I'm trying to code a CAPTCHA anispam picture into a contact form I have. I can generate the image and everything just fine, but I'm trying to figure out how to make the submition of the form conditional. I don't have access to the sendmail script (it's only a university server outside my department) so I either need to validate the user entered code client-side, or I need to send it to a validation page that will then pass on the form information to the sendmail script.

Any tips? Do I need to share some of my existing code?

The security image is created via PHP. Ideally, I'd like to make the form action condition upon the user entered securty code. i.e. if the code is write, submit too sendmail script, else submit to somewhere else where I can bombard them with error messages.

5/15/2006 4:03:49 PM

i don't know what you just said, but i'll take your word for it

5/15/2006 4:06:38 PM

is this a home grown submission process? you're not using a blogging engine or CMS or anything? Of course stuff like Wordpress will do all this for you.

5/15/2006 4:36:20 PM

This is all from scratch stuff. I din't design the origional form, but it's just standard html form stuff. I modified some PHP I found to generate teh random image and I was trying to modify the following PHP snippet to do my bidding, but it's for checking after the fact:

<?php
// check for posted form
if (isset($_POST['submit'])) {
// see if the code the user typed matched the generated code
if (strtoupper($_POST['code']) == $_SESSION['code']) {
echo 'Congratulations, you entered the correct code.';
} else {
echo 'You have entered the wrong code. Please <a href="reportformTEST.php">try again</a>.';
}
} else {
?>

I just can't seem to find a way to make the form submit function conditional the way I currently have it set up. I thinking of using an open source PHP form mail program if I can't get this to work. I would like to figure this out though.

5/15/2006 5:09:25 PM

bttmft

5/16/2006 11:38:59 AM

then the form action needs to call a Javascript which can compare the CAPTCHA somehow before submitting the form. You can't do that in PHP, obviously, since that's run on the server.

5/16/2006 11:42:29 AM

^ I tried something similar to that with java script using the onSubmit event. What I coded didn't work obviously. Is there a way I can make the javascript and PHP play together so I can use the comparison code I showed a few posts above?

5/16/2006 1:51:21 PM

BTTT

5/17/2006 11:12:25 AM

I don't think doing a captcha in javascript is a good idea. The user can disable javascript, or save your HTML page on their HD and edit the javascript out.

5/17/2006 10:32:00 PM

ding ding ding.

Not only that, there are TONS of GOOD php captcha scripts out there, why in the world are you writing your own? Just grab one and go

Also, as a side note, Captcha's aren't going to prevent spammers. I wrote a working captcha breaker in a few hours.

[Edited on May 17, 2006 at 11:05 PM. Reason : .]

5/17/2006 11:04:18 PM

use KittenAuth! http://www.kittenauth.com/

5/18/2006 8:02:17 AM

this whole problem could probably be fixed without a captcha. google for php form mail header injection.

5/18/2006 12:00:54 PM