0

The issue I am having is the form submits data to a payment processing company.

the captcha I implemented is located here: http://www.php-help.ro/examples/math_captcha_image for this to work the form most submit to self or to a php page that I have access to instead here is the form code:

<form action="https://secure.bluepay.com/interfaces/bp10emu" method=POST>

      <input type=hidden name=MERCHANT value="100105032970">
      <tr><td>Zipcode:</td><td><input type=text name=ZIPCODE></td></tr>
      <tr><td>Phone:</td><td><input type=text name=PHONE></td></tr>
      <tr><td>Email:</td><td><input type=text name=EMAIL></td></tr>
      <tr><td>Captcha:</td><td>    <input type="text" name="secure" value="what's the result?" onClick="this.value=''" /><br><br>
      <img src="image.php" alt="Click to reload image" title="Click to reload image" id="captcha" onClick="javascript:reloadCaptcha()" />
      </td></tr>
      <tr><td colspan=2><input type=SUBMIT value="Pay Now"></td></tr>

    </table>
    </form>

the script works perfectly when implentated on a form that submits to self. but since its posting to bluepay.com I am not sure on how to get it to verify captcha BEFORE submitting. any ideas?

cppit
  • 4,478
  • 11
  • 43
  • 68
  • Not possible because you are sending the form data to a external website. You may have to change the logic and try using `cURL`. – Muthu Kumaran Nov 08 '12 at 05:28
  • not very familiar with submitting a form using cURL.how about ajax ?I was thinking about having it verify captcha using ajax and if its good...then submit the form ? – cppit Nov 08 '12 at 05:31
  • You could separate your captcha into a separate form and then if the captcha is correct display a form with these other fields. – Korikulum Nov 08 '12 at 05:32
  • @fogsy Wouldn't work if JavaScript was disabled. – Korikulum Nov 08 '12 at 05:33
  • @Korikulum yeah.lets say javascript is 100% working.since most of what im building is with ajax. – cppit Nov 08 '12 at 05:34
  • @fogsy The thing is, the hole point of captcha is to ensure that the form is submitted by a human, I'm not sure if automated software would pay any attention to JavaScript. – Korikulum Nov 08 '12 at 05:38
  • Validating Captcha using Ajax is not a good idea here because there are many loop holes. Disabling the javascript will allow the form to submit without validting the captcha. – Muthu Kumaran Nov 08 '12 at 05:44
  • You can try this: http://captchas.net/sample/php/ . – Abrar Jahin Nov 21 '14 at 02:13

3 Answers3

1

You can make another page for your form to be submitted to, where you verify the captcha, and then from there redirect to the payment gateway.

PHP Redirect with POST data

OR

you can try using cURL - POST data to a URL in PHP

Community
  • 1
  • 1
Malitta N
  • 3,384
  • 22
  • 30
1

Method 1: Use JavaScript

Since you are going to submit it to another application, it would be better to check with JavaScript for the correctness. So, you can just fire an AJAX Event using jQuery to check if the given answer is correct by passing the CAPTCHA User Input value to the page that performs the check. If it is correct, then submit the form.

Consider this code:

<?php
    if ($_POST["captcha"] == $_SESSION["captcha"])
        die ("OK");
    else
        die ("No");
?>

And in the JavaScript, you can use jQuery's $.post() function this way:

$("form").submit(function(){
    $.post({
        url: 'check.php',
        data: $("input[name='captcha']").val(),
        success: function(data) {
            if (data == "OK")
                return true;
            else
                alert("CAPTCHA Fail!");
            return false;
        }
    });
});

Method 2: Use cURL

You can use a function like this:

function post_to_url($url, $data) {
   $fields = '';
   foreach($data as $key => $value) { 
      $fields .= $key . '=' . $value . '&'; 
   }
   rtrim($fields, '&');

   $post = curl_init();

   curl_setopt($post, CURLOPT_URL, $url);
   curl_setopt($post, CURLOPT_POST, count($data));
   curl_setopt($post, CURLOPT_POSTFIELDS, $fields);
   curl_setopt($post, CURLOPT_RETURNTRANSFER, 1);

   $result = curl_exec($post);

   curl_close($post);
}

Check the CAPTCHA and then process the form.

Praveen Kumar Purushothaman
  • 164,888
  • 24
  • 203
  • 252
  • 1
    Method 1 has many loops holes. Because form is submitted to external application so we have don't any control over the application. For example, disabling the Javascript will allow the form to submit without validating the captcha – Muthu Kumaran Nov 08 '12 at 05:42
  • 1
    I'm not sure that the AJAX method would be any real protection from automated software. – Korikulum Nov 08 '12 at 05:43
  • @PraveenKumar Exactly what I was thinking about didnt know how to put it in code many thanks – cppit Nov 08 '12 at 06:23
  • @PraveenKumar hey Praveen, it submits the form eitherway : http://spoa.com/pages/payment.php ... its not working unfortunately – cppit Nov 08 '12 at 06:40
  • Method 1... its on that url I showed you. it submits to check.php with the code, I changed the name of the session since its security_number instead of captcha... you can test that link you will see it will submit the form even if captcha is not correct – cppit Nov 08 '12 at 06:47
  • let us [continue this discussion in chat](http://chat.stackoverflow.com/rooms/19258/discussion-between-praveen-kumar-and-fogsy) – Praveen Kumar Purushothaman Nov 08 '12 at 06:47
0
$("form").submit(function(){
    $.post({
        url: 'check.php',
        data: $("input[name='captcha']").val(),
        success: function(data) {
            if (data == "OK")
                return true;
            else
                alert("CAPTCHA Fail!");
            return false;
        }
    });
});
Suhel Kika
  • 1