...

View Full Version : Resolved Securimage elseif statement



Dan13071992
01-14-2012, 02:39 PM
Hi guys, im trying to work with Securimage and im having a spot of trouble, basically i have the below code:



include_once $_SERVER['DOCUMENT_ROOT'] . '/captcha/securimage.php';

$securimage = new Securimage();

if ($securimage->check($_POST['captcha_code']) == false) {
// the code was incorrect
// you should handle the error so that the form processor doesn't continue

// or you can use the following code if there is no validation or you do not know how
$message= "The security code entered was incorrect!";

}
else{



i want to change the else{ statement to an elseif, however i have tried the code below and it still doesnt work, does anyknow have any idea how I can get it to work as an elseif:



if ($securimage->check($_POST['captcha_code']) == true) {





if ($securimage->check($_POST['captcha_code']) != false) {




if ($securimage->check($_POST['captcha_code']) !== false) {


yet with these the post doesnt work at all. if anyone can help that would be great

cheers.

Danny

12k
01-14-2012, 04:34 PM
With a true/false condition, there are only ever a total of two possibilities. So the if/else if will work, but the following conditions will never be applied. For Example



if (true)
{

} else if (false)
{

}
else {
//never called because top 2 cover all possibilities.
}


May I ask why you are wanting it to be an else if? If you can elaborate, I can tell u another way to write the code.

Dan13071992
01-14-2012, 06:55 PM
basically, i want it with that first part ive showed you, but an elseif statement afterwards (if its true) so that it does the rest of my code, which i didnt display as there is alot of it, but after that i need another captcha sent with a different id thats going to be in another elseif statement, as i didnt want to use else again, just elseif, if that makes sense, unless you want me to upload a picture to show you and ill describe it step by step if that will help?

_Aerospace_Eng_
01-14-2012, 07:34 PM
Your other captcha will need to have a different name. You can't resuse the same captcha in the same post. e.g. name="captcha_code" and name="captcha_code2" then you can do something like this

if ($securimage->check($_POST['captcha_code'])) {
// do some php stuff
}
else if($securimage->check($_POST['captcha_code2']) {
// do some other php stuff
}
else {
// no captchas entered were correct
}

Dan13071992
01-14-2012, 07:41 PM
sorry yes that is what i ment by saming with a different id, so in your code you just gave me, in the "else" statement, could i do the error message



$message= "The security code entered was incorrect!";


also i noticed in this code you just posted there is no check eg:




($securimage->check($_POST['captcha_code']) == false) {



will this still work without the false ??

_Aerospace_Eng_
01-14-2012, 08:04 PM
Well you can but then the question is if the first one is wrong do you even want to check the second one? Using if elseif you won't ever get to the second one. This goes back to what has already been said. There won't be a third option. It is either true or false. If you want to check both then do something like this

<?php
if ($securimage->check($_POST['captcha_code'])) {
// first captcha valid, do some php stuff
}
else {
// first captcha not valid,
$message = "The security code entered was incorrect!";
}
if($securimage->check($_POST['captcha_code2'])) {
// second captcha valid, do some other php stuff
}
else {
// second captcha not valid
$message = "The second security code entered was incorrect!";
}
?>
Of course now though you will only get one $message, not both so you may need to do something like this if you want to capture multiple messages

<?php
$errors = array();
if ($securimage->check($_POST['captcha_code'])) {
// first captcha valid, do some php stuff
}
else {
// first captcha not valid,
$errors[] = "The security code entered was incorrect!";
}
if($securimage->check($_POST['captcha_code2'])) {
// second captcha valid, do some other php stuff
}
else {
// second captcha not valid
$errors[] = "The second security code entered was incorrect!";
}

// now where you want the errors to appear you can do this, this will print out all messages
foreach($errors as $error)
{
echo $error.'<br>';
}
?>

Dan13071992
01-14-2012, 08:09 PM
hopefully the picture below will help you understand a bit more:

http://crimewave.360-tactics.co.uk/bank2pic.png

the first captcha is for the first box, second is for the second box, seperate captcha codes, as i havent changed the id of each captcha in the picture but i will do that now.

_Aerospace_Eng_
01-14-2012, 08:13 PM
You won't have to if they are two different forms. Are they two different forms? If they are no need to change the names but again you will never hit the "else". You would just use

if ($securimage->check($_POST['captcha_code'])) {
// captcha valid, do some php stuff
}
else {
// captcha not valid,
$message = "Incorrect code!";
}

Dan13071992
01-14-2012, 08:35 PM
yes they are two different forms, so using what you just gave me should work, even if i leave both id's as:



captcha_code

_Aerospace_Eng_
01-14-2012, 08:37 PM
Yes that is correct. The latest I gave you should work. No need to do an if/elseif/else, just if/else

Dan13071992
01-14-2012, 08:38 PM
Yes that is correct. The latest I gave you should work. No need to do an if/elseif/else, just if/else


yes that worked :) thanks alot :) ill be sure to add a thanks to your rep :)

Dan13071992
01-14-2012, 08:44 PM
sorry to bring this back up, but theres one more problem i have, the first captcha part works, if its true then it will work, however im trying to impliment my code into the falst bit in the else:



else {
// first captcha not valid,
$vercode = ($_POST['captcha_code']);
mysql_query("INSERT INTO `vercodes` ( `id` , `username` , `code` , `date` , `passed`) VALUES ('', '$fetch->username', '$vercode', '$date', 'no');") or die (mysql_error());

$message = "The security code entered was incorrect!";
}



however by doing this, its adding it to the database with a blank $_post assoon as someone goes to the page, even without them clicking a post/submit button :S any ideas as to why, or how i can stop this and to only add to the database when the code entered is wrong?

_Aerospace_Eng_
01-15-2012, 12:31 AM
Where is the opening bracket for the else? I'm surprised you aren't getting errors

Dan13071992
01-15-2012, 01:05 AM
sorry that was my fault, slight accidental key press after i had copied it over, but whats happening is, on page load, it inserts into the database everything except the vercode, as no vercode has been $_POST as the page has just loaded. whereas its only ment to insert into the DB if the code entered is wrong

_Aerospace_Eng_
01-15-2012, 01:12 AM
You need to post the rest of your code

Dan13071992
01-15-2012, 01:16 AM
include_once $_SERVER['DOCUMENT_ROOT'] . '/captcha/securimage.php';

$securimage = new Securimage();

if ($securimage->check($_POST['captcha_code'])) {
if((strip_tags($_POST['withdrawSub'])) && (strip_tags($_POST['toWith']))){


$with_amount=strip_tags($_POST['toWith']);

if ($with_amount > "0"){
if ($with_amount == 0 || !$with_amount || ereg('[^0-9]',$with_amount)){
$message= "You cant withosit that amount.";

}elseif ($with_amount != 0 && $with_amount && !ereg('[^0-9]',$with_amount)){



if ($with_amount > $fetch->bank){
$message= "You do not have that much money";
}elseif ($with_amount <= $fetch->bank){
$user_add = $fetch->money + $with_amount;
$bank_loose = $fetch->bank - $with_amount;



$timewait=time()+ $ha;

mysql_query("UPDATE users SET money = '$user_add', bank='$bank_loose' WHERE username='$fetch->username'");
mysql_query("INSERT INTO `transfers` ( `id` , `to` , `from` , `amount` , `date` ) VALUES ('', '$fetch->username', 'Bank Withdrawal', '$with_amount', '$date');") or die (mysql_error());

$message= "You successfully withdrew $".makecomma($with_amount)."!";
}}}}

if((strip_tags($_POST['depositSub'])) && (strip_tags($_POST['toAdd']))){


$dep_amount=strip_tags($_POST['toAdd']);

if ($dep_amount > "0"){
if ($dep_amount == 0 || !$dep_amount || ereg('[^0-9]',$dep_amount)){
$message= "You cant deposit that amount.";

}elseif ($dep_amount != 0 && $dep_amount && !ereg('[^0-9]',$dep_amount)){



if ($dep_amount > $fetch->money){
$message= "You do not have that much money";
}elseif ($dep_amount <= $fetch->money){
$user_loose = $fetch->money - $dep_amount;
$bank_add = $fetch->bank + $dep_amount;


$ha = 3600*24;

$timewait=time()+ $ha;

mysql_query("UPDATE users SET money = '$user_loose', bank='$bank_add', banktime='$timewait', bankold='$bank_add' WHERE username='$fetch->username'");
mysql_query("INSERT INTO `transfers` ( `id` , `to` , `from` , `amount` , `date` ) VALUES ('', 'Bank Deposit', '$fetch->username', '$dep_amount', '$date');") or die (mysql_error());

$message= "You successfully deposited $".makecomma($dep_amount)."!";
}}}}

if((strip_tags($_POST['depositSub'])) && (empty($_POST['toAdd'])) && time() >= $fetch->banktime){

$ha = 3600*24;

$timewait=time()+ $ha;

mysql_query("UPDATE users SET banktime='$timewait', bankold='$fetch->bank' WHERE username='$fetch->username'");

$message= "You successfully reset your intrest timer";

}
$vercode = ($_POST['captcha_code']);
mysql_query("INSERT INTO `vercodes` ( `id` , `username` , `code` , `date` , `passed`) VALUES ('', '$fetch->username', '$vercode', '$date', 'yes');") or die (mysql_error());

}
else{
// first captcha not valid,
$vercode = ($_POST['captcha_code']);
mysql_query("INSERT INTO `vercodes` ( `id` , `username` , `code` , `date` , `passed`) VALUES ('', '$fetch->username', '$vercode', '$date', 'no');") or die (mysql_error());

$message = "The security code entered was incorrect!";
}


thats the whole part from the first captcha. i havent started the other captcha form yet, but basically in this one, it works with inserting into the DB if its correct, the code goes in finr, however when someone gets the code wrong, that also goes into the DB fine, inserts the code aswell, only problem is, when the user goes to the page, or refreshes it without sending a post object, it still inserts into the database.

_Aerospace_Eng_
01-15-2012, 01:39 AM
Okay I see. In your form you need to have a submit button with a name on it e.g. name="submit". Now you need to check for this to make sure the form was submitted and then process everything else. The way you have it now the captcha code will never be set if a user just goes directly to that page. You can do something what I just mentioned e.g.

if(isset($_POST['submit']))
{
// do your captcha stuff here
}
or you could check to see if captcha_code is set. e.g.

if(isset($_POST['captcha_code']) && $securimage->check($_POST['captcha_code']))
{
// do php stuff
}
else
{
// log the incorrect try
}
Now here is the problem. It is still going to insert into the database because the else will happen still so if you change your code to this

include_once $_SERVER['DOCUMENT_ROOT'] . '/captcha/securimage.php';

$securimage = new Securimage();

if ($securimage->check($_POST['captcha_code'])) {
if((strip_tags($_POST['withdrawSub'])) && (strip_tags($_POST['toWith']))){


$with_amount=strip_tags($_POST['toWith']);

if ($with_amount > "0"){
if ($with_amount == 0 || !$with_amount || ereg('[^0-9]',$with_amount)){
$message= "You cant withosit that amount.";

}elseif ($with_amount != 0 && $with_amount && !ereg('[^0-9]',$with_amount)){



if ($with_amount > $fetch->bank){
$message= "You do not have that much money";
}elseif ($with_amount <= $fetch->bank){
$user_add = $fetch->money + $with_amount;
$bank_loose = $fetch->bank - $with_amount;



$timewait=time()+ $ha;

mysql_query("UPDATE users SET money = '$user_add', bank='$bank_loose' WHERE username='$fetch->username'");
mysql_query("INSERT INTO `transfers` ( `id` , `to` , `from` , `amount` , `date` ) VALUES ('', '$fetch->username', 'Bank Withdrawal', '$with_amount', '$date');") or die (mysql_error());

$message= "You successfully withdrew $".makecomma($with_amount)."!";
}}}}

if((strip_tags($_POST['depositSub'])) && (strip_tags($_POST['toAdd']))){


$dep_amount=strip_tags($_POST['toAdd']);

if ($dep_amount > "0"){
if ($dep_amount == 0 || !$dep_amount || ereg('[^0-9]',$dep_amount)){
$message= "You cant deposit that amount.";

}elseif ($dep_amount != 0 && $dep_amount && !ereg('[^0-9]',$dep_amount)){



if ($dep_amount > $fetch->money){
$message= "You do not have that much money";
}elseif ($dep_amount <= $fetch->money){
$user_loose = $fetch->money - $dep_amount;
$bank_add = $fetch->bank + $dep_amount;


$ha = 3600*24;

$timewait=time()+ $ha;

mysql_query("UPDATE users SET money = '$user_loose', bank='$bank_add', banktime='$timewait', bankold='$bank_add' WHERE username='$fetch->username'");
mysql_query("INSERT INTO `transfers` ( `id` , `to` , `from` , `amount` , `date` ) VALUES ('', 'Bank Deposit', '$fetch->username', '$dep_amount', '$date');") or die (mysql_error());

$message= "You successfully deposited $".makecomma($dep_amount)."!";
}}}}

if((strip_tags($_POST['depositSub'])) && (empty($_POST['toAdd'])) && time() >= $fetch->banktime){

$ha = 3600*24;

$timewait=time()+ $ha;

mysql_query("UPDATE users SET banktime='$timewait', bankold='$fetch->bank' WHERE username='$fetch->username'");

$message= "You successfully reset your intrest timer";

}
$vercode = ($_POST['captcha_code']);
mysql_query("INSERT INTO `vercodes` ( `id` , `username` , `code` , `date` , `passed`) VALUES ('', '$fetch->username', '$vercode', '$date', 'yes');") or die (mysql_error());

}
elseif(isset($_POST['captcha_code']) && !$securimage->check($_POST['captcha_code'])){
// first captcha not valid,
$vercode = ($_POST['captcha_code']);
mysql_query("INSERT INTO `vercodes` ( `id` , `username` , `code` , `date` , `passed`) VALUES ('', '$fetch->username', '$vercode', '$date', 'no');") or die (mysql_error());

$message = "The security code entered was incorrect!";
}
else {
die('You cannot access this page directly.');
}
it will work. Using the modified version of your code if someone just goes to your page they will get the you cannot access this page directly message.

Dan13071992
01-15-2012, 01:42 AM
i still want them to be able to see the page, just not insert a blank captcha code intop the db when they visit the page. so is there a work around for that?

_Aerospace_Eng_
01-15-2012, 01:44 AM
Remove the last else in the code I gave you. Though you shouldn't be processing everything in the same page. And actually this

if ($securimage->check($_POST['captcha_code'])) {
should be this

if (isset($_POST['captcha_code']) && $securimage->check($_POST['captcha_code'])) {

Dan13071992
01-15-2012, 01:48 AM
that worked a treat :) thanks :)

also what do you mean by it shouldnt all be done in the same page?

_Aerospace_Eng_
01-15-2012, 01:53 AM
Well it isn't really be an issue because of the captcha but submit your form, reload the page you should get something asking "If you want to resubmit the form data". The user could keep doing this and for some reason just maybe their old form data matches the captcha just right. Now imagine if someone just kept having the page reloaded automatically. What you should do is have your forms submit to a different php page with your php in it. After you do all of your processing send them back to the page with your forms on it using a php header

header("Location: somepage.php");
exit();

Dan13071992
01-15-2012, 01:54 AM
o right, that makes sense :) cheers, ill look into implimenting that into my pages :), thanks again for all your help :)



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum