CODEWITHSUNDEEP
phpcaptcha
phpnewbie2015
phpnewbie2015

Reputation: 376

PHP : Captcha verification code not working properly;

I am creating a very simple Captcha verification process.

(When a user tries to log into my website 3 times, without success, he is re-directed to the Captcha Page (captcha.php), to verify that he is not a spam-bot)

The Captcha value itself is randomly generated from a string of letters and numbers. 6 digits in all.

And then, I compare this value with the value entered by the user into a text-box. if the values match, the user may proceed. If not, the page reloads, an error message is displayed, and a new captcha is generated.

Very simple. No javascript, no ajax.

Except for one thing : the Captcha is NOT re-directing if the user provides the correct value.

Instead, it gives the error message every time.

  <?php session_start();

   include 'database_connect.php';

   function getRandomString($length)  {
   $validCharacters =  
   "ABCDEFGHIJKLMNPQRSTUVWXYZ123456789";
    $validCharNumber = strlen($validCharacters);
    $result = "";

    for ($i = 0; $i < $length; $i++) {
    $index = mt_rand(0, $validCharNumber - 1);
    $result .= $validCharacters[$index];
    }
    return $result; }

    $captcha_value = getRandomString(6);

    ?>

   <!DOCTYPE html>
   <html>
   <head>
        <META HTTP-EQUIV="Cache-Control" CONTENT="no-cache">
        <META HTTP-EQUIV="Cache-Control" CONTENT="no-store">
        <META HTTP-EQUIV="Pragma" CONTENT="no-cache">
        <META HTTP-EQUIV="Expires" CONTENT="0">
        <META CHARSET="UTF-8">      
        <title>Captcha Test</title>         
  </head>
 <body>
    <fieldset><legend>CAPTCHA :</legend>

     <?php 
            if (isset($_POST['submit'])) {

                $post_captcha = $_POST['captcha'];

                if ($post_captcha == $captcha_value) {

                $clear_failed_logins =  mysqli_query($conn,("Delete FROM 
                                        login_attempts where login = 
                                        '$_POST[login]'")) 
                                        or die(mysqli_error($conn)); 

                header ("Location: /example.com/login.php");    
                exit();     
            }
            else {

            echo "<p style='color:red; font-weight:bold;'>The value you  
                   entered is not correct! Please try again.</p>";
             }
          }
        ?> 

        <p>Please input the characters you see into the text-box below :</p>
        <p>  <?= $captcha_value ?> </p>
        <form method="POST" action="captcha.php">
        <input type="text" name="captcha" id="captcha" size=10 
                     autocomplete="off" required><br><br><br> 
        <input type="submit" name="submit" id="submit" value="SUBMIT"> 
        </form>
    </fieldset>

Upvotes: 0

Views: 1515

Answers (1)

jmattheis
jmattheis

Reputation: 11135

You can't redirect with header in php after you output something to the user, so move that if else block to the top of you page before something get output. If you want to redirect at this position try a meta refresh

 <meta http-equiv="refresh" content="0; URL=http://www.domain.com">

Additionally you should store the captcha value in the form because it get regenerated every time the page get refreshed (so after a form submit), i suggest you to try it with reCaptcha, that is easy to implement and alot more secure

Upvotes: 1

Related Questions