...

View Full Version : Problem with captcha



xxcorrosionxx
09-12-2011, 01:51 AM
Alright i implemented captcha code on my index.php which users will be logging in from. Here is the source for that:


<?php
$cryptinstall="./cryptographp.fct.php";
include $cryptinstall;
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<title>DigiChat Member</title>
<link rel="stylesheet" href="images/main.css" media="screen">
<link rel="stylesheet" href="images/colors.css" media="screen">
<link href="loginmodule.css" rel="stylesheet" type="text/css" />
<style type="text/css">
.style1 {
color: #CCCCCC;
font-style: italic;
font-weight: bold;
}
a:link {
color: 0893FF;
}
body,td,th {
color: 0893FF;
}
.style3 {color: #1f9dff}
a:hover {
color: 0893FF;
}
.style4 {color: #666666}
.style5 {color: #666666#666666; }
body {
background-image: url(images/bg.jpg);
}
</style>
</head>
<body>
<div id="container">
<div id="header">
<a id="logo" href="#" title="Support Center"><img src="images/head.png" alt="Support Center" width="801" height="64" border="0"></a></div>
<ul id="nav">
<li><a class="ticket_status" href="./index.php">Home</a></li>
<li><a class="new_ticket" href="./members.php">Members</a><a class="new_ticket" href="./register.php">Register</a><a class="new_ticket" href="./news.php">News</a></li>
<li></li>

</ul>
<div id="content">
<div id="index">
<h1 class="style3">Welcome to DigiScript MemberShip</h1>
<p class="big style4">DigiScript Membership is a php/msql web based membership script. It's sole purpose is to provide a simple and easy database to allow new and old users to sign into your chat server. By allowing users to register and login, thsey can pick a variety of setting's for their profile and be able to login to your chat only as a member. </p>
<hr>
<table width="773" height="147" border="0" align="left">
<tr>
<td width="407"><h3 align="center"><span class="style3 rcol"><strong>Login To Your Account! </strong></span></h3>
<p align="center" class="style5">Please be sure to login to your free account with the correct detail's you inserted when registering, Thank You. </p>
<?php
if( isset($_SESSION['ERRMSG_ARR']) && is_array($_SESSION['ERRMSG_ARR']) && count($_SESSION['ERRMSG_ARR']) >0 ) {
echo '<ul class="err">';
foreach($_SESSION['ERRMSG_ARR'] as $msg) {
echo '<li>',$msg,'</li>';
}
echo '</ul>';
unset($_SESSION['ERRMSG_ARR']);
}
?>
<form id="loginForm" name="loginForm" method="post" action="login-exec.php">
<table width="300" border="0" align="center" cellpadding="2" cellspacing="0">
<tr>
<td width="112"><b>Login</b></td>
<td width="188"><input name="login" type="text" class="msg" id="login" /></td>
</tr>
<tr>
<td><b>Password</b></td>

<td><input name="password" type="password" class="msg" id="password" /></td>
</tr>
<tr>
<td>&nbsp;</td>
<td><div align="center">
<table cellpadding=1>
<tr>
<td align="center"><?php dsp_crypt(0,1); ?></td>
</tr>
<tr>
<td align="center">Enter Code Below: <br>
<input type="text" name="code"></td>
</tr>
<tr>
<td align="center"><input type="submit" name="submit" value="Login Now!"></td>
</tr>
</table>
</div></td>
</tr>
</table>
<p align="center">&nbsp;</p>
</form>
</td>

<td width="407"><h3 align="center"><span class="style3 rcol"><strong>Register Now! </strong></span></h3>
<p align="center" class="style4">Registering an account is free and safe to use. Without registering, you cannot access our chat system. </p>
<form>
<div align="center">
<input name="BUTTON" type="BUTTON" onClick="window.location.href='./register.php'" value="Register">
</div>
</form>
</td>

</tr>
</table>
<p>&nbsp;</p>
<p>&nbsp;</p>
<p>&nbsp;</p>
<p>&nbsp;</p>
<p><br>
</p>
</div>
<div style="clear:both"></div>
</div>
<div id="footer"></div>
</div>
<div align="center">
<img src="images/poweredby.png" alt="Powered by osTicket" height="38" width="802"></div>
</body></html>

Alright now i have added some code to the login-exec.php so that the captcha can validate on login attempts. My problem is that when i go to login under a registered username it brings me back to the index again (refreshes the page basically). But when i type incorrect login information it submit's the verification saying what is incorrect. I am missing some line of code i am thinking but i cannot seem to get what i have missed. Can someone shed some light on my incorrect code?


<?php
//Start session
session_start();

//Include database connection details
require_once('config.php');

//Array to store validation errors
$errmsg_arr = array();

//Validation error flag
$errflag = true;

//Connect to mysql server
$link = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD);
if(!$link) {
die('Failed to connect to server: ' . mysql_error());
}

//Select database
$db = mysql_select_db(DB_DATABASE);
if(!$db) {
die("Unable to select database");
}

//Function to sanitize values received from the form. Prevents SQL injection
function clean($str) {
$str = @trim($str);
if(get_magic_quotes_gpc()) {
$str = stripslashes($str);
}
return mysql_real_escape_string($str);
}

//Sanitize the POST values
$login = clean($_POST['login']);
$password = clean($_POST['password']);
$code = ($_POST['code']);

//Input Validations
if($login == '') {
$errmsg_arr[] = 'Login ID missing';
$errflag = true;
}
if($password == '') {
$errmsg_arr[] = 'Password missing';
$errflag = true;
}
if($code == '') {
$errmsg_arr[] = 'Incorrect captcha Code';
$errflag = true;
}

//If there are input validations, redirect back to the login form
if($errflag) {
$_SESSION['ERRMSG_ARR'] = $errmsg_arr;
session_write_close();
header("location: index.php");
exit();
}

//Create query
$qry="SELECT * FROM members WHERE login='$login' AND passwd='".md5($_POST['password'])."'";
$result=mysql_query($qry);

//Check whether the query was successful or not
if($result) {
if(mysql_num_rows($result) == 1) {
//Login Successful
session_regenerate_id();
$member = mysql_fetch_assoc($result);
$_SESSION['SESS_MEMBER_ID'] = $member['member_id'];
$_SESSION['SESS_FIRST_NAME'] = $member['firstname'];
$_SESSION['SESS_LAST_NAME'] = $member['lastname'];
$_SESSION['SESS_SITE_ID'] = $member['SiteID'];
$_SESSION['SESS_URL'] = $member['Url'];
$_SESSION['SESS_AGE'] = $member['Age'];
$_SESSION['SESS_EXIT_MESSAGE'] = $member['exitmessage'];
$_SESSION['SESS_COMMENTS'] = $member['comments'];
$_SESSION['SESS_REAL_NAME'] = $member['realname'];
session_write_close();
header("location: user.php");
exit();
}else {
//Login failed
header("location: failed.php");
exit();
}
}else {
die("Query failed");
}
?>

BluePanther
09-12-2011, 02:00 AM
There's no check in your form processing code for the captcha verification. You're checking if code is empty, which it won't be in a correct scenario, but you never check the actual value of it making it pretty redundant.
You should surround your logging in bit (including the query) with a check for the captcha value. You should consult your chosen library's documentum for how to do that.

Regardless, that's not what's actually causing your specific problem. Your specific problem is that you're initialising $errflag as true, when it should be initialised as false. Because it's set to true in the beginning, and it isn't set to false anywhere else, your code will always die() and return to the index as per your if($errflag) statement. Change the initialisation to false ( $errflag = FALSE; ) and that will solve that specific problem.

xxcorrosionxx
09-12-2011, 02:05 AM
You are legit! Like they need to make you moderator or something give you some type of reward!

BluePanther
09-12-2011, 02:42 AM
haha thank you. Maybe you could put a little word in ;) lol

Inigoesdr
09-12-2011, 06:40 PM
You are legit! Like they need to make you moderator or something give you some type of reward!

Pfffft. No way. :rolleyes:

tangoforce
09-12-2011, 08:27 PM
No worries Inigoesdr, I know you got me pegged for a promo :thumbsup:

BluePanther
09-12-2011, 08:50 PM
No worries Inigoesdr, I know you got me pegged for a promo :thumbsup:

I'm sure there's room for both of us! :thumbsup:


Pfffft. No way. :rolleyes:

maybe :(

tangoforce
09-12-2011, 10:23 PM
hehehehe



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum