Hi i used a basic captcha script as below . The problem i am facing is that , inspite of wrong captcha value, the form is submitted . I need to prevent the form from submission if the value of Captcha is entered wrong .
<?php
if(isset($_POST['submit']))
{
$hash = (!empty($_POST['hash'])) ? preg_replace('/[\W]/i', '', trim($_POST['hash'])) : ''; // Remove any non alphanumeric characters to prevent exploit attempts
$captchacode = (!empty($_POST['captchacode'])) ? preg_replace('/[\W]/i', '', trim($_POST['captchacode'])) : ''; // Remove any non alphanumeric characters to prevent exploit attempts
// function to check the submitted captcha
function captchaChars($hash)
{
// Generate a 32 character string by getting the MD5 hash of the servers name with the hash added to the end.
// Adding the servers name means outside sources cannot just work out the characters from the hash
$captchastr = strtolower(md5($_SERVER['SERVER_NAME'] . $hash));
$captchastr2 = '';
for($i = 0; $i <= 28; $i += 7)
{
$captchastr2 .= $captchastr[$i];
}
return $captchastr2;
}
if(!empty($captchacode))
{
if(strtolower($captchacode) == captchaChars($hash)) // We convert submitted characters to lower case then compare with the expected answer
{
echo '<h3>The submitted characters were correct</h3>';
}
else
{
echo '<h3>The submitted characters were WRONG!</h3>';
return true;
}
}
else
{
echo '<h3>You forgot to fill in the code!</h3>';
return true;
}
}
?>
I had Captcha up and running on my website and it did nothing to prevent spam. It has been compromised as a spam prevention mechanism I'm afraid.
Besides that, you need to return false if the captcha is incorrect and the form will not be submitted.
Related
After form submission , any number of refresh is storing the data that many times in the db.
ie. !empty($_POST) is always true after on submission.
How can I stop the submission without redirecting the page/url. As I want to stay in the same page.
I am using form_open() and form_submit() i codeigniter.
in view
<?php echo form_open("",array('method' => 'POST'));?>
/* form fields */
'Send', 'value' => 'Send Notifications',"name"=>"send_notification")); ?>
in controller
`if (!empty($_POST['send_notification'])) {
/* validation rules & data*/
if ($this->form_validation->run() == TRUE){
$this->model->insert($data);
}
}`
How can I stop the duplicate record insertion, I have tried , unset($_POST) , isset() , if($this->input->post()) , nothing seems to work.
Just do a redirect(); to the same age after the insert function.
This worked for me. It may help someone
Controller file :
public function success()
{
$_SESSION['txnid'] = $this->input->post('txnid');
$this->bind->set_order();
$this->load->view('success');
}
Model file :
public function set_order()
{
$txnid = $_SESSION['txnid'];
$qry = $this->db->query("SELECT * from orders where transaction_id = '$txnid'");
$result = $qry->result_array();
if($qry->num_rows() == 0 )
{
//add to database here
}
else
{
// do nothing
}
}
I am adding txnid to database on submit. So if it tries to resubmit, it checks if txnid already exist or not.
I tried to make a script where when a user types in the url and presses Go, it will go to that web page. I made it, but I noticed that it only worked with
http://
in front of it. So i used the strpos function to check whether
http://
is in the string and if it isn't it will add it to the url and go to the website. It works but now when a user types in the url with 'Http://' it will double it so it would be something like:
'http://http://www.example.com'.
How can I fix this?
This is the code:
<?
if ($_POST['submit']) {
$urlgo = $_POST['url'];
if (strpos($urlgo,'http://') == false) {
$url = "http://$urlgo";
header("Location: $url "); /* Redirect browser */
} else {
$urlgo = $_POST['url'];
header("Location: $urlgo "); /* Redirect browser */
exit;
}
}
?>
if (strpos($urlgo,'http://') == false) {
is the problem. strpos can return a LEGITIMATE 0 if the "needle" string (http://) is at the start of the "haystack" ($urlgo). 0 == false is TRUE in PHP. You need to use the strict comparison operator:
if (strpos(...) === false) {
(note, 3 = signs) which compares type AND value. 0 === false is FALSE in php.
I am trying to get my code to work for a form. I want it to validate a phone number. It want to continue to tell me the phone number is not correct even when it is.
Here's what I have. I took out the rest of the code that pertain to this part to simplify it. I am not sure if I have the code right but I am looking to have someone only be able to type number. Enter a 10 digit string of number and have it change to the following format (XXX) XXX-XXXX if this is possible.
<?php
include_once "contact-config.php";
$error_message = '';
if (!isset($_POST['submit'])) {
showForm();
} else { //form submitted
$error = 0;
if(!empty($_POST['phone'])) {
$phone[2] = clean_var($_POST['phone']);
if (!validPhone($phone[2])) {
$error = 1;
$phone[3] = 'color:#FF0000;';
$phone[4] = '<strong><span style="color:#FF0000;">Invalid Phone Number</span></strong>';
}
}
else {
$error = 1;
$phone[3] = 'color:#FF0000;';
}
<td class="quote_text" style="width:{$left_col_width}; text-align:right; vertical-align:top; padding:{$cell_padding}; {$phone[3]}"><span class='required'><b>* </b></span>{$phone[0]}</td>
<td style="text-align:left; vertical-align:top; padding:{$cell_padding};"><input type="text" name="{$phone[1]}" value="{$phone[2]}" size="20" maxlength="11" id="{$phone[1]}" /> {$phone[4]}</td>
/* Phone Number Validation Function. */
function validPhone($phone)
{
$isValid = true;
if(array_key_exists('phone', $_POST))
{
if(!preg_match('/^[0-9]{3}-[0-9]{3}-[0-9]{4}$/', $_POST['phone']))
{
$isValid = false;
}
}
return $isValid;
}
?>
I have a few comments about your original code although I have not gone into the debugging in depth.
There's a regex at http://php.net/manual/en/function.preg-match.php that is more complicated you might try. It's about halfway down the page. I tried your regex out at both http://regexpal.com/ and http://www.solmetra.com/scripts/regex/index.php ; it did not work at either place on phone numbers I used. The regex I pulled from the PHP reference page, as shown below, works.
/^(?:1(?:[. -])?)?(?:((?=\d{3})))?([2-9]\d{2})(?:(?<=(\d{3})))? ?(?:(?<=\d{3})[.-])?([2-9]\d{2})[. -]?(\d{4})(?: (?i:ext).? ?(\d{1,5}))?$/
You're calling the function with a parameter then not using the parameter in the function body, which strikes me as strange.
This is probably a duplicate topic of PHP: Validation of US Phone numbers which is pretty comprehensive.
$text = new Zend_Form_Element_Text();
$ValidateRange = new Zend_Validate_Between(0, 999999.99);
$ValidateFloat = new Zend_Validate_Float();
$ValidateFloat->setLocale(new Zend_Locale('de_AT'));
$ValidateRange->setMessage('Please enter the amount between [0-9999] ');
$textValidateFloat->setMessage('Please enter the amount properly');
$text->addValidator($ValidateRange);
$text->addValidator($ValidateFloat);
The above code works fine if we enter value like 12,23 . If we enter 12.23 the form didn't show any error message . How we can show error message . Please help me . thanks in advance...
Looking in the Zend/Validate/Float code, it always checks both your defined locale and english:
if (!Zend_Locale_Format::isFloat($value, array('locale' => 'en')) &&
!Zend_Locale_Format::isFloat($value, array('locale' => $this->_locale))) {
So, you'll need to extend or rewrite this validator yourself, removing the 'locale'=>'en' part.
edit:
Your validator, extending Zend_Validate_Float, can look something like this:
public function isValid( $value )
{
if ( !parent::isValid($value) ) return false;
if (!Zend_Locale_Format::isFloat($value, array('locale' => 'de_AT'))) {
$this->_error(self::NOT_FLOAT);
return false;
}
return true;
}
I have a situation where I want a set of users (employees) to be able to create a node, but to replace the uid (user ID) with that of the users profile currently displayed.
In other words, I have a block that that calls a form for a content type. If an employee (uid = 20) goes to a clients page (uid =105), and fills out the form, I want the uid associated with the form to be the client's(105), not the employee's.
I'm using arg(1) to grab the Client's uid - here is what I have..
<?php
function addSR_form_service_request_node_form_alter(&$form, $form_state) {
if (arg(0) == 'user' && is_numeric(arg(1))) {
$form['#submit'][] = 'addSR_submit_function';
}
}
function addSR_submit_function($form, $form_state) {
$account = user_load(arg(1));
$form_state['values']['uid'] = $account->uid;
$form_state['values']['name'] = $account->name;
}
?>
The form is loading in the block, but when submitted, is still showing the employee uid. I don't want to use hook_form_alter because I don't want to modify the actual form, because clients can fill out the form directly, in this case, I don't want to modify the form at all.
I'm also ashamed that I'm putting this in a block, but I couldn't think of a way to put this in a module, so any suggestions on that would also be appreciated...
To create your form in a block, you could use the formblock module. Especially if you are not used to use the Drupal API. Then all that's left if to add your own submit handler to the form. This is a piece of code that is run, when the form is submitted. You only want to do this on clients pages so you would do that using the hook_form_alter function.
/**
* Hooks are placed in your module and are named modulename_hookname().
* So if a made a module that I called pony (the folder would then be called
* pony and it would need a pony.info and pony.module file I would create this function
*/
function pony_form_service_request_node_form_alter(&$form, $form_state) {
// Only affect the form, if it is submitted on the client/id url
if (arg(0) == 'client' && is_numeric(arg(1))) {
$form['#submit'][] = 'pony_my_own_submit_function';
}
}
function pony_my_own_submit_function($form, &$form_state) {
$account = user_load(arg(1));
$form_state['values']['uid'] = $account->uid;
$form_state['values']['name'] = $account->name;
}
The idea behind this code, is to only alter the form when the condition is met - that it is submitted on a client page. I guessed that the arg(0) would be client so if it's something else you would need to change that of cause. We only need to add a submit function, since what we want is to change the values if the form has passed validation.
Then if that is the case our 2nd function is run, which does that actual alteration of the values.
PHP blocks are bad. You can put them in a module.
function hook_block($op, $delta = 0) {
// Fill in $op = 'list';
if ($op == 'view' && $delta = 'whatever') {
$account = user_load(arg(1));
$node = array('uid' => $account->uid, 'name' => $account->name, 'type' => 'service_request', 'language' => '', '_service_request_client' => $account->uid);
$output = drupal_get_form('service_request_node_form', $node);
// Return properly formatted array.
}
}
Additionally, you want a form_alter just to enforce the values. It's ugly but it works.
function hook_form_service_request_node_form_alter(&$form, $form_state) {
if (isset($form_state['node']['_service_request_client'])) {
$form['buttons']['submit']['#submit'] = array('yourmodule_node_form_submit', 'node_form_submit');
}
}
function yourmodule_node_form_submit($form, &$form_state) {
$account = user_load($form_state['node']['_service_request_cilent'])l
$form_state['values']['uid'] = $account->uid;
$form_state['values']['name'] = $account->name;
}