I recenlty had a site designed for me, but my dev used a really crappy generic captcha that fails half the time. I'm trying to replace it using a recaptcha, but I'm having trouble. I cannot figure out which *.php is used for 'processing' and which is used for the 'form'.
I didn't want to post the whole code, so here it is:
This is the 'form' page, as it has the form fields and etc embedded:
http://dl.dropbox.com/u/45666699/formcode.txt
Can someone please take a look at this code and tell me where I should put the private code for recaptcha? Also, how do I disable the "random_number" captcha that is already installed? Thanks!
the code for your existing captcha is on line 295, 296 and 297
require_once('recaptchalib.php');
$publickey = "6LfIUdISAAAAAKguxgdPCjZ6-OkVeu5tmcBaa7ug"; // you got this from the signup page
echo recaptcha_get_html($publickey);
Well you'll need the private key when you're trying to validate that the correct captch was entered (i.e. at the point where you're handling the form submission)
Which by looking at your code should start immediately after line 4
Using a project i did a while back, you would have something like so...
$recaptcha_error = NULL;
//set it to NULL initially
if(isset($_POST["btnsend"])){
include_once(INCLUDES_FOLDER."recaptcha-php-1.11/recaptchalib.php");
$resp = recaptcha_check_answer(RECAPTCHA_PRIVATE_KEY,$_SERVER["REMOTE_ADDR"],$_POST["recaptcha_challenge_field"],$_POST["recaptcha_response_field"]);
if($resp->is_valid){
//captch was gotten correctly
//continue with your normal code processing here
} else {
//wrong input -- captch was invalid -- give the person the error response
//mine is as below -- my usual way :)
$response = array(array("Something seems to be wrong with the captcha!","Please check that you entered it correctly or check the returned error message"),false,"w");
$recaptcha_error = $resp->error;
//make sure to do the above so u can use it when generating the captcha display
}
}
//You got the recaptch error (or left it as NULL above so you could do this)
//when generating your captch display as done on your lines 295, 296, 297
include_once(INCLUDES_FOLDER."recaptcha-php-1.11/recaptchalib.php");
echo recaptcha_get_html(RECAPTCHA_PUBLIC_KEY,$recaptcha_error);
Hope this helps (even if a little) :)
Cheers
Related
I have this piece of code in PHP web app.
if (isset($require_admin) && $require_admin) {
if(!check_admin()) {
$toolContent_ErrorExists = $langCheckAdmin;
$errorMessagePath = "../../";
}
}
The normal behavior is that if the variable $require_admin is set and true,the code will check if the visit is by the admin.
I try to add a similar piece of code some lines below so as to make other things like checking for cross-origin(especially CSRF) requests.
if (isset($require_token) && $require_token) {
if( !checkToken( $mycsrf_token, $myform)) {
$toolContent_ErrorExists = $langCheckToken;
$errorMessagePath = "../../";
}
}
I had in mind that in this way i will have a check that the posted forms I get are valid and if no,there would be an error message.
However,when $require_token is set and true,and the condition is verified i have a very strange result.Not only nothing happens for the csrf validation,but the above function stops working properly and admin restriction stops to work.
I know the question maybe is ambiguous but I cannot get what's going on there.I'm not so experienced on web programming and totally new in PHP so maybe someone could have a better idea!
I am trying to make a webapp using php. In that app i need to create Batch, Batch Subject etc. I have complited major part of this app. Althou it is working but i am geting an error notice like:
Notice: Undefined index: currentBatchId in C:\wamp64\www\sp\addBatchSubject.php on line 4
I have passed a batch Id from "batchview.php" page to add a batch subject using this code:
Add Subject
By using the below code:
$currentBatchId=$_GET['currentBatchId'];
I can receive that value and can show in this page with out any problem. But while i want to add some data to the database using this code:
if(isset($_POST['add']))
While i press [add} button it generate the error Notice, but data inserted to the database successfully. Now i want to remove the error.
What is the wrong? while data insert code is posting the data to the database, Is the $_GET try to get another value ?
NB: $_GET & $_POST are in the same page.
If I'm following you right I think you need to switch the order of your code around..
<?php
if(isset($_POST['add'])) {
// handle adding new
// make sure to header("Location: xxx.php"); to remove post data
exit(); // because we don't need to continue
}
if(isset($_GET['currentBatchId'])) {
$currentBatchId=$_GET['currentBatchId'];
}
// then maybe you also need to handle the no post / get request
if(!isset($_POST['add']) && !isset($_GET['currentBatchId'])) {
// handle this case
// maybe header("Location: blah.php");
// maybe exit(); here too because we don't have enough information to render the page
}
Hope that makes sense
This question already has answers here:
Closed 10 years ago.
Possible Duplicate:
Headers already sent by PHP
I'm having some difficulty with my php coding.
I have 3 files, add.php, lib.php, and view.php
I created a simple form, and when the user clicks submit, it should direct them to the view.php where it will display the database. Now I'm having a couple issues I can't seem to resolve.
when the user clicks submit and the fields are blank or there is an error no entry should be made into the view page (or database)...however when I click submit a blank entry is made into the database. ALSO if i click "enter product" from the top menu bar anytime I click it, it causes a blank entry into the database. I can't figure out why that's happening.
My next issue is with the header('Location')
and my browser says:
"Warning: Cannot modify header information - headers already sent by (output started at lib.php:13) in add.php on line 16"
However if I click submit on my form it goes away.
Here is the code for the pages:
I truly apologize if the code is really messy.
Any help / advice / solution is greatly appreciated thank you.
And yes this was an assignment---it was due last week but since I couldn't finish it, it's not worth any marks anymore.
Your if statement if (empty($_POST)){ will always fail and the else will run, thus the empty db entries.
$_POST will always have something in it, even for empty text inputs. Each key will be set to an empty string.
To test for whether you should save data or not you'll need to validate all required form fields. Your code will probably look something like this. This is by no means complete or secure, but it'll point you in the right direction.
<?php
// store validation rules for required fields
$requiredFields = array(...);
// Store all validation errors here.
$errors = array();
foreach($requiredFields as $key=>$rule) {
if(empty($_POST[$key])) {
$errors[$key] = true;
}
else {
// you can perform more validation work on the value here.
}
}
if(count($errors) > 0) {
// form submit failure.
}
else {
// form submit success, save to db
}
You are sending output before setting the header, thus the specified headers are not sent.
I am relatively new to CodeIgniter, so I'm not sure if this is just bad coding, or if it is a problem with how I'm using CodeIgniter's flash data. For context: the user submits a phrase in a simple HTML form. The phrase is compared against what should be typed in (pretty simple, right?). This correct phrase changes based upon what step in the activity they are on. When they get the text wrong, I am attempting to use flashdata to show the error message. Here are the controller portions, followed by the view:
//Get step number
$step = $this->input->post('step');
$correct_text = array(
1 => 'TESTPHRASE',...
...
//If user enters the correct text
$entered_text = strtoupper($this->input->post('entered_text'));
if ($entered_text == $correct_text[$step])
{
...
}
//If user enters the incorrect text
else
{
$data['step'] = $step;
$this->session->set_flashdata('entry_error', '<b>Sorry!</b>Your entry was incorrect. Be sure to carefully read the instructions!');
$this->load->view('template', $data);
}
Here is the view that only runs every other time.
<?php
if ($this->session->flashdata('entry_error'))
{ ?>
<div id="game_error">
<?php echo $this->session->flashdata('entry_error'); ?>
</div>
<?php } ?>
From the docs: CodeIgniter supports "flashdata", or session data that will only be available for the next server request, and are then automatically cleared.
You are setting the flashdata and then trying to access it during the same request. It's not available until the next request which is why it seems like it's only working every other time.
Hello guys i am newbie to this stuff so i'll try to explain my problem.I am building application that retrieve data after login to php script that looks like this:
https://zamger.etf.unsa.ba/getrssid.php
(see the page source for php scirpt definition)
and definition(source) here:
Korisničko ime (UID):
Šifra:
After i login it shows me data that i must collect like this:
RSSID: 1321B312 (this is only data that it shows and nothing else)
I must do this with httpwebrequest but don't know how i tried to do it with POST(data) but it always give me the defnition of php script as response.But i need response to be like "RSSID: 1321B312" not as script definition mentioned above...please heeelp ASAP....
Define a form action to begin. So if the same page, getrssid.php, will be processing the form, use:
<form action="getrssid.php" method="POST">
After that, you must code getrssid.php to accept the incoming data via POST. POST data is stored in the PHP variables $_POST['inputname']. So if you have the input name as "login", the value entered will be stored in $_POST['login']. Same thing applies for the password.
So, here's a sample of what a basic POST data handling script should look like. Note that this script does not verify the login credentials, sanitize the inputs, or anything of the sort. It is just to show you how to handle POST DATA.
<?php
if (isset($_POST['login']) && isset($_POST['pass'])){
// Form is submitted.
echo 'RSSID: 1321B312';
} else {
// Form is not submitted.
// Display Form.
echo 'Form HTML here';
}
?>
If you are really server conscious, you should put the if ... else statement in the opposite order so the most likely outcome (form not submitted) is evaluated first.
Merry Christmas!