CODEWITHSUNDEEP
phpformsvalidation
flapane
flapane

Reputation: 543

php captcha code not working

I'm using an old random() function for creating a validation code for an AJAX commenting system I found on the web (source code at LINK ).

The idea behind is pretty simple: 

 function Random()
{
$chars = "ABCDEFGHJKLMNPQRSTUVWZYZ23456789";
srand((double)microtime()*1000000);
$i = 0;
$pass = '' ;
while ($i <= 4)
{
$num = rand() % 32;
$tmp = substr($chars, $num, 1);
$pass = $pass . $tmp;
$i++;
}
return $pass;
}
$random_code = Random();

and then in the form, just before the SUBMIT button: 

<label for="security_code">Enter this captcha code: <b><? echo $random_code; ?></b></label>
<input type="text" name="security_code" id="security_code" />

<input name="randomness" type="hidden" id="randomness" value="<?php $random_code; ?>">

My AJAX commenting system uses something like this for checking if a field is blank (ie. if there are any errors): 

$errors = array();
$data= array();
[...]

if(!($data['name'] = filter_input(INPUT_POST,'name',FILTER_CALLBACK,array('options'=>'Comment::validate_text'))))
{
$errors['name'] = 'Please enter a name.';
}

if(!empty($errors)){
[...]
}

so I wrote this: 

if(!($data['security_code'] = filter_input(INPUT_POST,'security_code',FILTER_CALLBACK,array('options'=>'Comment::validate_text'))))
{
$errors['security_code'] = 'You did not enter the validation code.';
}
elseif(!($data['security_code'] = $randomness))
{
$errors['security_code'] = 'You entered the validation code incorrectly. Please note that it is case sensitive.';
}

However when I click on the SUBMIT button after having inserted a random text in the validation code textfield ( test it by yourself at LINK ) I always get the "You entered the validation code incorrectly." message.

print_r($_POST) gives an empty array and then the script hangs after I click on submit: Array ( )

What am I missing? The original captcha code gets lost at some point in the validation process (the 3rd and 4th blocks of code). Thanks in advance

Upvotes: 0

Views: 920

Answers (2)

Shrinath
Shrinath

Reputation: 8118

After seeing your code here, I see that the static function validate doesn't know the variable $randomness! From your submit.php, you are making the following call:

$arr = array();
$validates = Comment::validate($arr);

The function validate doesn't know anything about the variable $randomness unless you pass such a thing to it - it is in a different scope.

Try modifying the above mentioned code as such: 

    $arr = array(); // no change here  

    $randomness = isset($_POST['randomness']) ? $_POST['randomness'] : '';   
    // Check for empty randomness before you validate it in Comment::validate
    // so that you donot verify for '' == '' there. 

    $validates = Comment::validate($arr, $randomness);

And alter the validate function as follows: 

    public static function validate(&$arr, $randomness)
    {

I know its not the elegant solution - that would require few more things that you'd learn well for yourself, this is just to show you the way...
Let me know how it goes.

Upvotes: 1

user1299518
user1299518

Reputation:

instead of:

<input name="randomness" type="hidden" id="randomness" value="<?php $random_code; ?>">

write:

<input name="randomness" type="hidden" id="randomness" value="<?php echo $random_code; ?>">

also instead of:

elseif(!($data['security_code'] = $randomness))
{
$errors['security_code'] = 'You entered the validation code incorrectly. Please note that it is case sensitive.';
}

maybe this:

elseif($data['security_code'] != $randomness) {
   $errors['security_code'] = 'You entered the validation code incorrectly. Please note that it is case sensitive.';
}

also, from where $data get its values? $_POST, $_GET? print_r() it and also the $_REQUEST to light up.

Upvotes: 0

Related Questions