Page 1 of 1

Help with "Captcha" validation

Posted: Tue Aug 26, 2008 9:51 am
by Draygon
~pickle | Please use [ code=html ], [ code=php ], etc tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read: :arrow: Posting Code in the Forums to learn how to do it too.


I have created a admin page that allows the admins to check a database and make some changes to it if needed. I have put in a captcha function and am having trouble figuring out why it will not validate. I know I am entereing in the 6 character string correctly but it doesnt see it that way. Could someone look this code over and see if you cant figure out where I am going wrong, because I have been looking for 3 days and cant figure it out. Any help here is greatly appreciated.

Code: Select all

<?
$action=(isset($_GET['action']) ? $_GET['action'] : 'start');
 
if($action == 'admin' || isset($_GET['captcha'])){
session_name("tlssutlsa");
session_set_cookie_params(900);
} else {
session_name("tlssutls");
session_set_cookie_params(604800);
}
session_start();
 
function makeRandomString($length){
$chars="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvqwxyz0123456789";
$ret = "";
for($i=0; $i<$length; $i++) {
$r = rand(0,(strlen($chars)-1));
$ret .= $chars[$r];
}
return $ret;
}
 
if(isset($_GET['captcha'])){
    $_SESSION['captcha']='';
    $textstr=makeRandomString(6);
    $_SESSION['captcha']=md5('tls'.strtolower($textstr).'cpt');
    for($i=0; $i < 6; $i++)
        $str[$i]=substr($textstr, $i, 1);
    $textstr="";
    $font = "STENCIL.TTF";
    $im = ImageCreateTrueColor(200,50);
    for($i=0; $i < 6; $i++){
        $size[$i] = rand(20, 27);
        $angle[$i] = rand(-45, 45);
        $color[$i] = ImageColorAllocate($im, rand(20, 45), rand(20, 45), rand(20, 45));
    }
    $color[6] = ImageColorAllocateAlpha($im, rand(0, 255), rand(0, 255), rand(0, 255), 87);
    $color[7] = ImageColorAllocateAlpha($im, rand(0, 255), rand(0, 255), rand(0, 255), 87);
    $color[8] = ImageColorAllocateAlpha($im, rand(0, 255), rand(0, 255), rand(0, 255), 87);
    $color[9] = ImageColorAllocateAlpha($im, rand(0, 255), rand(0, 255), rand(0, 255), 87);
    $color[10] = ImageColorAllocateAlpha($im, rand(0, 255), rand(0, 255), rand(0, 255), 87);
    $color[11] = ImageColorAllocateAlpha($im, rand(0, 255), rand(0, 255), rand(0, 255), 87);
    $color[12] = ImageColorAllocateAlpha($im, rand(0, 255), rand(0, 255), rand(0, 255), 30);
    $color[13] = ImageColorAllocateAlpha($im, rand(0, 255), rand(0, 255), rand(0, 255), 30);
    $color[14] = ImageColorAllocateAlpha($im, rand(0, 255), rand(0, 255), rand(0, 255), 87);
    $color[15] = ImageColorAllocateAlpha($im, rand(0, 255), rand(0, 255), rand(0, 255), 87);
    $color[16] = ImageColorAllocateAlpha($im, rand(0, 255), rand(0, 255), rand(0, 255), 87);
    $bg = ImageColorAllocate($im, 255, 255, 255);
    $textsize = imagettfbbox($size[0], $angle[0], $font, $str[0]);
    $twidth = abs($textsize[2]-$textsize[0]);
    $theight = abs($textsize[5]-$textsize[3]);
    $x = (imagesx($im)/2)-($twidth/2)+(rand(-20, 20))-52;
    $y = (imagesy($im))-($theight/2);
    ImageFilledRectangle($im, 0, 0, 200, 50, $bg);
    ImageFilledEllipse($im, rand(20,80), rand(20,40), rand(40, 80), rand(40, 80), $color[14]);
    ImageFilledEllipse($im, rand(85,125), rand(20,40), rand(40, 80), rand(40, 80), $color[15]);
    ImageFilledEllipse($im, rand(130,190), rand(20,40), rand(40, 80), rand(40, 80), $color[16]);
    for($i=0; $i < 6; $i++)
        ImageTTFText($im, $size[$i], $angle[$i], $x+($i*25), $y, $color[$i], $font, $str[$i]);
    ImageFilledEllipse($im, rand(20,50), rand(20,40), rand(40, 80), rand(40, 80), $color[6]);
    ImageFilledEllipse($im, rand(55,85), rand(20,40), rand(40, 80), rand(40, 80), $color[7]);
    ImageFilledEllipse($im, rand(90,120), rand(20,40), rand(40, 80), rand(40, 80), $color[8]);
    ImageFilledEllipse($im, rand(125,155), rand(20,40), rand(40, 80), rand(40, 80), $color[9]);
    ImageFilledEllipse($im, rand(160,190), rand(20,40), rand(40, 80), rand(40, 80), $color[10]);
    ImageFilledEllipse($im, rand(0,20), rand(20,40), rand(40, 80), rand(40, 80), $color[11]);
    ImageLine($im, rand(0,90) , rand(0,40) , rand(110,200) , rand(-40,90) , $color[12] );
    ImageLine($im, rand(0,90) , rand(-40,90) , rand(110,200) , rand(0,40) , $color[13] );
    for($i=0; $i < 6; $i++)
        $str[$i]="";
    header("Content-Type: image/png");
    ImagePNG($im); 
    imagedestroy($im);
    die('<a href="signup.php?action=admin&'.htmlspecialchars(SID).'">Admin</a>');
}
 
case 'admin':
        if(isset($_GET['sa']) && $_GET['sa'] == 'dologin')
            $_SESSION['ecaptcha']=md5('tls'.$_POST['tlscaptcha'].'cpt');
        if(!isset($_GET['sa']) || ((!isset($_SESSION['time']) || !isset($_SESSION['captcha']) || !isset($_SESSION['ecaptcha']) || !isset($_SESSION['hash']) || $_SESSION['hash'] != md5($_SESSION['time'].'laststand123'.SID) || $_SESSION['time']+1800 < time() || $_SESSION['captcha'] != $_SESSION['ecaptcha']) && $_GET['sa'] != 'dologin') || $_GET['sa'] == 'login'){
        $_SESSION['hash']='';
        $_SESSION['time']='';
        $_SESSION['captcha']='';
        $_SESSION['ecaptcha']='';
        $sa='login';
        } else
        $sa=$_GET['sa'];
 
        switch ($sa){
            case 'login':
                echo 'Your session has expired or you have not logged in yet<br>Please enter the admin password and captcha below<br><br>
<form action="signup.php?action=admin&sa=dologin&'.htmlspecialchars(SID).'" method="post"><input type="password" name="tlspwd"><br>
<img src="signup.php?captcha"><br><input type="text" name="tlscaptcha"><br>
<input type="submit" value="Login"></form>';
                break;
            case 'dologin':
                echo '<script>
function showSp(num){
    document.getElementById(\'sp\'+num).style.display="inline";
}
</script>
Starting session...';
                $_SESSION['ecaptcha']=md5('tls'.strtolower($_POST['tlscaptcha']).'cpt');
                $_SESSION['time']=time();
                echo '<span style="display:none" id="sp1">done<br>Validating password...</span><script>setTimeout(\'showSp(1)\',500);</script>';
                if($_POST['tlspwd'] != '***********){
                    echo '<span style="display:none" id="sp2">failed<br><a href="signup.php?action=admin&'.htmlspecialchars(SID).'">Please try again</a></span><script>setTimeout(\'showSp(2)\',1000);</script>';
                    die('<br><br><a href="signup.php?action=admin&'.htmlspecialchars(SID).'">Admin</a>');
                } else
                echo '<span style="display:none" id="sp2">done<br>Validating captcha...</span><script>setTimeout(\'showSp(2)\',1000);</script>';
                if($_SESSION['captcha'] != $_SESSION['ecaptcha']){
                    echo '<span style="display:none" id="sp3">failed<br><a href="signup.php?action=admin&'.htmlspecialchars(SID).'">Please try again</a></span><script>setTimeout(\'showSp(3)\',1500);</script>';
                    die('<br><br><a href="signup.php?action=admin&'.htmlspecialchars(SID).'">Admin</a>');
                } else
                echo '<span style="display:none" id="sp3">done<br>Generating auth string...</span><script>setTimeout(\'showSp(3)\',1500);</script>';
                $_SESSION['hash']=md5($_SESSION['time'].'laststand123'.SID);
                echo '<span style="display:none" id="sp4">done<br>Login successful<br>
<a href="signup.php?action=admin&sa=menu&'.htmlspecialchars(SID).'">Click here to continue</a></span><script>setTimeout(\'showSp(4)\',2000);</script>';
                break;
 

~pickle | Please use [ code=html ], [ code=php ], etc tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read: :arrow: Posting Code in the Forums to learn how to do it too.

Re: Help with "Captcha" validation

Posted: Tue Aug 26, 2008 11:19 am
by pickle
Do an output of what you're typing in & what it expects, to see how they differ from what you think they should be.

Re: Help with "Captcha" validation

Posted: Wed Aug 27, 2008 9:47 am
by panic!
Have you considered using Recapcha? Their solution is pretty good and very easy to implement.

http://recaptcha.net/