Forum Moderators: coopster
I have a couple of php forms on my website. I am trying to secure them from spam robots.
PHP Form #1:
<form name="form1" method="post" action="required.php">
As you can see, this form posts to a 2nd page which submits the information to my database. The 2nd page also emails me the information submitted. When I tried some of the captcha examples I found on the Internet, I couldn't get them to work, as the captcha code also needed to occur on the 2nd page. By putting the captcha code on the second page, the message "you did not enter the correct code" and code did nothing to stop page 2 from submitting the information to my database and email. I got the error message, but the information was submitted anyway. I need some kind of captcha example that stops the form from submitting on the 1st page, and does not need a second page to do it.
PHP Form #2:
<form method="post" action="<?php print $_SELF;?>">
This is an email form that refers to a 2nd php page to add a message to the page when the form is submitted (Your information has been sent....).
I would greatly appreciate any suggestions as to how to secure these forms. Where might I find some examples how this should be done? Is this done with captcha, or is there a better way?
Thank you.
When you call this <?php print $_SELF;?> '2nd php page', what do you mean? Your form is currently submitting to the same page.
Keeping this in mind, can you tell us what is the problem you are facing with captcha?
And remember if you validate it once, there is probably no reason to do it again on the following pages. You can hide and carry the value, or pass any hidden value to confirm that the user has valid captch codes.
Habtom
[edited by: Habtom at 7:11 am (utc) on Oct. 9, 2007]
Sorry I wasn't clear. I hope this explains it.
When I tried to add a captcha script to my first form (#1), the captcha scripts that I found required that the main part of the captcha code be placed on a second page which was called after the SUBMIT button was clicked on the first page. Since I also need my second page for my form to work to upload the information to my database, I added the captcha second page information to my second page information. That didn't work because though captcha displayed an error message when incorrect, the rest of my second page posted the information to my database and emailed the results anyway. The problem was I had 2 pages for my form to run correctly, and the captcha examples I found also had 2 pages.
-------
You are correct, the second form (#2) posts to self, but refers to a second php page for the displayed message. The second php page is
<?php
print "Hello, ";
print $_POST['name'];
print "!";
print " Your message has been sent.";
?>
The message is added to the first page after the SUBMIT button is clicked.
-------
I am still at a loss as to how to protect my forms.
How would I use Boutell's script when my own form requires 2 pages to process?
<form name="form1" method="post" action="required.php">
General suggestion I can give you according to my understanding of your problem is,
1 - do not try to use the same captcha value on both forms if both forms are different. Instead, use two different captchas. Store captcha value in session array. on displaying second form clear the first captcha from session and store second and proceed.
2 - try to make your own captcha script. it is very easy. google for php captcha tutorial. you might find a very easy one on tutorialzed website.
