Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 6 of 6
  1. #1
    New Coder
    Join Date
    Jul 2008
    Posts
    96
    Thanks
    4
    Thanked 0 Times in 0 Posts

    Need a quick fix...

    I'm making a very simple captcha, I'll hopefully build on it later, but this is what I have.

    PHP Code:
    if (isset($_POST['submit'])) {
      $code1 = $_POST['code'];
      $rcode1 = $_POST['rcode']; }

      if ($code1 != $rcode1) {
        $message .= "<div>Wrong code entered - please try again</div>";
      }
      if (!isset($message))
      //insert the values

        <? $code rand(1000,9999); ?>
        <tr>
          <td><font size='2' face='verdana'>Code in the image</font><br /><img src='image.php?code=<? echo ''.$code.''?>' /></td>
          <td><font size='2' face='verdana'>
            <input type='text' name='code'>
            </font></td>

          <input type='hidden' name='rcode' value='<? echo ''.$code.''?> '>
            <input type='submit' name='submit' value='Register'>
    Basically, there's an image generated by image.php and a random code embedded into it, then the code is sent via hidden input to the submit location, where it should be checked against the one entered by the user and if it's right, will register them an account!

    For some reason it's hellbent on telling me I entered it wrong!

    Help pleaseee!

    (There's other stuff in the file, but I took it out to cut down on post size.)

  • #2
    God Emperor Fou-Lu's Avatar
    Join Date
    Sep 2002
    Location
    Saskatoon, Saskatchewan
    Posts
    16,987
    Thanks
    4
    Thanked 2,660 Times in 2,629 Posts
    I presume this is incomplete code? Anyway, its a good start the problem is here:
    Code:
    <input type='hidden' name='rcode' value='<? echo ''.$code.''; ?> '>
    Look closely at you're value, you've got a space at the end of it. When you start moving further, look into using sessions - the purpose of the captcha is to prevent bots from reading them. If you embed the correct value inside of an html input field, it can read the data provided.
    PHP Code:
    header('HTTP/1.1 420 Enhance Your Calm'); 

  • #3
    New Coder
    Join Date
    Jul 2008
    Posts
    96
    Thanks
    4
    Thanked 0 Times in 0 Posts
    ;O

    So simple... yet I would have grown old trying to find that
    As for preventing bots, I have another impossible method of filtering after this stage

    Thanks very much

  • #4
    Regular Coder
    Join Date
    Dec 2009
    Location
    UK
    Posts
    495
    Thanks
    0
    Thanked 58 Times in 58 Posts
    Why not just implement recaptcha? it's possibly one of the easiest things ever to implement, and has pre-written code to show how to use it
    My site: JayGilford.com
    Resources:
    PHP Pagination Class | Getting all page links | Handling PHP Errors properly
    If you like a users help, show your appreciation with the rep and thanks buttons :)

  • #5
    Senior Coder Len Whistler's Avatar
    Join Date
    Jul 2002
    Location
    Vancouver, BC Canada
    Posts
    1,323
    Thanks
    26
    Thanked 100 Times in 100 Posts
    What you could do to prevent the bots from reading hidden input values is to change the original value. Then when the user enters the original number it is adjusted to match the changed value during the post process.

    Viewer sees 3487
    Hidden value is 3524 (3487 + 37)

    Viewer enters 3487
    During the post process 37 can be added to his entry for a match of the hidden value, or subtract 37 from the hidden input field. The html value of 3524 is no good.



    -----------
    Last edited by Len Whistler; 01-23-2010 at 02:58 AM.
    Leonard Whistler

  • #6
    New Coder
    Join Date
    Jul 2008
    Posts
    96
    Thanks
    4
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by Len Whistler View Post
    What you could do to prevent the bots from reading hidden input values is to change the original value. Then when the user enters the original number it is adjusted to match the changed value during the post process.

    Viewer sees 3487
    Hidden value is 3524 (3487 + 37)

    Viewer enters 3487
    During the post process 37 can be added to his entry for a match of the hidden value, or subtract 37 from the hidden input field. The html value of 3524 is no good.



    -----------
    I done something similar, the code (4264 for example) is md5()-ified, shortened to the last 4 digits, then those digits are displayed in the captcha image, then the original code 4264 are sent through <input type=hidden> and then it is md5()-ified again, and then shortened to the last 4 digits and they are then compared and what not


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •