0

I made captcha by this [tutorial][1],

[1]: http://codechirps.com/how-to-add-a-completely-custom-captcha-to-any-web-form/ but it seems to me it doesn't complete. I made code but i can send email even if i put wrong answer. I feel that i have to write extra code in php file but i don't know where. Any help greatly appriciated

<div class="modal-body">
                <form class="contact" name="contact">
                    <label class="label" for="name">Имя</label><br>
                    <input type="text" name="name" class="input-xlarge"><br>
                    <label class="label" for="email">E-mail</label><br>
                    <input type="email" name="email" class="input-xlarge"><br>
                    <label class="label" for="message">Сообщение</label><br>
                    <textarea name="message" class="input-xlarge"></textarea>
                </form>
            </div>
            <div class="modal-footer">
                        <p>2 + 3 =</p>
                        <input type="text" name="captcha" />
                <input class="btn btn-warning" type="submit" value="Отправить" id="submit">
                <a href="#" class="btn btn-danger" data-dismiss="modal">Закрыть</a>


<?php
$myemail = '';
if (isset($_POST['name'])) {
$name = strip_tags($_POST['name']);
$email = strip_tags($_POST['email']);
$message = strip_tags($_POST['message']);
$captcha = check_input($_POST['captcha']);
echo "<span class=\"alert alert-success\" >Сообщение отправлено</span><br><br>";

if (!preg_match("/5/", $captcha))
{
show_error("Check your math, Dude");
}


$to = $myemail;
$email_subject = "Contact form submission: $name";
$email_body = "You have received a new message. ".
" Here are the details:\n Name: $name \n ".
"Email: $email\n Message \n $message";
$headers = "From: $myemail\n";
$headers .= "Reply-To: $email";
mail($to,$email_subject,$email_body,$headers);
}?>
Lucky
  • 335
  • 1
  • 7
  • 23
  • 1
    Well that is because you don't validate the `email` field. And for the captcha.. what does the function `check_input` do? And also, your field for captcha is outside the form. – putvande Sep 01 '13 at 16:45
  • Putvande, thank you for answer. Tell me, please, if possible what i need to do for to validate email field? i made it by tutorial and think that check_input check for captcha field – Lucky Sep 01 '13 at 16:49
  • 1
    Easiest way in PHP to check the email is to do something like `filter_var($_POST['email'], FILTER_VALIDATE_EMAIL)` – jdepypere Sep 01 '13 at 16:50
  • Please, tell me, where i need to put this in my php file – Lucky Sep 01 '13 at 16:52

1 Answers1

1

Okay, so you need to check the values of your inputs to see if they are valid. If not, you display an error and the mail doesn't get sent. If all the checks pass, the maildoes get sent. So you need to check the $_POST['email'] and the $_POST['captcha'] field (and if you want to, check if the rest isn't empty or whatever).

In php, you can do this like this:

$myemail = "";
if(isset($_POST['name'])){ // check if a form is submitted
    if(empty(trim($_POST['name'])) || empty(trim($_POST['message'])) || empty(trim($_POST['email'])) || empty(trim($_POST['captcha'])) ){ // check if values are not empty
        echo "Please fill in all the required fields.";
    }else if(!filter_var($_POST['email'], FILTER_VALIDATE_EMAIL)){ // check email
        echo "Please give a real e-mail address.";
    }else if(!preg_match("/5/", $_POST['captcha'])){ // the code provided by your script
        echo "Get your math right, dude!";
    }else{ // all fields seem to be ok
        // sanitize input using htmlspecialchars(), see http://stackoverflow.com/a/5788361/1319187
        $name = htmlspecialchars($_POST['email']);
        $email = $_POST['email']; // email doesn't need to be sanitized since it's been filtered
        $message = htmlspecialchars($_POST['message']);

        //Send the mail
        $to = $myemail;
        $email_subject = "Contact form submission: $name";
        $email_body = "You have received a new message. ".
            " Here are the details:\n Name: $name \n ".
            "Email: $email\n Message \n $message";
        $headers = "From: $myemail\n";
        $headers .= "Reply-To: $email";
        if(mail($to,$email_subject,$email_body,$headers)){
            echo "Succes! Your mail has been sent!";
        }else{
            echo "Something went wrong with the sending of a mail.";
        }
    }
}

Should be rather straightforward, you can google some functions if you don't know what they do.

I also have no idea where check_input() comes from. It's not a native PHP function, and the link you provided doesn't show what it does. Also, the regex to check whether the value of the captcha is 5 is a bit stupid, you could just check $_POST['captcha'] == '5'. Also keep in mind you have to randomize these values a bit.

jdepypere
  • 3,453
  • 6
  • 54
  • 84
  • Arbitter, thank you for answer! I just added this code to my php. But i see the errors, where i did mistake. I know php just a little , i am sorry, could you provide the whole code? I put your code after echo "Сообщение отправлено

    ";     – Lucky Sep 01 '13 at 17:19
  • Replace all your php with this php. You might need to put the `` in the required locations for styling. – jdepypere Sep 01 '13 at 17:39
  • Oh, i see Fatal error: Can't use function return value in write context on line 4. What i did wrong? I put this code just below the line $myemail = ""; Line 4 if(empty(trim($_POST['name'])) || empty(trim($_POST['message'])) || empty(trim($_POST['email'])) || empty(trim($_POST['captcha'])) ){ // check if values are not empty – Lucky Sep 01 '13 at 17:51
  • 1
    Try removing the `trim(` and it's closing bracket everywhere. Also, I see that you have no method set to your form. Make it `POST` by setting `
    `. Didn't test the code so it's possible that there are a few errors.
     – jdepypere Sep 01 '13 at 18:09