Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 8 of 8
  1. #1
    Regular Coder
    Join Date
    Jan 2011
    Posts
    117
    Thanks
    27
    Thanked 0 Times in 0 Posts

    Problem with captcha

    Alright i implemented captcha code on my index.php which users will be logging in from. Here is the source for that:

    PHP Code:
    <?php 
    $cryptinstall
    ="./cryptographp.fct.php";
    include 
    $cryptinstall
    ?>
    <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
    <head>
        <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
        <title>DigiChat Member</title>
        <link rel="stylesheet" href="images/main.css" media="screen">
        <link rel="stylesheet" href="images/colors.css" media="screen">
        <link href="loginmodule.css" rel="stylesheet" type="text/css" />
        <style type="text/css">
    .style1 {
        color: #CCCCCC;
        font-style: italic;
        font-weight: bold;
    }
        a:link {
        color: 0893FF;
    }
    body,td,th {
        color: 0893FF;
    }
    .style3 {color: #1f9dff}
        a:hover {
        color: 0893FF;
    }
        .style4 {color: #666666}
        .style5 {color: #666666#666666; }
        body {
        background-image: url(images/bg.jpg);
    }
    </style>
    </head>
    <body>
    <div id="container">
        <div id="header">
      <a id="logo" href="#" title="Support Center"><img src="images/head.png" alt="Support Center" width="801" height="64" border="0"></a></div>
        <ul id="nav">
                      <li><a class="ticket_status" href="./index.php">Home</a></li>
                      <li><a class="new_ticket" href="./members.php">Members</a><a class="new_ticket" href="./register.php">Register</a><a class="new_ticket" href="./news.php">News</a></li>
             <li></li>

        </ul>
        <div id="content">
    <div id="index">
    <h1 class="style3">Welcome to DigiScript MemberShip</h1>
    <p class="big style4">DigiScript Membership is a php/msql web based membership script. It's sole purpose is to provide a simple and easy database to allow new and old users to sign into your chat server. By allowing users to register and login, thsey can pick a variety of setting's for their profile and be able to login to your chat only as a member. </p>
    <hr>
    <table width="773" height="147" border="0" align="left">
      <tr>
        <td width="407"><h3 align="center"><span class="style3 rcol"><strong>Login To Your Account! </strong></span></h3>
          <p align="center" class="style5">Please be sure to login to your free account with the correct detail's you inserted when registering, Thank You. </p>
    <?php
        
    if( isset($_SESSION['ERRMSG_ARR']) && is_array($_SESSION['ERRMSG_ARR']) && count($_SESSION['ERRMSG_ARR']) >) {
            echo 
    '<ul class="err">';
            foreach(
    $_SESSION['ERRMSG_ARR'] as $msg) {
                echo 
    '<li>',$msg,'</li>'
            }
            echo 
    '</ul>';
            unset(
    $_SESSION['ERRMSG_ARR']);
        }
    ?>
          <form id="loginForm" name="loginForm" method="post" action="login-exec.php">
            <table width="300" border="0" align="center" cellpadding="2" cellspacing="0">
              <tr>
                <td width="112"><b>Login</b></td>
                <td width="188"><input name="login" type="text" class="msg" id="login" /></td>
              </tr>
              <tr>
                <td><b>Password</b></td>

                <td><input name="password" type="password" class="msg" id="password" /></td>
              </tr>
              <tr>
                <td>&nbsp;</td>
                <td><div align="center">
                  <table cellpadding=1>
                    <tr>
                      <td align="center"><?php dsp_crypt(0,1); ?></td>
                    </tr>
                    <tr>
                      <td align="center">Enter Code Below: <br>
                          <input type="text" name="code"></td>
                    </tr>
                    <tr>
                      <td align="center"><input type="submit" name="submit" value="Login Now!"></td>
                    </tr>
                  </table>
                </div></td>
              </tr>
            </table>
            <p align="center">&nbsp;</p>
          </form>
          </td>

        <td width="407"><h3 align="center"><span class="style3 rcol"><strong>Register Now! </strong></span></h3>
          <p align="center" class="style4">Registering an account is free and safe to use. Without registering, you cannot access our chat system. </p>
          <form>
            <div align="center">
              <input name="BUTTON" type="BUTTON" onClick="window.location.href='./register.php'" value="Register">
              </div>
          </form>
          </td>

      </tr>
    </table>
    <p>&nbsp;</p>
    <p>&nbsp;</p>
    <p>&nbsp;</p>
    <p>&nbsp;</p>
    <p><br>
    </p>
    </div>
    <div style="clear:both"></div> 
     </div>
     <div id="footer"></div>
    </div>
     <div align="center">
    <img src="images/poweredby.png" alt="Powered by osTicket" height="38" width="802"></div>
    </body></html>
    Alright now i have added some code to the login-exec.php so that the captcha can validate on login attempts. My problem is that when i go to login under a registered username it brings me back to the index again (refreshes the page basically). But when i type incorrect login information it submit's the verification saying what is incorrect. I am missing some line of code i am thinking but i cannot seem to get what i have missed. Can someone shed some light on my incorrect code?

    PHP Code:
    <?php
        
    //Start session
        
    session_start();
        
        
    //Include database connection details
        
    require_once('config.php');
        
        
    //Array to store validation errors
        
    $errmsg_arr = array();
        
        
    //Validation error flag
        
    $errflag true;
        
        
    //Connect to mysql server
        
    $link mysql_connect(DB_HOSTDB_USERDB_PASSWORD);
        if(!
    $link) {
            die(
    'Failed to connect to server: ' mysql_error());
        }
        
        
    //Select database
        
    $db mysql_select_db(DB_DATABASE);
        if(!
    $db) {
            die(
    "Unable to select database");
        }
        
        
    //Function to sanitize values received from the form. Prevents SQL injection
        
    function clean($str) {
            
    $str = @trim($str);
            if(
    get_magic_quotes_gpc()) {
                
    $str stripslashes($str);
            }
            return 
    mysql_real_escape_string($str);
        }
        
        
    //Sanitize the POST values
        
    $login clean($_POST['login']);
        
    $password clean($_POST['password']);
        
    $code = ($_POST['code']);
        
        
    //Input Validations
        
    if($login == '') {
            
    $errmsg_arr[] = 'Login ID missing';
            
    $errflag true;
        }
        if(
    $password == '') {
            
    $errmsg_arr[] = 'Password missing';
            
    $errflag true;
        }
        if(
    $code == '') {
            
    $errmsg_arr[] = 'Incorrect captcha Code';
            
    $errflag true;
        }
        
        
    //If there are input validations, redirect back to the login form
        
    if($errflag) {
            
    $_SESSION['ERRMSG_ARR'] = $errmsg_arr;
            
    session_write_close();
            
    header("location: index.php");
            exit();
        }
        
        
    //Create query
        
    $qry="SELECT * FROM members WHERE login='$login' AND passwd='".md5($_POST['password'])."'";
        
    $result=mysql_query($qry);
        
        
    //Check whether the query was successful or not
        
    if($result) {
            if(
    mysql_num_rows($result) == 1) {
                
    //Login Successful
                
    session_regenerate_id();
                
    $member mysql_fetch_assoc($result);
                
    $_SESSION['SESS_MEMBER_ID'] = $member['member_id'];
                
    $_SESSION['SESS_FIRST_NAME'] = $member['firstname'];
                
    $_SESSION['SESS_LAST_NAME'] = $member['lastname'];
                
    $_SESSION['SESS_SITE_ID'] = $member['SiteID'];  
                
    $_SESSION['SESS_URL'] = $member['Url'];
                
    $_SESSION['SESS_AGE'] = $member['Age'];
                
    $_SESSION['SESS_EXIT_MESSAGE'] = $member['exitmessage'];
                
    $_SESSION['SESS_COMMENTS'] = $member['comments'];
                
    $_SESSION['SESS_REAL_NAME'] = $member['realname'];
                
    session_write_close();
                
    header("location: user.php");
                exit();
            }else {
                
    //Login failed
                
    header("location: failed.php");
                exit();
            }
        }else {
            die(
    "Query failed");
        }
    ?>

  • #2
    Senior Coder
    Join Date
    Jul 2011
    Posts
    1,226
    Thanks
    3
    Thanked 171 Times in 171 Posts
    There's no check in your form processing code for the captcha verification. You're checking if code is empty, which it won't be in a correct scenario, but you never check the actual value of it making it pretty redundant.
    You should surround your logging in bit (including the query) with a check for the captcha value. You should consult your chosen library's documentum for how to do that.

    Regardless, that's not what's actually causing your specific problem. Your specific problem is that you're initialising $errflag as true, when it should be initialised as false. Because it's set to true in the beginning, and it isn't set to false anywhere else, your code will always die() and return to the index as per your if($errflag) statement. Change the initialisation to false ( $errflag = FALSE; ) and that will solve that specific problem.

  • #3
    Regular Coder
    Join Date
    Jan 2011
    Posts
    117
    Thanks
    27
    Thanked 0 Times in 0 Posts
    You are legit! Like they need to make you moderator or something give you some type of reward!

  • #4
    Senior Coder
    Join Date
    Jul 2011
    Posts
    1,226
    Thanks
    3
    Thanked 171 Times in 171 Posts
    haha thank you. Maybe you could put a little word in lol

  • #5
    Super Moderator Inigoesdr's Avatar
    Join Date
    Mar 2007
    Location
    Florida, USA
    Posts
    3,642
    Thanks
    2
    Thanked 405 Times in 397 Posts
    Quote Originally Posted by xxcorrosionxx View Post
    You are legit! Like they need to make you moderator or something give you some type of reward!
    Pfffft. No way.

  • #6
    Senior Coder
    Join Date
    Feb 2011
    Location
    Your Monitor
    Posts
    4,316
    Thanks
    58
    Thanked 525 Times in 512 Posts
    Blog Entries
    5
    No worries Inigoesdr, I know you got me pegged for a promo
    See my new CodingForums Blog: http://www.codingforums.com/blogs/tangoforce/

    Many useful explanations and tips including: Cannot modify headers - already sent, The IE if (isset($_POST['submit'])) bug explained, unexpected T_CONSTANT_ENCAPSED_STRING, debugging tips and much more!

  • #7
    Senior Coder
    Join Date
    Jul 2011
    Posts
    1,226
    Thanks
    3
    Thanked 171 Times in 171 Posts
    Quote Originally Posted by tangoforce View Post
    No worries Inigoesdr, I know you got me pegged for a promo
    I'm sure there's room for both of us!

    Quote Originally Posted by Inigoesdr View Post
    Pfffft. No way.
    maybe

  • #8
    Senior Coder
    Join Date
    Feb 2011
    Location
    Your Monitor
    Posts
    4,316
    Thanks
    58
    Thanked 525 Times in 512 Posts
    Blog Entries
    5
    hehehehe
    See my new CodingForums Blog: http://www.codingforums.com/blogs/tangoforce/

    Many useful explanations and tips including: Cannot modify headers - already sent, The IE if (isset($_POST['submit'])) bug explained, unexpected T_CONSTANT_ENCAPSED_STRING, debugging tips and much more!


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •