...

View Full Version : Need a quick fix...



2Pacalypse
01-23-2010, 12:30 AM
I'm making a very simple captcha, I'll hopefully build on it later, but this is what I have.



if (isset($_POST['submit'])) {
$code1 = $_POST['code'];
$rcode1 = $_POST['rcode']; }

if ($code1 != $rcode1) {
$message .= "<div>Wrong code entered - please try again</div>";
}
if (!isset($message))
//insert the values

<? $code = rand(1000,9999); ?>
<tr>
<td><font size='2' face='verdana'>Code in the image</font><br /><img src='image.php?code=<? echo ''.$code.''; ?>' /></td>
<td><font size='2' face='verdana'>
<input type='text' name='code'>
</font></td>

<input type='hidden' name='rcode' value='<? echo ''.$code.''; ?> '>
<input type='submit' name='submit' value='Register'>


Basically, there's an image generated by image.php and a random code embedded into it, then the code is sent via hidden input to the submit location, where it should be checked against the one entered by the user and if it's right, will register them an account!

For some reason it's hellbent on telling me I entered it wrong!

Help pleaseee!

(There's other stuff in the file, but I took it out to cut down on post size.)

Fou-Lu
01-23-2010, 01:05 AM
I presume this is incomplete code? Anyway, its a good start the problem is here:


<input type='hidden' name='rcode' value='<? echo ''.$code.''; ?> '>


Look closely at you're value, you've got a space at the end of it. When you start moving further, look into using sessions - the purpose of the captcha is to prevent bots from reading them. If you embed the correct value inside of an html input field, it can read the data provided.

2Pacalypse
01-23-2010, 01:20 AM
;O

So simple... yet I would have grown old trying to find that
As for preventing bots, I have another impossible method of filtering after this stage :)

Thanks very much ;)

JAY6390
01-23-2010, 01:59 AM
Why not just implement recaptcha? it's possibly one of the easiest things ever to implement, and has pre-written code to show how to use it

Len Whistler
01-23-2010, 02:54 AM
What you could do to prevent the bots from reading hidden input values is to change the original value. Then when the user enters the original number it is adjusted to match the changed value during the post process.

Viewer sees 3487
Hidden value is 3524 (3487 + 37)

Viewer enters 3487
During the post process 37 can be added to his entry for a match of the hidden value, or subtract 37 from the hidden input field. The html value of 3524 is no good.



-----------

2Pacalypse
04-29-2010, 08:38 PM
What you could do to prevent the bots from reading hidden input values is to change the original value. Then when the user enters the original number it is adjusted to match the changed value during the post process.

Viewer sees 3487
Hidden value is 3524 (3487 + 37)

Viewer enters 3487
During the post process 37 can be added to his entry for a match of the hidden value, or subtract 37 from the hidden input field. The html value of 3524 is no good.



-----------

I done something similar, the code (4264 for example) is md5()-ified, shortened to the last 4 digits, then those digits are displayed in the captcha image, then the original code 4264 are sent through <input type=hidden> and then it is md5()-ified again, and then shortened to the last 4 digits and they are then compared and what not



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum