1. Home
  2. Forums Index
  3. Server Side / PHP Server Side Scripting 3:47 am May 2, 2026

Forum Moderators: coopster

Message Too Old, No Replies

Captcha integration question (with form)

         

topsites

10:17 am on Jan 4, 2006 (gmt 0)



I have a Captcha script (random image password verifier) I am trying to incorporate into another script, but it's just not working.

[mod edit: Wants to combine captcha and link check forms]

So that when someone enters the link to check, they then also enter the code, and click submit...

[edited by: ergophobe at 5:09 pm (utc) on Jan. 4, 2006]
[edit reason] Personal and commercial URLs snipped [/edit]

ergophobe

5:12 pm on Jan 4, 2006 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month



It should be fairly simple.

1. Combine the captcha enter field and the link check field in one form with one submit button.
2. Do your captcha check
3. if it succeeds, pass off to the link checker script.

topsites

6:46 pm on Jan 4, 2006 (gmt 0)



And just how would I do that?

topsites

2:25 am on Jan 5, 2006 (gmt 0)



Here is my problem in a nutshell:

<?
session_start();

if(!empty($_SESSION['captcha_word']) &&!empty($_POST['word']))
{
if($_POST['word']==$_SESSION['captcha_word'])
{
// process form and then:
header("Location=somewhere.php");

<<<< rest of code >>>>

This basic implementation works, but then what's to stop someone from simply typing somewhere.php directly in their browser for future sessions?
Btw, the linkchecker is NOT session-enabled, apparently the mere addition of 'session_start();' at the top of the linkchecker script crashes the whole thing... It doesn't work at this point, but also:
I have thought of passing along a unique password but it does not appear possible to pass along variable information via the header:Location command unless I make said information visible in the browser's url-line, thus defeating the purpose.

........
The script is relatively short, and I did try to squeeeeeeze the relevant parts around the linkchecker's code as follows:

define all variables and functions.
captcha code blablabla
captcha IF
Condition YES

<<<<< all the relevant linkchecker code here>>>>

Condition NO
Stop.

... but the session_start command ruins everything, with or without it, nothing works.

While it runs unprotected and it is recursive, the script runs wide open ... Hence why I'd like to fix it, slow things down a bit LOL.

coopster

9:05 pm on Jan 5, 2006 (gmt 0)

WebmasterWorld Administrator 10+ Year Member




This basic implementation works, but then what's to stop someone from simply typing somewhere.php directly in their browser for future sessions?

Nothing. Unless you have an edit in the very beginning of that script to confirm that the $_POST variable where they keyed the Captcha word in has been set by you. Does that make sense? So, when they key in the Captcha word in the form, store not only the Captcha word that you generated, but also the one that they entered or maybe even a simple boolean (true/false) variable that lets you know that your user has already been to the "Captcha" page and keyed in the value correctly.

 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

  1. Home
  2. Forums Index
  3. Server Side / PHP Server Side Scripting 3:47 am May 2, 2026