 |
|
| Coding Forum Problems with your code? Discuss coding issues, including JavaScript, PHP & MySQL, HTML & CSS, Flash & ActionScript, and more. |
|
 |
04-02-2012, 05:13 PM
|
|
Contributing Member
Latest Blog:
None
|
|
Join Date: 03-20-11
Posts: 65
|
|
|
captcha for register and login - help!
This is probably the easiest problem for experienced coders to solve, but I'm not yet that experienced!
PHP Code:
<?php require_once('Connections/test.php'); ?>
<?php
if (!function_exists("GetSQLValueString")) {
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "")
{
if (PHP_VERSION < 6) {
$theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;
}
$theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);
switch ($theType) {
case "text":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "long":
case "int":
$theValue = ($theValue != "") ? intval($theValue) : "NULL";
break;
case "double":
$theValue = ($theValue != "") ? doubleval($theValue) : "NULL";
break;
case "date":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "defined":
$theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
break;
}
return $theValue;
}
}
// *** Redirect if username exists
$MM_flag="MM_insert";
if (isset($_POST[$MM_flag])) {
$MM_dupKeyRedirect="login.php";
$loginUsername = $_POST['username'];
$LoginRS__query = sprintf("SELECT username FROM `user` WHERE username=%s", GetSQLValueString($loginUsername, "text"));
mysql_select_db($database_test, $test);
$LoginRS=mysql_query($LoginRS__query, $test) or die(mysql_error());
$loginFoundUser = mysql_num_rows($LoginRS);
//if there is a row in the database, the username was found - can not add the requested username
if($loginFoundUser){
$MM_qsChar = "?";
//append the username to the redirect page
if (substr_count($MM_dupKeyRedirect,"?") >=1) $MM_qsChar = "&";
$MM_dupKeyRedirect = $MM_dupKeyRedirect . $MM_qsChar ."requsername=".$loginUsername;
header ("Location: $MM_dupKeyRedirect");
exit;
}
}
$editFormAction = $_SERVER['PHP_SELF'];
if (isset($_SERVER['QUERY_STRING'])) {
$editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']);
}
if ((isset($_POST["MM_insert"])) && ($_POST["MM_insert"] == "form1")) {
$insertSQL = sprintf("INSERT INTO `user` (username, password, email, paypal) VALUES (%s, %s, %s, %s)",
GetSQLValueString($_POST['username'], "text"),
GetSQLValueString($_POST['password'], "text"),
GetSQLValueString($_POST['email'], "text"),
GetSQLValueString($_POST['paypal'], "text"));
mysql_select_db($database_test, $test);
$Result1 = mysql_query($insertSQL, $test) or die(mysql_error());
$insertGoTo = "welcome.php";
if (isset($_SERVER['QUERY_STRING'])) {
$insertGoTo .= (strpos($insertGoTo, '?')) ? "&" : "?";
$insertGoTo .= $_SERVER['QUERY_STRING'];
}
header(sprintf("Location: %s", $insertGoTo));
}
?>
<?php include ('header.php'); ?>
<div id="content">
<div id="contentleft">
<p>I do <em>not</em> sell emails or anything like that and even if I were approached for such a thing, I'd refuse. The information from this form allows access to the ability to purchase the dolls that are featured on this site.</p>
<form action="<?php echo $editFormAction; ?>" method="post" name="form1" id="form1">
<table align="center">
<tr valign="baseline">
<td nowrap="nowrap" align="right">Username:</td>
<td><input type="text" name="username" value="" size="32" /></td>
</tr>
<tr valign="baseline">
<td nowrap="nowrap" align="right">Password:</td>
<td><input type="text" name="password" value="" size="32" /></td>
</tr>
<tr valign="baseline">
<td nowrap="nowrap" align="right">Email:</td>
<td><input type="text" name="email" value="" size="32" /></td>
</tr>
<tr valign="baseline">
<td nowrap="nowrap" align="right">Paypal:</td>
<td><input type="text" name="paypal" value="" size="32" /></td>
</tr>
<tr valign="baseline">
<td nowrap="nowrap" align="right"> </td>
<td><input type="submit" value="Register!" /></td>
</tr>
</table>
<input type="hidden" name="MM_insert" value="form1" />
</form>
<p> </p>
</div>
<?php include ('sidebar.php'); ?>
</div>
<?php include ('footer.php'); ?>
That's my original working code. I get a lot of spam registrations, so I'm looking to add this:
PHP Code:
<?php
require_once('recaptchalib.php');
$publickey = ""; // you got this from the signup page
echo recaptcha_get_html($publickey);
}
?>
$privatekey = "";
$resp = recaptcha_check_answer ($privatekey,
$_SERVER["REMOTE_ADDR"],
$_POST["recaptcha_challenge_field"],
$_POST["recaptcha_response_field"]);
if (!$resp->is_valid) {
// What happens when the CAPTCHA was entered incorrectly
die ("The reCAPTCHA wasn't entered correctly. Go back and try it again." .
"(reCAPTCHA said: " . $resp->error . ")");
} else {
// Your code here to handle a successful verification
The problem is where to put it. I tried the reCaptcha forum and got no response. I know my register form is ba-sic, but it works. I wouldn't mind help upgrading it and maybe making it a bit more secure, but the main goal is the captcha.
For my login, I have this:
PHP Code:
<?php require_once('Connections/test.php'); ?>
<?php
if (!function_exists("GetSQLValueString")) {
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "")
{
if (PHP_VERSION < 6) {
$theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;
}
$theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);
switch ($theType) {
case "text":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "long":
case "int":
$theValue = ($theValue != "") ? intval($theValue) : "NULL";
break;
case "double":
$theValue = ($theValue != "") ? doubleval($theValue) : "NULL";
break;
case "date":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "defined":
$theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
break;
}
return $theValue;
}
}
?>
<?php
// *** Validate request to login to this site.
if (!isset($_SESSION)) {
session_start();
}
$loginFormAction = $_SERVER['PHP_SELF'];
if (isset($_GET['accesscheck'])) {
$_SESSION['PrevUrl'] = $_GET['accesscheck'];
}
if (isset($_POST['username'])) {
$loginUsername=$_POST['username'];
$password=$_POST['password'];
$MM_fldUserAuthorization = "";
$MM_redirectLoginSuccess = "welcome.php";
$MM_redirectLoginFailed = "login.php";
$MM_redirecttoReferrer = false;
mysql_select_db($database_test, $test);
$LoginRS__query=sprintf("SELECT username, password FROM `user` WHERE username=%s AND password=%s",
GetSQLValueString($loginUsername, "text"), GetSQLValueString($password, "text"));
$LoginRS = mysql_query($LoginRS__query, $test) or die(mysql_error());
$loginFoundUser = mysql_num_rows($LoginRS);
if ($loginFoundUser) {
$loginStrGroup = "";
//declare two session variables and assign them
$_SESSION['MM_Username'] = $loginUsername;
$_SESSION['MM_UserGroup'] = $loginStrGroup;
if (isset($_SESSION['PrevUrl']) && false) {
$MM_redirectLoginSuccess = $_SESSION['PrevUrl'];
}
header("Location: " . $MM_redirectLoginSuccess );
}
else {
header("Location: ". $MM_redirectLoginFailed );
}
}
?>
<?php include ('header.php'); ?>
<div id="content">
<div id="contentleft">
<p><form action="<?php echo $loginFormAction; ?>" method="POST">
<p>
<label>
<input type="text" name="username" id="textfield" />
</label>
username</p>
<p>
<label>
<input type="password" name="password" id="textfield2" />
</label>
password</p>
<p>
<label>
<input type="submit" name="button" id="button" value="Submit" />
</label>
</p>
</form></p>
</div>
<?php include ('sidebar.php'); ?>
</div>
<?php include ('footer.php'); ?>
Again, I just would like to start with adding the captcha.
The reason the pages are impeccably basic is that they were hastily thrown together for a school project last year and this year I'm hoping that with some upgrading that project site will be improved and not so bad on some of the elements it was sorely lacking - stuff that wasn't required at the time that I've learned about since. I'm just not sure where to put stuff in my own code - the instructions were pretty vague.
|
04-02-2012, 05:38 PM
|
 |
Contributing Member
|
|
Join Date: 02-19-12
Posts: 71
|
|
|
reCaptcha gives a zip file to upload directly, with a minimal script to insert in the login/registration form and a php function to call the command button you are using.
Can you list me files you've got from reCaptcha pleasE ?
__________________
Work From Home and Get Hired Online !
Blog : Blog.TickaGeek.com
|
04-02-2012, 07:42 PM
|
|
Contributing Member
Latest Blog:
None
|
|
Join Date: 03-20-11
Posts: 65
|
|
|
I actually never found a zip file. I guess I missed that somewhere in the instructions. I've never fussed with captchas - never even discussed in my classes - so I'm pretty much lost with this.
|
04-03-2012, 02:36 AM
|
 |
Contributing Member
|
|
Join Date: 07-05-11
Location: philippines
Posts: 312
|
|
|
|
04-04-2012, 10:29 AM
|
|
Contributing Member
Latest Blog:
None
|
|
Join Date: 03-20-11
Posts: 65
|
|
|
I followed the instructions I could find. It's ended up being quite confusing.
|
|
Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
|
|
|
| Thread Tools |
|
|
| Display Modes |
 Linear Mode
|
Posting Rules
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
HTML code is Off
|
|
|
All times are GMT -7. The time now is 10:53 AM.
Powered by vBulletin Copyright © 2000-2013 Jelsoft Enterprises Limited.
Copyright © 2003 - 2013 Escalate Media LP
|
|
|
