Ok...so I'm building a mailing list and want to have a CAPTCHA verification. The list works perfectly as is...it's on an .htm page and index.php is the action which uses storeAddress.php to add the email address to a database. It works flawlessly.

Now for the problems. I've looked at tons of scripts for CAPTCHA and can't seem to get ANY to work correctly. I have PHP Captcha set up now and it shows up fine, reloads images fine, but it isn't doing the verification. The walkthrough to set that up is linked below as well as the original source files of the mailing list (second link).

I'm not sure if modifications need to be made to the code, or if I'm putting it in the wrong place. Here is the source code that I have working, minus the verification piece of course.

Quote :

"<form id="addressForm" action="index.php" method="get"> <fieldset> <legend>Join our mailing list!</legend> <p> <input type="text" name="address" id="address" /> <input type="submit" value="Sign Up" /> <img id="captcha" src="/securimage/securimage_show.php" alt="CAPTCHA Image" /> <input type="text" name="captcha_code" size="10" maxlength="6" /><a href="#" onclick="document.getElementById('captcha').src = '/securimage/securimage_show.php?' + Math.random(); return false">Reload Image</a>"

Could anyone help me out? Thanks in advance...I'm a PHP n00b...well anything but html n00b.

CAPTCHA being used
http://www.phpcaptcha.org/documentation/quickstart/

Mailing list being used
http://www.sitepoint.com/article/use-ajax-php-build-mailing-list (source files http://www.sitepoint.com/examples/mailinglist/code-archive.zip)

Note: The walkthrough says that the code for verification should be added to the "action" which is index.php, but storeAddress.php does all the work...and I've tried placing it in both.

Here it is in its current, unCAPTCHA verified state http://www.martininnovations.com/mail.htm

[Edited on May 29, 2008 at 3:49 PM. Reason : .]

5/29/2008 3:44:40 PM

no one's really going to be able to help you unless you can post the source of your form page and the php script you're using to process the form

on a similar note, why don't you just combine all 3 into one page? have an if then or a switch case... no post vars, display the form... if there are post vars in the global array, then process the form and have it add stuff to the db.


if($_POST) {

//process the form

} else {

//display the form

}


also, why don't you help out a good cause while verifying your users:
http://recaptcha.net/

5/29/2008 3:55:00 PM

^ dammit, i wish this thread had been made two weeks ago when i wrote my own captcha generator that doesn't even work as well (distortion-wise) as that. good linkage.

5/29/2008 4:04:24 PM

evan for the win

5/29/2008 4:22:33 PM

evan for the win

5/29/2008 5:03:12 PM

also, reply email just sent. i made a small mistake - line 48, $dbpassword should be $dbpass.

5/30/2008 1:38:16 AM

CAPTCHA is usually overkill. Think about it now, but add it in later; once your site (somehow) manages to break 500 uniques a day.

5/30/2008 2:53:44 AM

^why not add it now, it requires 6 additional lines of code.

5/30/2008 4:31:11 AM

scope creep

5/30/2008 12:43:26 PM

Everything is working perfect now thanks to Evan.

Captcha was necessary due to my experience with wolfpacklife.com when 100s of users were added in minutes

5/30/2008 2:14:09 PM

captcha is dead

what's the deal with wolfpacklife anyways? do y'all even care about it or maintain it anymore? it's had zero activity for over a year

[Edited on May 30, 2008 at 2:18 PM. Reason : wpl]

5/30/2008 2:17:06 PM

^^Remember how I wrote a captcha breaker in about an hour?

Captcha does not stop spam anymore, at all. If you get popular, it will be broken effortlessly. It's just an added hassle for the average user.

5/30/2008 4:36:26 PM

I'm not involved with wolfpacklife anymore so I can't tell you what's going on there.

If captcha is dead, what should I have used?

5/31/2008 11:22:26 AM

1) the dummy form elements mentioned on the last page of http://www.arraystudio.com/as-workshop/the-captcha-alternatives.html sounds like an interesting idea

2) http://gifs.hu/phpclasses/show.php?page=0 could be good, since it uses animated captchas

3) logic questions (which of the following is a *, though all the bot needs to do is make a lucky guess)

4) this is a good idea too: http://www.eggheadcafe.com/tutorials/aspnet/5b689df4-19db-4de6-b1ec-a34cd08623e8/toward-viable-captcha-alt.aspx

5) more good ideas
http://www.wwohn.com/captcha-alternatives/

i'd probably go for a combination of the unique cookie + hidden form elements route (1 and 4) for the best security, though the hidden form elements route is going to fuck up people that use screen readers and the like

[Edited on May 31, 2008 at 12:03 PM. Reason : clearer]

5/31/2008 12:01:59 PM

http://www.thepcspy.com/kittenauth lolol

5/31/2008 2:32:28 PM