View Full Version : Capthca system failing

08-23-2006, 02:20 PM
When I test my form the captcha side fails..:(
The form submits and always comes up with the alert box
'The confirmation code was incorrect !' and no data is enterd into the mysql database.
The captcha system works on its own so I guess some how I have broken it with all the other guff I have in my page !

Can anyone give me any kind pointers please ?


include 'Connections/CDblog.php';
mysql_connect($hostname_CDblog,$username_CDblog,$password_CDblog) or die(mysql_error());
mysql_select_db($database_CDblog) or die(mysql_error());

$domain = GetHostByName($REMOTE_ADDR);

if(isset($_SESSION['captcha_keystring']) && $_SESSION['captcha_keystring'] == $_POST['keystring']){

include 'Connections/CDblog.php';

$name = trim($_POST['comName']);
$email = trim($_POST['comEmail']);
$url = trim($_POST['comUrl']);
$message = trim($_POST['comMessage']);
$comArt = trim($_POST['comArt']);
// $row_rsArticle['title_top'] =
$message = addslashes($message);

// if the visitor do not enter the url
// set $url to an empty string
if ($url == 'http://')
$url = '';

$query = "INSERT INTO CDblog_comments (name,
VALUES ('$name',

mysql_query($query) or die('insert comment failed because ' . mysql_error());
$site = '$setsite.php?id_art=';
$loc = $HTTP_GET_VARS['id_art'];
header("Location: $site$loc");

echo "<script language=javascript>alert('The Confirmation Code Was Incorrect !')</script>";



<script language="JavaScript">
This function is called when
the 'Add Comment' button is pressed
Output : true if all input are correct, false otherwise
function checkForm()
// the variables below are assigned to each
// form input
var gname, gemail, gurl, gmessage;
gname = comName;
gemail = comEmail;
gurl = comUrl;
gmessage = comMessage;

// if name is empty alert the visitor
if(trim(gname.value) == '')
alert('Please enter your name');
return false;
// alert the visitor if email is empty or the format is not correct
else if(trim(gemail.value) != '' && !isEmail(trim(gemail.value)))
alert('Please enter a valid email address or leave it blank');
return false;
// alert the visitor if message is empty
else if(trim(gmessage.value) == '')
alert('Please enter your message');
return false;
// when all input are correct
// return true so the form will submit
return true;


Strip whitespace from the beginning and end of a string
Input : a string
Output : the trimmed string
function trim(str)
return str.replace(/^\s+|\s+$/g,'');

Check if a string is in valid email format.
Input : the string to check
Output : true if the string is a valid email address, false otherwise.
function isEmail(str)
var regex = /^[-_.a-z0-9]+@(([-a-z0-9]+\.)+(ad|ae|aero|af|ag|ai|al|am|an|ao|aq|ar|arpa|as|at|au|aw|az|ba|bb|bd|be|bf|bg|bh|bi|biz|bj|bm|bn |bo|br|bs|bt|bv|bw|by|bz|ca|cc|cd|cf|cg|ch|ci|ck|cl|cm|cn|co|com|coop|cr|cs|cu|cv|cx|cy|cz|de|dj|dk| dm|do|dz|ec|edu|ee|eg|eh|er|es|et|eu|fi|fj|fk|fm|fo|fr|ga|gb|gd|ge|gf|gh|gi|gl|gm|gn|gov|gp|gq|gr|gs |gt|gu|gw|gy|hk|hm|hn|hr|ht|hu|id|ie|il|in|info|int|io|iq|ir|is|it|jm|jo|jp|ke|kg|kh|ki|km|kn|kp|kr| kw|ky|kz|la|lb|lc|li|lk|lr|ls|lt|lu|lv|ly|ma|mc|md|mg|mh|mil|mk|ml|mm|mn|mo|mp|mq|mr|ms|mt|mu|museum |mv|mw|mx|my|mz|na|name|nc|ne|net|nf|ng|ni|nl|no|np|nr|nt|nu|nz|om|org|pa|pe|pf|pg|ph|pk|pl|pm|pn|pr |pro|ps|pt|pw|py|qa|re|ro|ru|rw|sa|sb|sc|sd|se|sg|sh|si|sj|sk|sl|sm|sn|so|sr|st|su|sv|sy|sz|tc|td|tf |tg|th|tj|tk|tm|tn|to|tp|tr|tt|tv|tw|tz|ua|ug|uk|um|us|uy|uz|va|vc|ve|vg|vi|vn|vu|wf|ws|ye|yt|yu|za| zm|zw)|(([0-9][0-9]?|[0-1][0-9][0-9]|[2][0-4][0-9]|[2][5][0-5])\.){3}([0-9][0-9]?|[0-1][0-9][0-9]|[2][0-4][0-9]|[2][5][0-5]))$/i;
return regex.test(str);



// =======================
// Show comments
// =======================

// how many Copmment entries to show per page
$rowsPerPage = 10;

// by default we show first page
$pageNum = 1;

// if $_GET['page'] defined, use the value as page number
$pageNum = $_GET['page'];

// counting the offset ( where to start fetching the entries )
$offset = ($pageNum - 1) * $rowsPerPage;

// prepare the query string
$art = $HTTP_GET_VARS['id_art'];
$query = "SELECT id, name, email, url, message, DATE_FORMAT(entry_date, '%d.%m.%Y'), title_art ".
"FROM CDblog_comments ".
"WHERE title_art ='$art'".
"ORDER BY id ". // using ORDER BY to show the most current entry first
"LIMIT $offset, $rowsPerPage"; // LIMIT is the core of paging

// execute the query
$result = mysql_query($query); //or die('Error, query failed because ' . mysql_error()); /*echoed out or it will fail. restore it to bug test

// get all Comment entries
while($row = mysql_fetch_array($result))
// list() is a convenient way of assign a list of variables
// from an array values
list($id, $name, $email, $url, $message, $date) = $row;

// change all HTML special characters,
// to prevent some nasty code injection
$name = htmlspecialchars($name);
$message = htmlspecialchars($message);

// convert newline characters ( \n OR \r OR both ) to HTML break tag ( <br> )

$message = bb2html($message);

<table width="420px" border="0" cellpadding="0" cellspacing="0" class="cline"><!--DWLayoutTable-->
<td colspan="2" align="left"> <div align="right"><small>

<td colspan="2" class="cbodytop"><div class="cdtopdiv">
<div align="justify"><img src="img/ctl.gif" alt="CDblog" width="20" height="20">&nbsp;<a href="mailto:<?=$email;?>" class="email">
<strong> <?=$name;?> </strong>
<td colspan="2" class="cbody">
<div align="justify"><div class="comline"></div><div class="compad">
// if the visitor input her homepage url show it

if($url != '')
// make the url clickable by formatting it as HTML link
$url = "<a href='$url' target='_blank'>$url</a>";
<br> <br>
<small class="home">I'm From >
<td colspan="2" class="cbodybottom"><img src="img/cbr.gif" alt="CDblog" width="20" height="20" class="right"></td>
<tr><td width="80" height="1"><img src="img/spacer.gif" alt="" width="94" height="1"></td><td width="100%"></td></tr>
} // end while

// below is the code needed to show page numbers

// count how many rows we have in database
$query = "SELECT COUNT(id) AS numrows FROM CDblog_comments";
$result = mysql_query($query) or die('Error, query failed. ' . mysql_error());
$row = mysql_fetch_array($result, MYSQL_ASSOC);
$numrows = $row['numrows'];
// how many pages we have when using paging?
$maxPage = ceil($numrows/$rowsPerPage);
$nextLink = '';

// show the link to more pages ONLY IF there are
// more than one page
if($maxPage > 1)
// this page's path
$self = $_SERVER['PHP_SELF'];

// we save each link in this array
$nextLink = array();

// create the link to browse from page 1 to page $maxPage
for($page = 1; $page <= $maxPage; $page++)
$nextLink[] = "<a href=\"$self?page=$page\">$page</a>";

// join all the link using implode()
$nextLink = "Go to page : " . implode(' | ', $nextLink);

