$loginPageFormTP"; ?> <input type='password' name='password' size='40' id='textval' style='float:none;'></p><form method="post" style="margin: auto;">			<br><br><input type="submit" name="submit" value='<?php echo"$submitButtonSumbit"; ?>' class="btnreg"></form><?php} else {			if (ValidateCaptcha($captchaId, $privateKey, $challengeValue, $responseValue, $remoteAddress) == "true")			{				echo "Correct Captcha";				// Corrent answer, continue with your submission process			} else {				echo "Wrong Captcha";				// Wrong answer, you may display a new AdsCaptcha and add an error message 			}		}	?><?phpif (isset($_POST['submit'])) {$username = mysql_real_escape_string($_POST['username']);$password = mysql_real_escape_string(md5($_POST['password']));$selecttype = mysql_query("SELECT * FROM members WHERE username='$username'");$selecttypeadv = mysql_query("SELECT * FROM advertisers WHERE username='$username'");$pubrows = mysql_num_rows($selecttype);$advrows = mysql_num_rows($selecttypeadv);if($pubrows == '1') {$acctype = 'publisher';}if($advrows == '1') {$acctype = 'advertiser';}	if ($username&&$password)	{		if($acctype == '') {	echo"<center><span style='color: #C0003B; font-weight: bold;'>$errorUsername</span></center>";	}            if($acctype == 'publisher') {           		$query = mysql_query("SELECT * FROM members WHERE username='$username'");		$numrows = mysql_num_rows($query);			if ($numrows!=0)			{				 while ($row = mysql_fetch_assoc($query))				  {					     $dbusername = $row['username'];					     $dbpassword = $row['password'];				   }					  // check to see if they match!				  if ($username==$dbusername&&$password==$dbpassword)				  {					    $_SESSION['username'] = $username;                                            $_SESSION['password'] = $password;                                          $updateip = mysql_query("UPDATE members SET lastip='$uip' WHERE username='$username'");					    echo "<script type='text/javascript'>window.location= './acc.php'</script>";					  }				  else  					  { echo "<center><span style='color: #C0003B; font-weight: bold;'>$errorPassword</span></center>";  } 			}			else{			  echo "<center><span style='color: #C0003B; font-weight: bold;'>$errorUsername</span></center>"; }}else if($acctype == 'advertiser') {		$query = mysql_query("SELECT * FROM advertisers WHERE username='$username'");		$numrows = mysql_num_rows($query);			if ($numrows!=0)			{				 while ($row = mysql_fetch_assoc($query))				  {					     $dbusername = $row['username'];					     $dbpassword = $row['password'];				   }					  // check to see if they match!				  if ($username==$dbusername&&$password==$dbpassword)				  {					    $_SESSION['username']=$username;                                            $_SESSION['password']=$password;                                            $_SESSION['acctype'] = 1;                                           $updateip = mysql_query("UPDATE advertisers SET lastip='$uip' WHERE username='$username'"); 					    echo "<script type='text/javascript'>window.location= './advpanel.php'</script>";					  }				  else  					  { echo "<center><span style='color: #C0003B; font-weight: bold;'>$errorPassword</span></center>";  } 			}			else{			  echo "<center><span style='color: #C0003B; font-weight: bold;'>$errorUsername</span></center>"; }}		}		else{	 echo "<center><span style='color: #C0003B; font-weight: bold;'>$errorComplete</span></center>"; }}?><br><center><div id="regnow"> <div style="padding:10 70;"><?php echo"$loginPageFormQ"; ?></div></div> <br> Forgot your password? <a href='./recoverp.php'>Click here to recover</a></center>	<?php	?><br></div><div style="position:relative; top: 25px;"><img src="./images/back-bottom.png"></div>		</div><!-- /rbcontent --><?phpinclude('footer.php');?>

Demo: http://www.millionadvertising.com/login.php

but it skip the captcha verification. It show the captcha but eighter you complete the captcha eighter not the login procces still goes on.

user: wipingshooter

password : parola0107

cedward · November 10, 2014

Anyone can help me please?

cedward · November 10, 2014

With this code i managed to do this : Captcha check if correct or not. Eighter if is correct or not, user can`t login

<?php$ref_title = "Login";include('header.php');include("include/functions.php");$uip = getIP();?><?phprequire_once('adscaptchalib.php');?><?phpif($loggedin == '1') {echo"<script type='text/javascript'>window.location= './acc.php'</script>";}if($aloggedin == '1') {echo"<script type='text/javascript'>window.location= './advpanel.php'</script>";}?>		<div class="rbcontent"><div style="position:relative; top: -25px;"><img src="./images/back-top.png"></div><div style="padding:0 35;"><br>		<h2 style="color: #E97F01;"> <span style="background-color: #ECECEC; padding:0 12px;"><?php echo"$loginPageT"; ?></span> </h2><br>						<form method="POST"><p><?php echo"$loginPageFormTU"; ?>  <input type='text' name='username' size='40' id='textval' style='float:none;'></p><p><?php echo"$loginPageFormTP"; ?> <input type='password' name='password' size='40' id='textval' style='float:none;'></p><form method="post" style="margin: auto;">	Solve Captcha to Login			<?php						$captchaId  = '6731';   // Set your captcha id here		$publicKey  = 'a5cd8e41e8ac4d66a02f2634edb051f3';   // Set your public key here		$privateKey = '9de3dab7d68843f1a1d3cc7e9af142fe';   // Set your private key here		$challengeValue = $_POST['adscaptcha_challenge_field'];		$responseValue  = $_POST['adscaptcha_response_field'];		$remoteAddress  = $_SERVER["REMOTE_ADDR"];				if ($challengeValue == null) {			echo GetCaptcha($captchaId, $publicKey);			?>				<br><br><input type="submit" name="submit" value='<?php echo"$submitButtonSumbit"; ?>' class="btnreg"></form><?phpif (isset($_POST['submit'])) {$username = mysql_real_escape_string($_POST['username']);$password = mysql_real_escape_string(md5($_POST['password']));$selecttype = mysql_query("SELECT * FROM members WHERE username='$username'");$selecttypeadv = mysql_query("SELECT * FROM advertisers WHERE username='$username'");$pubrows = mysql_num_rows($selecttype);$advrows = mysql_num_rows($selecttypeadv);if($pubrows == '1') {$acctype = 'publisher';}if($advrows == '1') {$acctype = 'advertiser';}	if ($username&&$password)	{		if($acctype == '') {	echo"<center><span style='color: #C0003B; font-weight: bold;'>$errorUsername</span></center>";	}            if($acctype == 'publisher') {           		$query = mysql_query("SELECT * FROM members WHERE username='$username'");		$numrows = mysql_num_rows($query);			if ($numrows!=0)			{				 while ($row = mysql_fetch_assoc($query))				  {					     $dbusername = $row['username'];					     $dbpassword = $row['password'];				   }					  // check to see if they match!				  if ($username==$dbusername&&$password==$dbpassword)				  {					    $_SESSION['username'] = $username;                                            $_SESSION['password'] = $password;                                          $updateip = mysql_query("UPDATE members SET lastip='$uip' WHERE username='$username'");					    echo "<script type='text/javascript'>window.location= './acc.php'</script>";					  }				  else  					  { echo "<center><span style='color: #C0003B; font-weight: bold;'>$errorPassword</span></center>";  } 			}			else{			  echo "<center><span style='color: #C0003B; font-weight: bold;'>$errorUsername</span></center>"; }}else if($acctype == 'advertiser') {		$query = mysql_query("SELECT * FROM advertisers WHERE username='$username'");		$numrows = mysql_num_rows($query);			if ($numrows!=0)			{				 while ($row = mysql_fetch_assoc($query))				  {					     $dbusername = $row['username'];					     $dbpassword = $row['password'];				   }					  // check to see if they match!				  if ($username==$dbusername&&$password==$dbpassword)				  {					    $_SESSION['username']=$username;                                            $_SESSION['password']=$password;                                            $_SESSION['acctype'] = 1;                                           $updateip = mysql_query("UPDATE advertisers SET lastip='$uip' WHERE username='$username'"); 					    echo "<script type='text/javascript'>window.location= './advpanel.php'</script>";					  }				  else  					  { echo "<center><span style='color: #C0003B; font-weight: bold;'>$errorPassword</span></center>";  } 			}			else{			  echo "<center><span style='color: #C0003B; font-weight: bold;'>$errorUsername</span></center>"; }}		}		else{	 echo "<center><span style='color: #C0003B; font-weight: bold;'>$errorComplete</span></center>"; }}?><br><center><div id="regnow"> <div style="padding:10 70;"><?php echo"$loginPageFormQ"; ?></div></div> <br> <?php} else {			if (ValidateCaptcha($captchaId, $privateKey, $challengeValue, $responseValue, $remoteAddress) == "true")			{				echo "Correct Captcha";				// Corrent answer, continue with your submission process			} else {				echo "Wrong Captcha";				// Wrong answer, you may display a new AdsCaptcha and add an error message 			}		}	?>Forgot your password? <a href='./recoverp.php'>Click here to recover</a></center><br></div><div style="position:relative; top: 25px;"><img src="./images/back-bottom.png"></div>		</div><!-- /rbcontent --><?phpinclude('footer.php');?>

justsomeguy · November 10, 2014

You put all of your form processing code inside an if statement checking if the captcha is null. So you'll only process the login form if the captcha was not submitted. It's hard to read your code with the formatting, for example it's not real obvious where this if statement ends:

if ($challengeValue == null) {

Sign In

PHP Captcha Integration Help

Recommended Posts

cedward

Link to comment

Share on other sites

justsomeguy

Link to comment

Share on other sites

cedward

Link to comment

Share on other sites

justsomeguy

Link to comment

Share on other sites

cedward

Link to comment

Share on other sites

cedward

Link to comment

Share on other sites

cedward

Link to comment

Share on other sites

justsomeguy

Link to comment

Share on other sites

Create an account or sign in to comment

Create an account

Sign in

Browse

Activity