Free Web Hosting Forum
(#1)
Old
starr05 starr05 is offline
Member
starr05 is on a distinguished road
 
Posts: 52
Join Date: Oct 2011
Default Captcha on guestbook - 11-03-2011, 02:53 AM

I've decided to put captcha on my guestbook from a contact form that I was using, because I've noticed that there was spam linking me to other websites that are selling things when I viewed my guestbook. Now, that I've added the captcha, when I try to submit my form nothing happens.

Here is my link : http://starr05.comule.com/guestbook.php

Code:
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<!--
Author: Reality Software
Website: http://www.realitysoftware.ca
Note: This is a free template released under the Creative Commons Attribution 3.0 license, 
which means you can use it in any way you want provided you keep the link to the author intact.
-->
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title></title>
<link href="style.css" rel="stylesheet" type="text/css" /></head>
<body>


	<!-- header -->
    <div id="header">
    	<div id="logo"><a href="index.html">Header</a></div>
        <ul id="menu">
        	<ul>
            <li><a href="index.html">Home</a></li>
            <li><a href="">Link 1</a></li>
            <li><a href="">Link 2</a></li>
            <li><a href="">Link 3</a></li>
            <li><a href="">Contact</a></li>
	    <li><a href="guestbook.php">Guestbook</a></li>
                  </ul>
<div id="icon"><a href="twitter.com/">
<img border="0" src="images/twitter.png" alt="twitter" width="58px;" height="53px;" />
</a></div>

   
  </div>
    <!--end header -->
    <!-- main -->
    <div id="main">
    <div id="content">

   
 <div id="text">
                <h1><strong>Guestbook</strong></h1>
</div>


<table width="400" border="0" align="center" cellpadding="3" cellspacing="0">
<tr>
<td align="center"><strong>Guestbook</strong>
<p align="center">Please leave your comments.</p>
<p align="center">* Required field</p></td>

</tr>
</table>
<table width="400" border="0" align="center" cellpadding="0" cellspacing="1>
<tr>
<form id="form1" name="form1" method="post" action="addguestbook.php">
<td>
<table width="400" border="0" cellpadding="3" cellspacing="1">
<tr>
<td width="117">*Name</td>
<td width="14">:</td>
<td width="357"><input name="name" type="text" id="name" size="40" /></td>
</tr>
<tr>
<td valign="top">*Comment</td>
<td valign="top">:</td>
<td><textarea name="comment" cols="40" rows="3" id="comment"></textarea></td>
</tr>

<td>*Captcha</td>
<input name="verif_box" type="text" id="verif_box" style="padding:2px; border:1px solid #CCCCCC; width:180px; height:14px;font-family:Verdana, Arial, Helvetica, sans-serif; font-size:11px;"/>
<img src="verificationimage.php?<?php echo rand(0,9999);?>" alt="verification image, type it in the box" width="50" height="24" align="absbottom" /><br />
<br />

<!-- if the variable "wrong_code" is sent from previous page then display the error field -->
<?php if(isset($_GET['wrong_code'])){?>
<div style="border:1px solid #990000; background-color:#D70000; color:#FFFFFF; padding:4px; padding-left:6px;width:295px;">Wrong verification code</div><br />
<?php ;}?>

<tr>
<td>&nbsp;</td>
<td>&nbsp;</td>
<td><input type="submit" name="Submit" value="Submit" /> <input type="reset" name="Submit2" value="Reset" /></td>
</tr>
</table>
</td>
</form>
</tr>
</table>
<table width="400" border="0" align="center" cellpadding="3" cellspacing="0" >
<tr>
<td align="center"><strong><a href="viewguestbook.php">View Guestbook</a> </strong></td>
</tr>
</table>

</div>


           
     <!-- footer -->
    <div id="footer">
    <div id="left_footer">&copy; Copyright 2011<strong> Author </strong></div>
    <div id="right_footer">

<!-- Please do not change or delete this link. Read the license! Thanks. :-) -->
Design by <a href="http://www.realitysoftware.ca" title="Website Design">Reality Software</a>

    </div>
    </div>
    <!-- end footer -->
</div>
    <!-- end main -->



</body>
</html>
Code:
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<!--
Author: Reality Software
Website: http://www.realitysoftware.ca
Note: This is a free template released under the Creative Commons Attribution 3.0 license, 
which means you can use it in any way you want provided you keep the link to the author intact.
-->
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title></title>
<link href="style.css" rel="stylesheet" type="text/css" /></head>
<body>


