Help with PHP Microcaptcha addon

[norwichchris]

Hi,I'm new to PHP, I am doing a postcard script but I want to add a microcaptcha program for security reasons. Basically it doesn't work anymore, I have tried removing the security code but it still doesn't work. Code: <?php // PHP script for Checking Security code if (isset($_POST['submit'])){ $secCode = isset($_POST['secCode']) ? strtolower($_POST['secCode']) : ""; if ($secCode == $_SESSION['securityCode']) { echo "<p>The result code was valid!<br/></p>"; unset($_SESSION['securityCode']); $result = true; } else { echo "<p>Sorry the security code is invalid! Please try it again!</p>"; $result = false; } }?> <?php } else if ( (isset($_POST['submit'])) && (!isset($_GET['show'])) ) { $pic = isset ($_POST['selimg']) ? $_POST['selimg'] : ''; $filename = date('YmdGis'); $f = fopen('messages/'.$filename.".txt","w+"); fwrite($f,$pic."\n"); fwrite($f,$_POST['email']."\n"); fwrite($f,htmlspecialchars($_POST['message'])."\n"); fclose($f); // Compose the mail $from = "From: $senderName <$senderEmail>\r\n"; $replay = "Reply-To: $senderEmail\r\n"; $params = "MIME-Version: 1.0\r\n"; $params .= "Content-type: text/plain; charset=iso-8859-1\r\n"; $mailtext = "You have just received a virtual postcard!\r\n\r\n" . "You can pick up your postcard at the following web address:\r\n" . "$postcardURL"."?show=$filename\r\n\r\n" . "We hope you enjoy your postcard, and if you do, please take a moment to send a few yourself!\r\n\r\n" . "Regards,\r\n" . "MicroPostcard\r\n" . $postcardURL; // Send email @mail($_POST['email'],"You've received a postcard",$mailtext,$from.$replay.$params);?> <center> <h2>Your postcard was sent through successfully!!<br/> <br/> <img src='images/<?php echo $pic; ?>' alt="postcard" /><br/> <br/> <br/> </h2> <?php echo nl2br(htmlspecialchars($_POST['message'])); ?></center> <?php } else if ( (!isset($_POST['submit'])) && (isset($_GET['show'])) ) { $file = isset($_GET['show']) ? $_GET['show'] : '' ; $content = file('messages/'.$file.".txt"); $pic = $content['0']; unset ($content['0']); unset ($content['1']); $main = ""; foreach ($content as $value) { $main .= $value; }?> <center> <h2>Your postcard!<br/> <br/> <img src='images/<?php echo $pic; ?>' alt="postcard" /><br/> <br/> <br/> </h2> <?php echo nl2br(htmlspecialchars($main)); ?></center> <?php } ?> <div id="source"> <h2>Micro Postcard 1.0</h2>any help would be much appreciated, also here is my link: http://voluntary.awardspace.co.uk/AUPostcard2.php

[justsomeguy]

What do you mean that it doesn't work? What does the code look like which adds the captcha to the form?

[chibineku]

It works for me..

[norwichchris]

It works for me..

Hi,apoligies for the poor description, basically what happens it still sends the e-card whether or not the box is filled in or not. Here is the code for the microcaptcha: <?phpsession_start();$width = 120;$height = 40;$length = 5;$baseList = '0123456789abcdfghjkmnpqrstvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ';$code = "";$counter = 0;$image = @imagecreate($width, $height) or die('Cannot initialize GD!');for( $i=0; $i<10; $i++ ) { imageline($image, mt_rand(0,$width), mt_rand(0,$height), mt_rand(0,$width), mt_rand(0,$height), imagecolorallocate($image, mt_rand(150,255), mt_rand(150,255), mt_rand(150,255)));}for( $i=0, $x=0; $i<$length; $i++ ) { $actChar = substr($baseList, rand(0, strlen($baseList)-1), 1); $x += 10 + mt_rand(0,10); imagechar($image, mt_rand(3,5), $x, mt_rand(5,20), $actChar, imagecolorallocate($image, mt_rand(0,155), mt_rand(0,155), mt_rand(0,155))); $code .= strtolower($actChar);} header('Content-Type: image/jpeg');imagejpeg($image);imagedestroy($image);$_SESSION['securityCode'] = $code;?>the code is desgiend to prevent spam mail and I want it to not send anything if the code is invalid or not typed in. also here is the full code for my Postcard script: <?php session_start(); ?><?php/************************************************* * Micro Postcard * * Version: 1.0 * Date: 2007-07-10 * * Usage: * Step 1. * Copy your normal sized image into the images directory * and the thumbnails with the same name into the thumbs directory. * We recommend to use 640x480 for normal images and * 128x96 for thumbnails. * * Step 2. * Edit the senderName and senderEmail to a valid name and email. * * Step +1. * Set the postcardURL to the URL where you installed the script * if the address in the email is invalid. * ****************************************************/// CHANGE PARAMETERS HERE BEGIN $columns = 5; $senderName = 'holidaysfromhome'; // Eg.: John's Postcards $senderEmail = 'chrisp@englishchris.awardspace.co.uk'; // Eg.: john@postcard.com // Change only if you have problems with urls $postcardURL = 'http://'.$_SERVER['HTTP_HOST'].$_SERVER['SCRIPT_NAME'];// CHANGE PARAMETERS HERE END// This function displays the available imagesfunction displayPhotos(){ global $columns; $act = 0; // Open the actual directory if ($handle = opendir("thumbs")) { // Read all file from the actual directory while ($file = readdir($handle)) { if (!is_dir($file)) { if ($act == 0) echo "<tr>"; echo "<td align='center'><img src='thumbs/$file' alt='postcard' /><br/><input type='radio' name='selimg' value='$file' /></td>"; $act++; if ($act == $columns){ $act = 0; echo "</tr>"; } } } echo "</tr>"; } }?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "DTD/xhtml1-transitional.dtd"><html><head> <title>Micro Postcard</title> <link href="file:///C|/Users/chrisp/AppData/Local/Temp/style/style.css" rel="stylesheet" type="text/css" /> <style type="text/css"><!--body { background-image:url(background/bg-ray.gif);}.style2 { color: #000000; font-family: Arial, Helvetica, sans-serif; font-size: 18px;}.style3 {font-family: Arial, Helvetica, sans-serif}--> </style><meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"></head><body> <div id="main"> <div id="caption"><a href= http://www.holidaysfromhome.co.uk/><img src="background/beach2.png" alt="" name="Home" width="383" height="100" border="0" id="Home" /></a></div> <?php if ( (!isset($_POST['submit'])) && (!isset($_GET['show'])) ) { ?> <form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post"> <table align="center"> <?php displayPhotos(); ?> </table> <h2 align="center" class="style2">Please Fill the form below and hit "send card". You can delete your message by clicking on </h2> <h2 align="center" class="style2">"reset form" </h2><table width="39%" border="1" align="center" cellpadding="1" cellspacing="1" bordercolor="#000000"> <tr bordercolor="#FFFFFF" bgcolor="#FFFFFF"> <td bordercolor="#000000"><p><span class="style3">Send to (email address):</span> </p> <p> <input type="text" name="email" size="40"/> </p></td> </tr> <tr bordercolor="#FFFFFF" bgcolor="#FFFFFF"><td bordercolor="#000000"><p align="center"><span class="style3">Message:</span></p> <p> <textarea name="message" rows="15" cols="60"></textarea> </p></td> </tr> <tr bordercolor="#FFFFFF" bgcolor="#FFFFFF"> <td align="center" bordercolor="#000000"><div align="left"></div> <p><img src="securityCode.php" alt="security code" border="1" /> </p> <p> <input class="text" name="secCode" type="text" size="10" /> </p></td> </tr> <tr bordercolor="#FFFFFF" bgcolor="#FFFFFF"> <td align="center" bordercolor="#000000"> <p align="left"> <input type="reset" name="Reset" value="Reset Form" /> <input type="submit" value="Send card!" name="submit"/></p> </td> </tr> </table> </form> <?php // PHP script for Checking Security code if (isset($_POST['submit'])){ $secCode = isset($_POST['secCode']) ? strtolower($_POST['secCode']) : ""; if ($secCode == $_SESSION['securityCode']) { echo "<p>The result code was valid!<br/></p>"; unset($_SESSION['securityCode']); $result = true; } else { echo "<p>Sorry the security code is invalid! Please try it again!</p>"; $result = false; } }?> <?php } else if ( (isset($_POST['submit'])) && (!isset($_GET['show'])) ) { $pic = isset ($_POST['selimg']) ? $_POST['selimg'] : ''; $filename = date('YmdGis'); $f = fopen('messages/'.$filename.".txt","w+"); fwrite($f,$pic."\n"); fwrite($f,$_POST['email']."\n"); fwrite($f,htmlspecialchars($_POST['message'])."\n"); fclose($f); // Compose the mail $from = "From: $senderName <$senderEmail>\r\n"; $replay = "Reply-To: $senderEmail\r\n"; $params = "MIME-Version: 1.0\r\n"; $params .= "Content-type: text/plain; charset=iso-8859-1\r\n"; $mailtext = "You have just received a virtual postcard!\r\n\r\n" . "You can pick up your postcard at the following web address:\r\n" . "$postcardURL"."?show=$filename\r\n\r\n" . "We hope you enjoy your postcard, and if you do, please take a moment to send a few yourself!\r\n\r\n" . "Regards,\r\n" . "MicroPostcard\r\n" . $postcardURL; // Send email @mail($_POST['email'],"You've received a postcard",$mailtext,$from.$replay.$params);?> <center> <h2>Your postcard was sent through successfully!!<br/> <br/> <img src='images/<?php echo $pic; ?>' alt="postcard" /><br/> <br/> <br/> </h2> <?php echo nl2br(htmlspecialchars($_POST['message'])); ?></center> <?php } else if ( (!isset($_POST['submit'])) && (isset($_GET['show'])) ) { $file = isset($_GET['show']) ? $_GET['show'] : '' ; $content = file('messages/'.$file.".txt"); $pic = $content['0']; unset ($content['0']); unset ($content['1']); $main = ""; foreach ($content as $value) { $main .= $value; }?> <center> <h2>Your postcard!<br/> <br/> <img src='images/<?php echo $pic; ?>' alt="postcard" /><br/> <br/> <br/> </h2> <?php echo nl2br(htmlspecialchars($main)); ?></center> <?php } ?> <div id="source"> <h2>Micro Postcard 1.0</h2> </div> </div></body> I know I have done something horribly wrong and i'm not sure how to correct it.

[justsomeguy]

Your code to check the captcha should go with the code that sends the mail. Your code is structured like this:

if ( (!isset($_POST['submit'])) && (!isset($_GET['show'])) ){  // show form  if (isset($_POST['submit']))  {	// check captcha  }}else if ( (isset($_POST['submit'])) && (!isset($_GET['show'])) ){  // send email}

Not that the code that checks the captcha is actually unreachable code, it will never execute because of the if statement. Note also that the code that sends the email is in a totally different place than the code that checks the captcha.

[norwichchris]

ok i know it was wrong when I did it, but i'm not entirely sure how to to fix? I understand that its if-else statements In the end what I want is for the program to execute the security only if it is valid.If it is not valid then it should show form againany help would be much appreciated

[justsomeguy]

It's best to put all of your PHP code on the top of the page, and your HTML code below that. Do all of your form processing first and use true/false variables to keep track of whether you need to show the form, send the email, show error messages, etc. Your code should basically be formatted like this:

<?php$errors = false;if (isset($_POST['submit'])){  // get form values, validate, check for errors, etc, set $errors to true if there was a problem  if ($errors == false)  {	// send email, redirect to confirmation or thank you page  }}?><!-- show form -->

One of the advantages of doing it that way is that you only have the form in one place, and if there were any errors above then you can still write out the values that were submitted when you display the form again with the error messages.