CODEWITHSUNDEEP
phpcaptcha
jq beginner
jq beginner

Reputation: 1070

custom captcha submits form even if code is not correct

i'm using a custom captcha but it's submitting form even if the code is not correct here's the index page main code 

$(document).ready(function() { 

 $('#Send').click(function() {  

        // name validation

        var nameVal = $("#name").val();
        if(nameVal == '') {

            $("#name_error").html('');
            $("#name").after('<label class="error" id="name_error">Please enter your name.</label>');
            return false
        }
        else
        {
            $("#name_error").html('');
        }

        /// email validation

        var emailReg = /^([\w-\.]+@([\w-]+\.)+[\w-]{2,4})?$/;
        var emailaddressVal = $("#email").val();

        if(emailaddressVal == '') {
            $("#email_error").html('');
            $("#email").after('<label class="error" id="email_error">Please enter your email address.</label>');
            return false
        }
        else if(!emailReg.test(emailaddressVal)) {
            $("#email_error").html('');
            $("#email").after('<label class="error" id="email_error">Enter a valid email address.</label>');
            return false

        }
        else
        {
            $("#email_error").html('');
        }

        $.post("post.php?"+$("#MYFORM").serialize(), {

        }, function(response){

        if(response==1)
        {
            $("#after_submit").html('');
            $("#Send").after('<label class="success" id="after_submit">Your message has been submitted.</label>');
            change_captcha();
            clear_form();
        }
        else
        {
            $("#after_submit").html('');
            $("#Send").after('<label class="error" id="after_submit">Error ! invalid captcha code .</label>');
        }


    });

    return false;
 });

 // refresh captcha
 $('img#refresh').click(function() {  

        change_captcha();
 });

 function change_captcha()
 {
    document.getElementById('captcha').src="get_captcha.php?rnd=" + Math.random();
 }

 function clear_form()
 {
    $("#name").val('');
    $("#email").val('');
    $("#message").val('');
 }
});

index.php code (session_start is at the beginning of the file)

<form action="#" name="MYFORM" id="MYFORM">
<label>Name</label>
<input name="name" size="30" type="text" id="name">
<br clear="all" />
<label>Email</label>
<input name="email" size="30" type="text" id="email">
<br clear="all" />
<label>Message</label>
<textarea id="message" name="message"></textarea>
<br clear="all" />  
<div id="wrap" align="center">
    <img src="get_captcha.php" alt="" id="captcha" />       
    <br clear="all" />
    <input name="code" type="text" id="code">
</div>
<img src="refresh.jpg" width="25" alt="" id="refresh" />        
<br clear="all" /><br clear="all" />
<label>&nbsp;</label>
<input value="Send" type="submit" id="Send">
</form>

post.php code

session_start();    
if(@$_REQUEST['code'] || @strtolower($_REQUEST['code']) == strtolower($_SESSION['random_number']))
{               
    echo 1;// submitted         
}
else
{
    echo 0; // invalid code
}

get_captcha.php file

session_start();
$string = '';
for ($i = 0; $i < 5; $i++) {
$string .= chr(rand(97, 122));
}
$_SESSION['random_number'] = $string;
$dir = 'fonts/';
$image = imagecreatetruecolor(165, 50);
$num = rand(1,2);
if($num==1)
{
$font = "Capture it 2.ttf"; // font style
}
else
{
$font = "Molot.otf";// font style
}
$num2 = rand(1,2);
if($num2==1)
{
$color = imagecolorallocate($image, 113, 193, 217);// color
}
else
{
$color = imagecolorallocate($image, 163, 197, 82);// color
}

$white = imagecolorallocate($image, 255, 255, 255); // background color white
imagefilledrectangle($image,0,0,399,99,$white);

imagettftext ($image, 30, 0, 10, 40, $color, $dir.$font, $_SESSION['random_number']);

header("Content-type: image/png");
imagepng($image);

here's the the whole code http://download1473.mediafire.com/ef2uaexp2hmg/3j63qbbq7xiwryi/captcha.rar

Upvotes: 0

Views: 295

Answers (2)

Anonymous Penguin
Anonymous Penguin

Reputation: 2137

(Building upon the other answers)

You're making a big mistake. Why would you suppress errors with the @ symbol? That's just bad coding. You might have a bigger problem somewhere and you'd never know about this. If it's a habit, what about when you're handling critical data? Are you going to ignore errors?

To your actual code, do you want to use isset() first in the if statement? Is that what you mean to do?

This is what your code should look like...

session_start();    
if(isset($_REQUEST['code']) && strtolower($_REQUEST['code']) == strtolower($_SESSION['random_number']))
{               
    echo 1;// submitted         
}
else
{
    echo 0; // invalid code
}

Upvotes: 3

klandaika
klandaika

Reputation: 357

There probably should be an && in post.php code, otherwise, as long as $_REQUEST['code'] is not empty it will execute echo 1.

session_start();    
if(@$_REQUEST['code'] && @strtolower($_REQUEST['code']) == strtolower($_SESSION['random_number']))
{               
    echo 1;// submitted         
}
else
{
    echo 0; // invalid code
}

Upvotes: 1

Related Questions