    <!-- header -->
    <div id="header">
        <div id="logo"><a href="index.html">Header</a></div>
        <ul id="menu">
            <ul>
           <li><a href="index.html">Home</a></li>
            <li><a href="">Link 1</a></li>
            <li><a href="">Link 2</a></li>
            <li><a href="">Link 3</a></li>
            <li><a href="contact.php">Contact</a></li>
        <li><a href="guestbook.php">Guestbook</a></li>
            
                  </ul>
<div><a href="twitter.com/">
<img border="0" src="images/twitter.png" alt="twitter" width="58px;" height="53px;" />
</a></div>

   
  </div>
    <!--end header -->
    <!-- main -->
    <div id="main">
    <div id="content">

   
 <div id="text">
                <h1><strong>Guestbook</strong></h1>
</div>

<?php
$mysql_host = "mysql17.000webhost.com";
$mysql_database = "a7560006_guest";
$mysql_user = "a7560006_host";
$mysql_password = "mypassword";

$comment  = stripslashes($comment);
$name = stripslashes($name);
$comment = str_replace ("<","&lt;",$comment);
$comment = str_replace ("\n","<br>",$comment);
$name = str_replace ("<","&lt;",$name);
$name = str_replace ("\n","<br>",$name);

$tbl_name="guestbook"; // Table name

// Connect to server and select database.
mysql_connect("$mysql_host", "$mysql_user", "$mysql_password") or die("cannot connect server ");
mysql_select_db("$mysql_database") or die("cannot select DB");

$name = $_POST['name'];
$comment = $_POST['comment'];
$datetime=date("M-d-Y h:i:s A"); //date time

if(empty($name) || empty($comment)) {
    echo "<h3>Sorry all fields are required</h3>";
} else {

$sql="INSERT INTO $tbl_name (name, comment, datetime) VALUES ('$name', '$comment', '$datetime')";
$result=mysql_query($sql);

//check if query successful
if($result){
echo "Thank you for signing my guestbook!";
echo "<BR>";
echo "<a href='viewguestbook.php'>View guestbook</a>"; // link to view guestbook page
}

else {
echo "ERROR";
}

mysql_close();
}

?> 

</div>



           
     <!-- footer -->
    <div id="footer">
    <div id="left_footer">&copy; Copyright 2011<strong> Author </strong></div>
    <div id="right_footer">

<!-- Please do not change or delete this link. Read the license! Thanks. :-) -->
Design by <a href="http://www.realitysoftware.ca" title="Website Design">Reality Software</a>

    </div>
    </div>
    <!-- end footer -->
</div>
    <!-- end main -->
</body>
</html>
Reply With Quote
(#2)
Old
starr05 starr05 is offline
Member
starr05 is on a distinguished road
 
Posts: 52
Join Date: Oct 2011
Default 11-03-2011, 02:56 AM

Code:
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<!--
Author: Reality Software
Website: http://www.realitysoftware.ca
Note: This is a free template released under the Creative Commons Attribution 3.0 license, 
which means you can use it in any way you want provided you keep the link to the author intact.
-->
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title></title>
<link href="style.css" rel="stylesheet" type="text/css" /></head>
<body>


    <!-- header -->
    <div id="header">
        <div id="logo"><a href="index.html">Header</a></div>
        <ul id="menu">
            <ul>
            <li><a href="index.html">Home</a></li>
            <li><a href="">Link 1</a></li>
            <li><a href="">Link 2</a></li>
            <li><a href="">Link 3</a></li>
            <li><a href="contact.php">Contact</a></li>
        <li><a href="guestbook.php">Guestbook</a></li>
            
                  </ul>
<div><a href="twitter.com/">
<img border="0" src="images/twitter.png" alt="twitter" width="58px;" height="53px;" />
</a></div>

  
  </div>
    <!--end header -->
    <!-- main -->
    <div id="main">
    <div id="content">

   
 <div id="text">
                <h1><strong>Guestbook</strong></h1>
</div>


<table width="400" border="0" align="center" cellpadding="-" cellspacing="0"  >
<tr>
<td><strong>View Guestbook | <a href="guestbook.php">Sign Guestbook</a> </strong></td>
</tr>
</table>
<br>

<?php
$mysql_host = "mysql17.000webhost.com";
$mysql_database = "a7560006_guest";
$mysql_user = "a7560006_host";
$mysql_password = "mypassword";
$tbl_name="guestbook"; // Table name

// Connect to server and select database.
mysql_connect("$mysql_host", "$mysql_user", "$mysql_password") or die("cannot connect server ");
mysql_select_db("$mysql_database") or die("cannot select DB");

$sql="SELECT * from $tbl_name";
$result=mysql_query($sql);

while($rows=mysql_fetch_array($result)){
?>

<table width="400" border="0" align="center" cellpadding="0" cellspacing="1" >
<tr>
<td><table width="400" border="0" cellpadding="3" cellspacing="1">
<tr>
<td>Comment Number</td>
<td>:</td>
<td><? echo $rows['comment_id']; ?></td>
</tr>
<tr>
<td width="117">Name</td>
<td width="14">:</td>
<td width="357"><? echo $rows['name']; ?></td>
</tr>
<tr>
<td valign="top">Comment</td>
<td valign="top">:</td>
<td><? echo nl2br($rows['comment']); ?></td>
</tr>
<tr>
<td valign="top">Date/Time </td>
<td valign="top">:</td>
<td><? echo $rows['datetime']; ?></td>
</tr>
</table></td>
</tr>
</table>
<BR>

<?php
}
mysql_close(); //close database
?>



</div>

           
     <!-- footer -->
    <div id="footer">
    <div id="left_footer">&copy; Copyright 2011<strong> Author </strong></div>
    <div id="right_footer">

<!-- Please do not change or delete this link. Read the license! Thanks. :-) -->
Design by <a href="http://www.realitysoftware.ca" title="Website Design">Reality Software</a>

    </div>
    </div>
    <!-- end footer -->
</div>
    <!-- end main -->

</body>
</html>
Verification code

Code:
<?php

header('Content-type: image/jpeg');

$width = 50;
$height = 24;

$my_image = imagecreatetruecolor($width, $height);

imagefill($my_image, 0, 0, 0xFFFFFF);

// add noise
for ($c = 0; $c < 40; $c++){
	$x = rand(0,$width-1);
	$y = rand(0,$height-1);
	imagesetpixel($my_image, $x, $y, 0x000000);
	}

$x = rand(1,10);
$y = rand(1,10);

$rand_string = rand(1000,9999);
imagestring($my_image, 5, $x, $y, $rand_string, 0x000000);

setcookie('tntcon',(md5($rand_string).'a4xn'));

imagejpeg($my_image);
imagedestroy($my_image);
?>
Reply With Quote
(#3)
Old
grace1004 grace1004 is offline
Senior Member
grace1004 is on a distinguished road
 
Posts: 890
Join Date: Dec 2010
Default 11-03-2011, 05:50 AM

Code:
<!-- if the variable "wrong_code" is sent from previous page then display the error field -->
<?php if(isset($_GET['wrong_code'])){?>
<div style="border:1px solid #990000; background-color:#D70000; color:#FFFFFF; padding:4px; padding-left:6px;width:295px;">Wrong verification code</div><br />
<?php ;}?>
Why did you put a semicolon at the end? In case of <?php echo rand(0,9999);?>, a semicolon is needed,
but just for closing brace, no need to put semicolon. Try after deleting the semicolon as shown below.

<?php ;}?> ==> <?php } ?>
Reply With Quote
(#4)
Old
drums's Avatar
drums drums is offline
Senior Member
drums is on a distinguished road
 
Posts: 579
Join Date: Aug 2010
Location: Oz
Default 11-03-2011, 01:24 PM

Hi,

You've missed a " mark which is messing up your HTML...

The line:
HTML Code:
<table width="400" border="0" align="center" cellpadding="0" cellspacing="1>
needs a " at the end before the >

Also, you should consider putting your <form> </form> tags outside the table, or at least within a single cell, as some browsers will think its an incomplete tag and close the form which will stop your submits from working correctly.

And finally, you're not actually checking the captcha before you add your guestbook entry, so it's kind of pointless at the moment...

Grace's suggestion is good too, but it's not as useful as mine..
Reply With Quote
(#5)
Old
grace1004 grace1004 is offline
Senior Member
grace1004 is on a distinguished road
 
Posts: 890
Join Date: Dec 2010
Default 11-03-2011, 03:21 PM

I added a " mark at the end of table tag as drums suggested. Also, slightly changed the code for captcha input form,
and added some scripts to addguestbook.php. Please make a file with the Verification Code you quoted, i.e. save
the code as filename--verificationimage.php. I tested with the changed code, and it worked fine.

guestbook.php
=============
PHP Code:
<!--
Author: Reality Software
Website: http://www.realitysoftware.ca
Note: This is a free template released under the Creative Commons Attribution 3.0 license, 
which means you can use it in any way you want provided you keep the link to the author intact.
-->
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title></title>
<link href="style.css" rel="stylesheet" type="text/css" /></head>
<body>


    <!-- header -->
    <div id="header">
        <div id="logo"><a href="index.html">Header</a></div>
        <ul id="menu">
            <ul>
            <li><a href="index.html">Home</a></li>
            <li><a href="">Link 1</a></li>
            <li><a href="">Link 2</a></li>
            <li><a href="">Link 3</a></li>
            <li><a href="">Contact</a></li>
        <li><a href="guestbook.php">Guestbook</a></li>
                  </ul>
<div id="icon"><a href="twitter.com/">
<img border="0" src="http://www.000webhost.com/forum/images/twitter.png" alt="twitter" width="58px;" height="53px;" />
</a></div>

   
  </div>
    <!--end header -->
    <!-- main -->
    <div id="main">
    <div id="content">

   
 <div id="text">
                <h1><strong>Guestbook</strong></h1>
</div>

<table width="400" border="0" align="center" cellpadding="3" cellspacing="0">
<tr>
<td align="center"><strong>Guestbook</strong>
<p align="center">Please leave your comments.</p>
<p align="center">* Required field</p></td>
</tr>
</table>

<table width="400" border="0" align="center" cellpadding="0" cellspacing="1">
<tr>
<form id="form1" name="form1" method="post" action="addguestbook.php">

<tr>
<td width="117">*Name</td>
<td width="14">:</td>
<td width="357"><input name="name" type="text" id="name" size="40" /></td>
</tr>
<tr>
<td valign="top">*Comment</td>
<td valign="top">:</td>
<td><textarea name="comment" cols="40" rows="3" id="comment"></textarea></td>
</tr>
<tr>
<td>*Captcha</td>
<td width="14">:</td>
<td><input name="verif_box" type="text" id="verif_box" style="padding:2px; border:1px solid #CCCCCC; width:180px; height:20px;font-family:Verdana, Arial, Helvetica, sans-serif; font-size:11px;"/>&nbsp;&nbsp;
<img src="verificationimage.php?<?php echo rand(0,9999);?>" alt="verification image, type it in the box" width="50" height="24" align="absbottom"/></td>
</tr>

<tr>
<td>&nbsp;</td>
<td>&nbsp;</td>
<td><input type="submit" name="Submit" value="Submit" /> <input type="reset" name="Submit2" value="Reset" /></td>
</tr>
</table>
</td>
</form>
</tr>
</table>
<table width="400" border="0" align="center" cellpadding="3" cellspacing="0">
<tr>
<td><strong><a href="viewguestbook.php">View Guestbook</a> </strong></td>
</tr>
</table>

</div>
           
     <!-- footer -->
    <div id="footer">
    <div id="left_footer">&copy; Copyright 2011<strong> Author </strong></div>
    <div id="right_footer">

<!-- Please do not change or delete this link. Read the license! Thanks. :-) -->
Design by <a href="http://www.realitysoftware.ca" title="Website Design">Reality Software</a>

    </div>
    </div>
    <!-- end footer -->
</div>
    <!-- end main -->



</body>
</html>
addguestbook.php
================
PHP Code:
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<!--
Author: Reality Software
Website: http://www.realitysoftware.ca
Note: This is a free template released under the Creative Commons Attribution 3.0 license, 
which means you can use it in any way you want provided you keep the link to the author intact.
-->
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title></title>
<link href="style.css" rel="stylesheet" type="text/css" /></head>
<body>


    <!-- header -->
    <div id="header">
        <div id="logo"><a href="index.html">Header</a></div>
        <ul id="menu">
            <ul>
           <li><a href="index.html">Home</a></li>
            <li><a href="">Link 1</a></li>
            <li><a href="">Link 2</a></li>
            <li><a href="">Link 3</a></li>
            <li><a href="contact.php">Contact</a></li>
        <li><a href="guestbook.php">Guestbook</a></li>
            
                  </ul>
<div><a href="twitter.com/">
<img border="0" src="http://www.000webhost.com/forum/images/twitter.png" alt="twitter" width="58px;" height="53px;" />
</a></div>

   
  </div>
    <!--end header -->
    <!-- main -->
    <div id="main">
    <div id="content">

   
 <div id="text">
                <h1><strong>Guestbook</strong></h1>
</div>

<?php
$mysql_host 
"mysql17.000webhost.com";
$mysql_database "a7560006_guest";
$mysql_user "a7560006_host";
$mysql_password "mypassword";

$comment  stripslashes($comment);
$name stripslashes($name);
$comment str_replace ("<","&lt;",$comment);
$comment str_replace ("\n","<br>",$comment);
$name str_replace ("<","&lt;",$name);
$name str_replace ("\n","<br>",$name);

$tbl_name="guestbook"// Table name

// Connect to server and select database.
mysql_connect("$mysql_host""$mysql_user""$mysql_password") or die("cannot connect server ");
mysql_select_db("$mysql_database") or die("cannot select DB");

$name $_POST['name'];
$comment $_POST['comment'];
$datetime=date("M-d-Y h:i:s A"); //date time
$verif_box $_POST['verif_box'];

if(
md5($verif_box).'a4xn' != $_COOKIE['tntcon']){
    echo 
"You have not entered captcha or entered incorrect captcha!";    
    echo 
"<meta http-equiv='Refresh' content='1; URL=guestbook.php'>";
    exit;     
}

if(empty(
$name) || empty($comment)) {
    echo 
"<h3>Sorry all fields are required</h3>";
} else {

$sql="INSERT INTO $tbl_name (name, comment, datetime) VALUES ('$name', '$comment', '$datetime')";
$result=mysql_query($sql);

//check if query successful
if($result){
echo 
"Thank you for signing my guestbook!";
echo 
"<BR>";
echo 
"<a href='viewguestbook.php'>View guestbook</a>"// link to view guestbook page
}

else {
echo 
"ERROR";
}

mysql_close();
}

?> 

</div>
           
     <!-- footer -->
    <div id="footer">
    <div id="left_footer">&copy; Copyright 2011<strong> Author </strong></div>
    <div id="right_footer">

<!-- Please do not change or delete this link. Read the license! Thanks. :-) -->
Design by <a href="http://www.realitysoftware.ca" title="Website Design">Reality Software</a>

    </div>
    </div>
    <!-- end footer -->
</div>
    <!-- end main -->
</body>
</html>

Last edited by grace1004; 11-03-2011 at 03:42 PM.
Reply With Quote
(#6)
Old
starr05 starr05 is offline
Member
starr05 is on a distinguished road
 
Posts: 52
Join Date: Oct 2011
Default 11-04-2011, 02:11 AM

And I placed the <form> tag correctly, as Drums suggested?

Code:
<!--
Author: Reality Software
Website: http://www.realitysoftware.ca
Note: This is a free template released under the Creative Commons Attribution 3.0 license, 
which means you can use it in any way you want provided you keep the link to the author intact.
-->
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title></title>
<link href="style.css" rel="stylesheet" type="text/css" /></head>
<body>


    <!-- header -->
    <div id="header">
        <div id="logo"><a href="index.html">Header</a></div>
        <ul id="menu">
            <ul>
            <li><a href="index.html">Home</a></li>
            <li><a href="">Link 1</a></li>
            <li><a href="">Link 2</a></li>
            <li><a href="">Link 3</a></li>
            <li><a href="">Contact</a></li>
        <li><a href="guestbook.php">Guestbook</a></li>
                  </ul>
<div id="icon"><a href="twitter.com/">
<img border="0" src="http://www.000webhost.com/forum/images/twitter.png" alt="twitter" width="58px;" height="53px;" />
</a></div>

   
  </div>
    <!--end header -->
    <!-- main -->
    <div id="main">
    <div id="content">

   
 <div id="text">
                <h1><strong>Guestbook</strong></h1>
</div>



<form id="form1" name="form1" method="post" action="addguestbook.php">

<table width="400" border="0" align="center" cellpadding="3" cellspacing="0">
<tr>
<td align="center"><strong>Guestbook</strong>
<p align="center">Please leave your comments.</p>
<p align="center">* Required field</p></td>
</tr>
</table>

<table width="400" border="0" align="center" cellpadding="0" cellspacing="1">
<tr>

<tr>
<td width="117">*Name</td>
<td width="14">:</td>
<td width="357"><input name="name" type="text" id="name" size="40" /></td>
</tr>
<tr>
<td valign="top">*Comment</td>
<td valign="top">:</td>
<td><textarea name="comment" cols="40" rows="3" id="comment"></textarea></td>
</tr>
<tr>
<td>*Captcha</td>
<td width="14">:</td>
<td><input name="verif_box" type="text" id="verif_box" style="padding:2px; border:1px solid #CCCCCC; width:180px; height:20px;font-family:Verdana, Arial, Helvetica, sans-serif; font-size:11px;"/>&nbsp;&nbsp;
<img src="verificationimage.php?<?php echo rand(0,9999);?>" alt="verification image, type it in the box" width="50" height="24" align="absbottom"/></td>
</tr>

<tr>
<td>&nbsp;</td>
<td>&nbsp;</td>
<td><input type="submit" name="Submit" value="Submit" /> <input type="reset" name="Submit2" value="Reset" /></td>
</tr>
</table>
</td>

</tr>
</table>
<table width="400" border="0" align="center" cellpadding="3" cellspacing="0">
<tr>
<td><strong><a href="viewguestbook.php">View Guestbook</a> </strong></td>
</tr>
</table>

</form>
</div>
           
     <!-- footer -->
    <div id="footer">
    <div id="left_footer">&copy; Copyright 2011<strong> Author </strong></div>
    <div id="right_footer">

<!-- Please do not change or delete this link. Read the license! Thanks. :-) -->
Design by <a href="http://www.realitysoftware.ca" title="Website Design">Reality Software</a>

    </div>
    </div>
    <!-- end footer -->
</div>
    <!-- end main -->



</body>
</html>
Reply With Quote
(#7)
Old
grace1004 grace1004 is offline
Senior Member
grace1004 is on a distinguished road
 
Posts: 890
Join Date: Dec 2010
Default 11-05-2011, 01:47 AM

Without putting form tag outside table tag, the code worked (I am a lazy person^^). It's better to change
as drums suggested, but make sure to change correctly.

After further testing, I found that in case of no or wrong captcha, it returned to the input form with
entered data all cleared, so users need to enter all fields again. So, I changed the code as follows:

if(md5($verif_box).'a4xn' != $_COOKIE['tntcon']){
echo("<script language=\"javascript\">
alert('You have not entered captcha or entered incorrect captcha!');
history.back();
</script>");
exit;
}

After getting "Thank you for signing my guestbook!" message, malicious users can upload repeatedly
the same data they entered whenever they click refresh button without entering again in the input form.
To prevent this, it's better to change:

From:
echo "<a href='viewguestbook.php'>View guestbook</a>";

To:
echo "<meta http-equiv='Refresh' content='1; URL=viewguestbook.php'>";

Last edited by grace1004; 11-05-2011 at 01:58 AM.
Reply With Quote
(#8)
Old
starr05 starr05 is offline
Member
starr05 is on a distinguished road
 
Posts: 52
Join Date: Oct 2011
Default 11-05-2011, 02:50 AM

How can I put the alert box on the same page as the form? Right now, when I leave the captcha empty, it directs me to another page showing me the alert box.
Reply With Quote
(#9)
Old
grace1004 grace1004 is offline
Senior Member
grace1004 is on a distinguished road
 
Posts: 890
Join Date: Dec 2010
Default 11-05-2011, 05:21 AM

I tested at your site with empty captcha box and it worked fine. When alert box came up, just click OK button,
and it will take you to the input form again. If you don't like alert box, use the the following code:

if(md5($verif_box).'a4xn' != $_COOKIE['tntcon']){
echo "You have not entered captcha or entered incorrect captcha!";
exit;
}

With the above code, users need to click back arrow to return to input form page.

If you want to put the javascript code on the form page, you need to write a new javascript function
for sending and validating captcha, which is more complex than the one I suggested. If you really
want that, you can find from googling.

Last edited by grace1004; 11-05-2011 at 06:04 AM.
Reply With Quote
(#10)
Old
starr05 starr05 is offline
Member
starr05 is on a distinguished road
 
Posts: 52
Join Date: Oct 2011
Default 11-05-2011, 09:48 PM

Ok, I'll just leave it that way its. Now if I do leave it the way it is, the page the alert box shows up, there is a grey bar the shows up, how do I get rid of that grey bar? Not sure if I have an open div or not.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump



Powered by vBulletin® Version 3.8.2
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
vBulletin Skin developed by: vBStyles.com