| A More Secure Online Form 1 |
|---|
|
Most online forms written with php have no form of validation, which results in them being spammed through with ease. This form uses a validation image and checks the input before it will accept the input Captchas are images with text written over them, that you need to enter on a form before you can continue. You will need:
|
| Here is an example form |
<?php
// **************************************************************************************
// ***** An example form that uses a captcha routine & cookies to validate a form *****
// ***** *****
// ***** requires "Captcha.php" *****
// ***** *****
// ***** Last Updated: 24 November 2005 *****
// **************************************************************************************
ini_set('session.save_path', "../");
ini_set('session.name', "PHPSESSID");
ob_start();
session_start();
// ***** Set some variables *****
$Token = "$_SESSION[Token]";
$Action = $_POST['Action'];
$Name = $_POST['Name'];
$EmailAddress = $_POST['EmailAddress'];
$Comment = $_POST['Comment'];
// ***** Make sure that captcha routine exists *****
if (!file_exists('Captcha.php')) {
echo "Error: Cannot find Captcha.php. Quitting...";
exit;
}
// ***** Check if form was been submitted *****
if ($Action != "submitted") {
// ***** NO - Show the form *****
$ErrorMessage = "Please complete the form below<br>\n";
ShowForm($ErrorMessage, $Action, $Name, $EmailAddress, $Comment);
} else {
$Status = "";
// ***** Validate the email address *****
$EmailAddress = ValidateEmailAddress($EmailAddress);
if ($EmailAddress == FALSE){
$ErrorMessage = "ERROR: Please enter a valid email address<br>\n";
}
$Name = nl2br(htmlspecialchars(stripslashes($Name)));
$Comment = nl2br(htmlspecialchars(stripslashes($Comment)));
// ***** Check the Token against the form *****
if ($Token != $Captcha) {
$ErrorMessage .= "ERROR: Please enter the code below exactly as written on screen<br>\n";
$Error = 1;
}
// ***** Was there an error? *****
if ($Error == 1) {
// ***** Yes. Show the error & form *****
ShowForm($ErrorMessage, $Action, $Name, $EmailAddress, $Comment);
exit;
} else {
// ***** No. Send the details in a mail *****
echo "Name: $Name<br>\n";
echo "EmailAddress: $EmailAddress<br>\n";
echo "Comment: $Comment<br>\n";
}
exit;
}
ob_end_flush();
// **************************************************************************************
// ***** Function List *****
// **************************************************************************************
function ShowForm($ErrorMessage, $Action, $Name, $EmailAddress, $Comment){
// ***** Generate the text *****
?>
<html>
<head>
<title>:: Example Captcha Form ::</title>
<style type="text/css">
<!--
.red { font-family: Verdana, sans-serif; font-size: 11px; text-align: left; color: #BB0000;
font-weight: bold;}
body { font-family: Verdana, sans-serif; font-size: 11px; text-align: center;}
td { font-family: Verdana, sans-serif; font-size: 11px;}
.header {font-family: Verdana, sans-serif; font-size: 16px; text-align: center; color: #FFFF
FF; font-weight: bold; }
.textbox { width: 200px; }
-->
</style>
</head>
<body>
<form name="captcha" method="post" value="<?php echo $_SERVER['PHP_SELF'];?>">
<input type="hidden" name="Action" value="submitted">
<table width="500" cellpadding="0" cellspacing="0" border="0">
<tr bgcolor="#006699">
<td width="500" colspan="2" valign="top" align="center"><span class="header">Example f
orm</span></td>
</tr>
<tr bgcolor="#FFF7E9">
<td width="500" colspan="2" valign="top"><span class="red"><?php echo "$ErrorMessage";
?></span></td>
</tr>
<tr bgcolor="#FFF1DB">
<td width="300" valign="top">Name: </td>
<td width="200" valign="top"><input type="text" name="Name" value="<?php echo "$Name";
?>" class="textbox"></td>
</tr>
<tr bgcolor="#FFF1DB">
<td width="300" valign="top">Email: </td>
<td width="200" valign="top"><input type="text" name="EmailAddress" value="<?php echo
"$EmailAddress";?>" class="textbox"></td>
</tr>
<tr bgcolor="#FFF1DB">
<td width="300" valign="top">Comment: </td>
<td width="200" valign="top"><textarea name="Comment" rows="10" class="textbox"><?php
echo "$Comment";?></textarea></td>
</tr>
<tr bgcolor="#FFF7E9">
<td width="500" colspan="2" valign="top">Please enter the code below into the box next
to it. Please note that the characters must be typed <i>exactly</i> as written</td>
</tr>
<tr bgcolor="#FFF7E9">
<td width="300" valign="top"><img src="Captcha.php"></td>
<td width="300" valign="top"><input type="text" name="Captcha" value="" class="textbox
"></td>
</tr>
<tr bgcolor="#FFF7E9">
<td width="500" colspan="2" valign="top"> </td>
</tr>
<tr bgcolor="#FFF1DB">
<td width="300" valign="top"></td>
<td width="200" valign="top"><input type="submit" value="Submit" class="textbox"></td>
</tr>
</table>
</form>
</body>
</html>
<?php
}
// ***** Validate an email address *****
function ValidateEmailAddress($EmailAddress){
$EmailAddress = strtolower(trim($EmailAddress));
if (!eregi("^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$", $EmailAd
dress)){
return FALSE;
} else {
return $EmailAddress;
}
}
?>
|
| |
| Filename: Captcha.php |
<?php
// **************************************************************************************
// ***** Example phpMail security checks *****
// ***** *****
// ***** Call this with <img src="captcha.php"> *****
// ***** *****
// ***** Last Updated: 24 November 2005 *****
// **************************************************************************************
ini_set('session.save_path', "../");
ini_set('session.name', "PHPSESSID");
session_start();
// **************************************************************************************
// ***** User-configurable settings *****
// **************************************************************************************
// ***** Background image *****
$BGImage = "button.png";
// ***** Font Colours (hexadecimal) *****
$TextCol = "88BBCC";
$ShadowCol = "CCCCCC";
$DropShadow = TRUE;
// ***** TTF Font to use *****
$Font = "/RAVIE.TTF";
// **************************************************************************************
// ***** Do not edit anything below this line *****
// **************************************************************************************
// ***** Generate Token *****
$salt = 'ABCDEFGHJKLMNPQRSTUXYZabchefghjkmnpqrstuvwxyz23456789';
$Token = "";
srand((double)microtime()*1000000);
for ($i=0; $i < 8; $i++){
$num = rand() % strlen($salt);
$Token .= substr($salt, $num, 1);
}
$_SESSION[Token] = $Token;
// ***** Generate Image *****
header("Content-type: image/png");
$im = @imagecreatefrompng($BGImage);
// ***** Font colours (RGB - 0xRR, 0xGG, 0xBB) *****
$Font = getcwd()."/".$Font;
$TextColour = imagecolorallocate($im, hexdec(substr($TextCol,0,2)), hexdec(substr($TextCol,2,
2)), hexdec(substr($TextCol,4,2)));
$ShadowColour = imagecolorallocate($im, hexdec(substr($ShadowCol,0,2)), hexdec(substr($ShadowCo
l,2,2)), hexdec(substr($ShadowCol,4,2)));
// ***** Get image width and height *****
$BGWidth = imagesx($im);
$BGHeight = imagesy($im);
$bbox = imagettfbbox (16, 0, $Font, $Token);
$TokenWidth = $bbox[2] - $bbox[0];
$TokenHeight = $bbox[1] - $bbox[7];
$StartX = ($BGWidth - $TokenWidth)/2;
$StartY = (($BGHeight - $TokenHeight)/2)+($TokenHeight-5);
if ($DropShadow == TRUE) {
imagettftext($im, 16, 0, $StartX+2, $StartY+2, $ShadowColour, $Font, $Token);
}
imagettftext($im, 16, 0, $StartX, $StartY, $TextColour, $Font, $Token);
imagepng($im);
imagedestroy($im);
ob_end_flush();
?>
|
| Back |