Help with "Captcha" validation

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
Draygon
Forum Newbie
Posts: 3
Joined: Tue Jul 22, 2008 1:18 pm

Help with "Captcha" validation

Post by Draygon »

~pickle | Please use [ code=html ], [ code=php ], etc tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read: :arrow: Posting Code in the Forums to learn how to do it too.


I have created a admin page that allows the admins to check a database and make some changes to it if needed. I have put in a captcha function and am having trouble figuring out why it will not validate. I know I am entereing in the 6 character string correctly but it doesnt see it that way. Could someone look this code over and see if you cant figure out where I am going wrong, because I have been looking for 3 days and cant figure it out. Any help here is greatly appreciated.

Code: Select all

<?
$action=(isset($_GET['action']) ? $_GET['action'] : 'start');
 
if($action == 'admin' || isset($_GET['captcha'])){
session_name("tlssutlsa");
session_set_cookie_params(900);
} else {
session_name("tlssutls");
session_set_cookie_params(604800);
}
session_start();
 
function makeRandomString($length){
$chars="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvqwxyz0123456789";
$ret = "";
for($i=0; $i<$length; $i++) {
$r = rand(0,(strlen($chars)-1));
$ret .= $chars[$r];
}
return $ret;
}
 
if(isset($_GET['captcha'])){
    $_SESSION['captcha']='';
    $textstr=makeRandomString(6);
    $_SESSION['captcha']=md5('tls'.strtolower($textstr).'cpt');
    for($i=0; $i < 6; $i++)
        $str[$i]=substr($textstr, $i, 1);
    $textstr="";
    $font = "STENCIL.TTF";
    $im = ImageCreateTrueColor(200,50);
    for($i=0; $i < 6; $i++){
        $size[$i] = rand(20, 27);
        $angle[$i] = rand(-45, 45);
        $color[$i] = ImageColorAllocate($im, rand(20, 45), rand(20, 45), rand(20, 45));
    }
    $color[6] = ImageColorAllocateAlpha($im, rand(0, 255), rand(0, 255), rand(0, 255), 87);
    $color[7] = ImageColorAllocateAlpha($im, rand(0, 255), rand(0, 255), rand(0, 255), 87);
    $color[8] = ImageColorAllocateAlpha($im, rand(0, 255), rand(0, 255), rand(0, 255), 87);
    $color[9] = ImageColorAllocateAlpha($im, rand(0, 255), rand(0, 255), rand(0, 255), 87);
    $color[10] = ImageColorAllocateAlpha($im, rand(0, 255), rand(0, 255), rand(0, 255), 87);
    $color[11] = ImageColorAllocateAlpha($im, rand(0, 255), rand(0, 255), rand(0, 255), 87);
    $color[12] = ImageColorAllocateAlpha($im, rand(0, 255), rand(0, 255), rand(0, 255), 30);
    $color[13] = ImageColorAllocateAlpha($im, rand(0, 255), rand(0, 255), rand(0, 255), 30);
    $color[14] = ImageColorAllocateAlpha($im, rand(0, 255), rand(0, 255), rand(0, 255), 87);
    $color[15] = ImageColorAllocateAlpha($im, rand(0, 255), rand(0, 255), rand(0, 255), 87);
    $color[16] = ImageColorAllocateAlpha($im, rand(0, 255), rand(0, 255), rand(0, 255), 87);
    $bg = ImageColorAllocate($im, 255, 255, 255);
    $textsize = imagettfbbox($size[0], $angle[0], $font, $str[0]);
    $twidth = abs($textsize[2]-$textsize[0]);
    $theight = abs($textsize[5]-$textsize[3]);
    $x = (imagesx($im)/2)-($twidth/2)+(rand(-20, 20))-52;
    $y = (imagesy($im))-($theight/2);
    ImageFilledRectangle($im, 0, 0, 200, 50, $bg);
    ImageFilledEllipse($im, rand(20,80), rand(20,40), rand(40, 80), rand(40, 80), $color[14]);
    ImageFilledEllipse($im, rand(85,125), rand(20,40), rand(40, 80), rand(40, 80), $color[15]);
    ImageFilledEllipse($im, rand(130,190), rand(20,40), rand(40, 80), rand(40, 80), $color[16]);
    for($i=0; $i < 6; $i++)
        ImageTTFText($im, $size[$i], $angle[$i], $x+($i*25), $y, $color[$i], $font, $str[$i]);
    ImageFilledEllipse($im, rand(20,50), rand(20,40), rand(40, 80), rand(40, 80), $color[6]);
    ImageFilledEllipse($im, rand(55,85), rand(20,40), rand(40, 80), rand(40, 80), $color[7]);
    ImageFilledEllipse($im, rand(90,120), rand(20,40), rand(40, 80), rand(40, 80), $color[8]);
    ImageFilledEllipse($im, rand(125,155), rand(20,40), rand(40, 80), rand(40, 80), $color[9]);
    ImageFilledEllipse($im, rand(160,190), rand(20,40), rand(40, 80), rand(40, 80), $color[10]);
    ImageFilledEllipse($im, rand(0,20), rand(20,40), rand(40, 80), rand(40, 80), $color[11]);
    ImageLine($im, rand(0,90) , rand(0,40) , rand(110,200) , rand(-40,90) , $color[12] );
    ImageLine($im, rand(0,90) , rand(-40,90) , rand(110,200) , rand(0,40) , $color[13] );
    for($i=0; $i < 6; $i++)
        $str[$i]="";
    header("Content-Type: image/png");
    ImagePNG($im); 
    imagedestroy($im);
    die('<a href="signup.php?action=admin&'.htmlspecialchars(SID).'">Admin</a>');
}
 
case 'admin':
        if(isset($_GET['sa']) && $_GET['sa'] == 'dologin')
            $_SESSION['ecaptcha']=md5('tls'.$_POST['tlscaptcha'].'cpt');
        if(!isset($_GET['sa']) || ((!isset($_SESSION['time']) || !isset($_SESSION['captcha']) || !isset($_SESSION['ecaptcha']) || !isset($_SESSION['hash']) || $_SESSION['hash'] != md5($_SESSION['time'].'laststand123'.SID) || $_SESSION['time']+1800 < time() || $_SESSION['captcha'] != $_SESSION['ecaptcha']) && $_GET['sa'] != 'dologin') || $_GET['sa'] == 'login'){
        $_SESSION['hash']='';
        $_SESSION['time']='';
        $_SESSION['captcha']='';
        $_SESSION['ecaptcha']='';
        $sa='login';
        } else
        $sa=$_GET['sa'];
 
        switch ($sa){
            case 'login':
                echo 'Your session has expired or you have not logged in yet<br>Please enter the admin password and captcha below<br><br>
<form action="signup.php?action=admin&sa=dologin&'.htmlspecialchars(SID).'" method="post"><input type="password" name="tlspwd"><br>
<img src="signup.php?captcha"><br><input type="text" name="tlscaptcha"><br>
<input type="submit" value="Login"></form>';
                break;
            case 'dologin':
                echo '<script>
function showSp(num){
    document.getElementById(\'sp\'+num).style.display="inline";
}
</script>
Starting session...';
                $_SESSION['ecaptcha']=md5('tls'.strtolower($_POST['tlscaptcha']).'cpt');
                $_SESSION['time']=time();
                echo '<span style="display:none" id="sp1">done<br>Validating password...</span><script>setTimeout(\'showSp(1)\',500);</script>';
                if($_POST['tlspwd'] != '***********){
                    echo '<span style="display:none" id="sp2">failed<br><a href="signup.php?action=admin&'.htmlspecialchars(SID).'">Please try again</a></span><script>setTimeout(\'showSp(2)\',1000);</script>';
                    die('<br><br><a href="signup.php?action=admin&'.htmlspecialchars(SID).'">Admin</a>');
                } else
                echo '<span style="display:none" id="sp2">done<br>Validating captcha...</span><script>setTimeout(\'showSp(2)\',1000);</script>';
                if($_SESSION['captcha'] != $_SESSION['ecaptcha']){
                    echo '<span style="display:none" id="sp3">failed<br><a href="signup.php?action=admin&'.htmlspecialchars(SID).'">Please try again</a></span><script>setTimeout(\'showSp(3)\',1500);</script>';
                    die('<br><br><a href="signup.php?action=admin&'.htmlspecialchars(SID).'">Admin</a>');
                } else
                echo '<span style="display:none" id="sp3">done<br>Generating auth string...</span><script>setTimeout(\'showSp(3)\',1500);</script>';
                $_SESSION['hash']=md5($_SESSION['time'].'laststand123'.SID);
                echo '<span style="display:none" id="sp4">done<br>Login successful<br>
<a href="signup.php?action=admin&sa=menu&'.htmlspecialchars(SID).'">Click here to continue</a></span><script>setTimeout(\'showSp(4)\',2000);</script>';
                break;
 

~pickle | Please use [ code=html ], [ code=php ], etc tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read: :arrow: Posting Code in the Forums to learn how to do it too.
User avatar
pickle
Briney Mod
Posts: 6445
Joined: Mon Jan 19, 2004 6:11 pm
Location: 53.01N x 112.48W
Contact:

Re: Help with "Captcha" validation

Post by pickle »

Do an output of what you're typing in & what it expects, to see how they differ from what you think they should be.
Real programmers don't comment their code. If it was hard to write, it should be hard to understand.
User avatar
panic!
Forum Regular
Posts: 516
Joined: Mon Jul 31, 2006 7:59 am
Location: Brighton, UK

Re: Help with "Captcha" validation

Post by panic! »

Have you considered using Recapcha? Their solution is pretty good and very easy to implement.

http://recaptcha.net/
Post Reply