Captcha validation

Beginners - Learning PHP
#1

Hi, i’m editing an existing form to include a captcha code.
I used a basic php install from captcha.biz

It seemed to install fine, but the form will send to my email regardless of whether a captcha is entered or not, or whether it’s entered correctly or not. The validation part of the code doesn’t seem to work.

contact.php
[php]<?php session_start(); ?>

<?php require("BotDetect.php"); ?> Contact Us | Effect Landscapes | Design. Construction. Maintenance.
effect landscapes logo 
	<div id="header-contact">
	<p>Call us now</p>
	<p>Chris: 0449 266 750</p>
	</div>								
	<div id="nav">
		
		<a class="hoverBtn" href="index.html">home</a>
		<a class="hoverBtn" href="testimonials.html">testimonials</a>
		<a class="hoverBtn" href="gallery.html">gallery</a>
		<a class="hoverBtn" href="contact.html">contact us</a>
		
	</div>	       		
</div> 

	<div id="content">
		    <div id="container">
				<div id="main">	
				<h1>Contact Us</h1>
				<h2>When it comes to selecting a landscaping company in Greater Sydney, it can be difficult to distinguish between a professional and an amateur. Effect Landscaping provides expert landscape design, build and maintenance services. Contact us about your landscaping needs.</h2>

 

contact us banner

Chris Chisholm 0449 266 750

[email protected]

Matt Barton 0424 930 560

[email protected]

 

You can also contact us with this form:
Contact: Matt Chris
* Name:
* Email:
Company:
Phone:
Message:
* Security Code: <?php // Adding BotDetect Captcha to the page $SampleCaptcha = new Captcha("SampleCaptcha"); $SampleCaptcha->UserInputID = "CaptchaCode"; echo $SampleCaptcha->Html(); ?> <?php if ($_POST) { // validate the Captcha to check we're not dealing with a bot $isHuman = $SampleCaptcha->Validate(); 
if (!$isHuman) {
  // TODO: Captcha validation failed, show error message
} else {
  // TODO: Captcha validation passed, perform protected action
}

}
?>
* required field
find us on book banner 
		</div>
			</div>
	</div>   

<div id="footer-contact">
<p class="copyright">Follow us on:</p>
<a href="http://www.book.com/s" alt="Effectbook page"><img src="images/book.png" alt="Follow us on book" width="70px" /></a>
</div>
[/php]

verify.php
[php]<?php
$to = $_REQUEST[‘sendto’] ;
$from = $_REQUEST[‘Email’] ;
$name = $_REQUEST[‘Name’] ;
$headers = “From: $from”;
$subject = “Website Contact Data”;

$fields = array();
$fields{“Name”} = “Name”;
$fields{“Company”} = “Company”;
$fields{“Email”} = “Email”;
$fields{“Phone”} = “Phone”;
$fields{“Message”} = “Message”;

$body = “We have received the following information:\n\n”; foreach($fields as $a => $b){ $body .= sprintf("%20s: %s\n",$b,$_REQUEST[$a]); }

$headers2 = “From: [email protected]”;
$subject2 = “contact”;
$autoreply = “Thank you for contacting . Matt or Chris will get back to you as soon as possible, usually within 48 hours. If you have any more questions, please consult our website at . Please feel free to contact Chris Chisholm on or on for urgent matters.”;

if($from == ‘’) {print “You have not entered an email adress, please go back and try again”;}
else {
if($name == ‘’) {print “You have not entered a name, please go back and try again”;}
else {
$send = mail($to, $subject, $body, $headers);
$send2 = mail($from, $subject2, $autoreply, $headers2);
if($send)
{header( “Location: thankyou.html” );}
else
{print “We encountered an error sending your mail, please notify [email protected]”; }
}
}
?>[/php]

thankyou.html

[code]

Contact Us | | Design. Construction. Maintenance.
logo 
	<div id="header-contact">
	<p>Call us now</p>
	<p>Chris: 0449 266 750</p>
	</div>								
	<div id="nav">
		
		<a class="hoverBtn" href="index.html">home</a>
		<a class="hoverBtn" href="testimonials.html">testimonials</a>
		<a class="hoverBtn" href="gallery.html">gallery</a>
		<a class="hoverBtn" href="contact.php">contact us</a>
		
	</div>	       		
</div> 

	<div id="content">
		    <div id="container">
				<div id="main">	
				<h1>Contact Us</h1>
				<h2>Thank you, your contact details have been sent to Effect Landscapes.</h2>
		
		</div>
			</div>
	</div>   

<div id="footer-contact">
<p class="copyright">Follow us on:</p>
<a href="http://www.book.com/scapes" alt="scapesbook page"><img src="images/book.png" alt="Follow us on facebook" width="70px" /></a>
</div>
[/code]
#2

Okay so…send your mail upon the captcha completion.

[php] if (!$isHuman) {
// TODO: Captcha validation failed, show error message
} else {
// TODO: Captcha validation passed, perform protected action
} [/php]

#3

sorry i dont know what you mean?

#4

Try not to post domains and email addresses as this could be classed as a spam post.

[php]

if (!$isHuman) {
// Captcha validation failed, redirect back to form page
header(“Location: contact.php?captchaValid=false”);
exit;
}

// TODO: continue with form submission

if (!$isHuman) {
if (isset($_REQUEST[‘captchaValid’]) && $_REQUEST[‘captchaValid’] == ‘false’) {
// Captcha validation failed, show error message
echo “<span class=“incorrect”>Incorrect code”;
}

// TODO: continue with form submission
[/php]

#5

I replaced that part of the code with your one and it still lets me submit the form without entering the captcha.

Check the website to see what I mean if you like… it’s the effectlandscapes dot com one.

#6

It seems like its not even trying to do the vallidation maybe because you send it to another page before it can be validated.

Maybe the validation should be on the verify page.

I would check that that part works correctly

[php] if ($_POST) {
// validate the Captcha to check we’re not dealing with a bot
$isHuman = $SampleCaptcha->Validate(); [/php]

[php]if( $isHuman = $SampleCaptcha->Validate() ){

echo ‘code has been run’;
}[/php]

maybe try
[php]if(isset($_POST[‘send’])) {[/php]

instead of
[php] if ($_POST) {[/php]

#7

I am very lazy and do not use multi forms for verifying I use the same page to di it all so I do not have to keep messing about with pages as it can get complicated.

This captcha does not seem to good any how but its upto you most people use the google version as it auto updates.

I use a basic one that uses sessions as well as this botdetect is only a basic captcha no sound with the php.

Ok I had a better read but not much time on hands to explain but still trying to understand which page is right i think it is give it ago see what happens.

You need to add to your verify.php

[php]if (!$isHuman) {
// Captcha validation failed, redirect back to form page
header(“Location: contact.php?captchaValid=false”);
exit;
}[/php]

You need to add to your contact.php

// TODO: continue with form submission

In this case, if the correct Captcha code wasn’t submitted, we redirect the user back to the original form (adding a simple querystring for easier error reporting). You can also integrate the isHuman result with other form validation code, depending on your overall form validation approach.

In this trivial case, the form can then detect that it has been redirected back to with the querystring parameter and show a Captcha validation error to the user:

[php] if (isset($_REQUEST[‘captchaValid’]) && $_REQUEST[‘captchaValid’] == ‘false’) {
// Captcha validation failed, show error message
echo “<span class=“incorrect”>Incorrect code”;
}[/php]

#8

I gave this a go, and when you enter no captcha or the wrong captcha it takes you to the false page but the data is still submitted to my email. I’ll try using the google one.

Sponsor our Newsletter | Privacy Policy | Terms of Service