// close the database connection since
// we no longer need it

<strong>Add your comment:</strong><br />
//get var for comment table
$art = $HTTP_GET_VARS['id_art'];
//start sesion for captcha
<form method="post" name="guestform">
<table width="100%" border="0" cellpadding="2" cellspacing="1"><!--DWLayoutTable-->
<td width="100%">

<input name="comArt" type="hidden" value="<? echo $art ?>" />
Name *<br>
<input name="comName" type="text" size="30" maxlength="30"></td>
<input name="comEmail" type="text" size="30" maxlength="50"></td>
<input name="comUrl" type="text" value="http://" size="30" maxlength="50"></td>
<td>Comment *<br>
<textarea name="comMessage" cols="50" rows="5" id="txtA"></textarea>
<br />
<div class="bbbg"><!--bold-->
<a href="javascript:createBBtag('','','txtA')"><strong><img src="inc/bbcode/img/bold.gif" alt="B" width="20" height="20" border="0" /></strong></a>
<a href="javascript:createBBtag('','','txtA')"><strong><img src="inc/bbcode/img/uline.gif" alt="U" width="20" height="20" border="0" /></strong></a>
<a href="javascript:createBBtag('','','txtA')"><strong><img src="inc/bbcode/img/italic.gif" alt="i" width="20" height="20" border="0" /></strong></a>
<a href="javascript:createBBtag('','','txtA')"><strong><img src="inc/bbcode/img/list.gif" alt="list" width="20" height="20" border="0" /></strong></a>
<a href="javascript:createBBtag('','','txtA')"><strong><img src="inc/bbcode/img/url.gif" alt="url" width="40" height="20" border="0" /></strong></a>
<a href="javascript:createBBtag('','','txtA')"><strong><img src="inc/bbcode/img/img.gif" alt="img" width="40" height="20" border="0" /></strong></a>
<a href="javascript:createBBtag('
','','txtA')"><strong><img src="inc/bbcode/img/quote.gif" alt="quote" width="20" height="20" border="0" /></strong></a></div>

<img src="inc/bbcode/img/smile.gif" alt=":)" onclick="addBBCode(':)')"/>

<img src="inc/bbcode/img/biggrin.gif" alt=":]" onclick="addBBCode('[biggrin]')"/>

<img src="inc/bbcode/img/blank.gif" alt=":|" onclick="addBBCode('[blank]')"/>

<img src="inc/bbcode/img/arrow.gif" alt=">" onclick="addBBCode('[>]')"/>

<img src="inc/bbcode/img/confused.gif" alt="?" onclick="addBBCode('[??]')"/>

<img src="inc/bbcode/img/cry.gif" alt=":" onclick="addBBCode('[sob]')"/>

<img src="inc/bbcode/img/exclaim.gif" alt="!" onclick="addBBCode('[!]')"/>

<img src="inc/bbcode/img/lol.gif" alt="lol" onclick="addBBCode('[lol]')"/>

<img src="inc/bbcode/img/mad.gif" alt="#!*@" onclick="addBBCode('[mad]')"/>

<img src="inc/bbcode/img/neutral.gif" alt=":|" onclick="addBBCode('[:|]')"/>

<img src="inc/bbcode/img/redface.gif" alt="?" onclick="addBBCode('[redface]')"/>

<img src="inc/bbcode/img/rolleyes.gif" alt=":0)" onclick="addBBCode('[rolleyes]')"/>

<img src="inc/bbcode/img/question.gif" alt="?" onclick="addBBCode('[?]')"/>

<img src="inc/bbcode/img/sad.gif" alt=":(" onclick="addBBCode(':(')"/>

<img src="inc/bbcode/img/shocked.gif" alt=":o" onclick="addBBCode('[:O]')"/>

<img src="inc/bbcode/img/wink.gif" alt=";)" onclick="addBBCode(';)')"/></td>

<td><p>Enter Confirmation Code:</p>
<p><img src="image.php?<?php echo session_name()?>=<?php echo session_id()?>"></p>
<p><input type="text" name="keystring"></p></td>
<input name="add" type="submit" value="Add Comment" onClick="return checkForm();"></td>

<table width="100%" border="0" cellpadding="0" cellspacing="0"><!--DWLayoutTable-->
<td width="100%" align="right" class="text">
<strong> <?=$nextLink;?></strong>