Jump to content

One part of script gets through Captcha

DouglasWalker

By DouglasWalker
in PHP Coding Help

 Share

Recommended Posts

DouglasWalker Newbie

DouglasWalker

Posted
Posted

Hi I have a script below which I have put together from a couple of other scripts which simply adds an email address to a database for a newsletter and sends an email to the owner and to the user it then shows a success page.

The script checks that the email is valid and there is also a captcha.

The script works in that it only send out the emails if the captcha etc is entered correctly but the email is being added to the database regardless of whether the capture is correct or not. I was proud of myself for getting this far but would love some instruction on what I have missed and how to stop the email adding to the database unless it has passed the captcha.

 

Below you will see the script. The commented out sections are parts of the old script I don't use.

 

 

<?php

  require('includes/application_top.php');

  require(DIR_WS_LANGUAGES . $language . '/' . FILENAME_TESTING);

  $error = false;
  if (isset($HTTP_GET_VARS['action']) && ($HTTP_GET_VARS['action'] == 'send')) {
    //$name = tep_db_prepare_input($HTTP_POST_VARS['name']);
    $email_address = tep_db_prepare_input($HTTP_POST_VARS['email']);
    //$enquiry = tep_db_prepare_input($HTTP_POST_VARS['enquiry']);

    if (tep_validate_email($email_address) == false) {
      $error = true;
      $messageStack->add('testing', ENTRY_EMAIL_ADDRESS_CHECK_ERROR);
    }

//CAPTHCA CODE start
  require(DIR_WS_FUNCTIONS . 'capcha_code.php');

    $code_query = tep_db_query("select code from capcha_code where oscsid = '" . tep_session_id($HTTP_GET_VARS[tep_session_name()]) . "'");
    $code_array = tep_db_fetch_array($code_query);
    $code = $code_array['code'];

    tep_db_query("DELETE FROM " . TABLE_CAPCTHA_CODE . " WHERE oscsid='" . $vvcode_oscsid . "'"); //remove the visual verify code associated with this session to clean database and ensure new results

    $user_entered_code = $HTTP_POST_VARS['capcha_code'];
    if (!(strcasecmp($user_entered_code, $code) == 0)) {    //make the check case insensitive
        $error = true;
        $messageStack->add('testing', CAPCTHA_CODE_ENTRY_ERROR);
    }
//CAPTHCA CODE stop
/* testing sign up start */

      if (isset($HTTP_POST_VARS['testing_sign_up']))
      {

        $testing_query = tep_db_query("select testing_id_number from " . 
          TABLE_TESTING_SIGN_UP . 
          " where testing_email_address = '" . 
          tep_db_input($email_address) . "'");

        if(tep_db_num_rows($testing_query) == 0)
        {
          $sql_data_array = array('testing_email_address' => $email_address,
                                  'testing_firstname' => "",
                                  'testing_lastname' => "");
          tep_db_perform(TABLE_TESTING_SIGN_UP, $sql_data_array);
        }
      }
      
/* testing sign up end */

    if ($error == false) {
         tep_mail(STORE_OWNER, STORE_OWNER_EMAIL_ADDRESS, EMAIL_SUBJECT, $email_address,STORE_OWNER_EMAIL_ADDRESS);
tep_mail(MESSAGE_TEXT, $email_address, CUSTOMER_SUBJECT, NUMBER_ONE, STORE_OWNER_EMAIL_ADDRESS);
         tep_redirect(tep_href_link(FILENAME_TESTING, 'action=success'));
    }
  }

  $breadcrumb->add(NAVBAR_TITLE, tep_href_link(FILENAME_TESTING));
?>
<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN">
<html <?php echo HTML_PARAMS; ?>>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=<?php echo CHARSET; ?>">
<title><?php echo TITLE; ?></title>
<base href="<?php echo (($request_type == 'SSL') ? HTTPS_SERVER : HTTP_SERVER) . DIR_WS_CATALOG; ?>">
<link rel="stylesheet" type="text/css" href="stylesheet.css">
</head>
<body marginwidth="0" marginheight="0" topmargin="0" bottommargin="0" leftmargin="0" rightmargin="0">
<!-- header //-->
<?php require(DIR_WS_INCLUDES . 'header.php'); ?>
<!-- header_eof //-->

<!-- body //-->
<table border="0" width="100%" cellspacing="3" cellpadding="3">
  <tr>
    <td width="<?php echo BOX_WIDTH; ?>" valign="top"><table border="0" width="<?php echo BOX_WIDTH; ?>" cellspacing="0" cellpadding="2">
<!-- left_navigation //--> <?php require(DIR_WS_INCLUDES . 'column_left.php'); ?> 
<!-- left_navigation_eof //--> </table></td><!-- body_text //--> <td width="100%" valign="top"><?php echo tep_draw_form('testing', tep_href_link(FILENAME_TESTING, 'action=send')); ?><table border="0" width="100%" cellspacing="0" cellpadding="0"> 
<tr> <td><table border="0" width="100%" cellspacing="0" cellpadding="0"> <tr> 
<td class="pageHeading"><?php echo HEADING_TITLE; ?></td><td class="pageHeading" align="right"><?php echo tep_image(DIR_WS_IMAGES . 'table_background_contact_us.gif', HEADING_TITLE, HEADING_IMAGE_WIDTH, HEADING_IMAGE_HEIGHT); ?></td></tr>

</table>
</td></tr><td class="main"><?php echo INFORMATION_TEXT; ?></td>
<tr> 
<td><?php echo tep_draw_separator('pixel_trans.gif', '100%', '10'); ?></td></tr> 
<?php
  if ($messageStack->size('testing') > 0) {
?>
      <tr>
        <td><?php echo $messageStack->output('testing'); ?></td>
      </tr>
      <tr>
        <td><?php echo tep_draw_separator('pixel_trans.gif', '100%', '10'); ?></td>
      </tr>
<?php
  }

  if (isset($HTTP_GET_VARS['action']) && ($HTTP_GET_VARS['action'] == 'success')) {
?>
      <tr>
        <td class="main" align="left"><?php echo tep_image(DIR_WS_IMAGES . 'clever.gif', HEADING_TITLE, '0', '0', 'align="left"') . TEXT_COMPLETE; ?></td>
      </tr>
      <tr>
        <td><?php echo tep_draw_separator('pixel_trans.gif', '100%', '10'); ?></td>
      </tr>
      <tr>
        <td><table border="0" width="100%" cellspacing="1" cellpadding="2" class="infoBox">
          <tr class="infoBoxContents">
            <td><table border="0" width="100%" cellspacing="0" cellpadding="2">
              <tr>
                <td width="10"><?php echo tep_draw_separator('pixel_trans.gif', '10', '1'); ?></td>
                <td align="right"><?php echo '<a href="' . tep_href_link(FILENAME_DEFAULT) . '">' . tep_image_button('button_continue.gif', IMAGE_BUTTON_CONTINUE) . '</a>'; ?></td>
                <td width="10"><?php echo tep_draw_separator('pixel_trans.gif', '10', '1'); ?></td>
              </tr>
            </table></td>
          </tr>
        </table></td>
      </tr>
<?php
  } else {
?>
      <tr>
        <td><table border="0" width="100%" cellspacing="1" cellpadding="2" class="infoBox">
          <tr class="infoBoxContents">
            <td><table border="0" width="100%" cellspacing="0" cellpadding="2" >
              <!--<tr>
                <td class="main"><?php echo ENTRY_NAME; ?></td>
              </tr>
              <tr>
                <td class="main"><?php echo tep_draw_input_field('name'); ?></td>
              </tr>//-->
<tr><td class="main"><?php echo INSTRUCTIONS_TEXT; ?></td></tr>

              <tr>
                <td class="main"><?php echo ENTRY_EMAIL; ?>
             
               <?php echo tep_draw_input_field('email'); ?></td>
              </tr>


      <tr>
        <td><?php echo tep_draw_separator('pixel_trans.gif', '100%', '10'); ?></td>
      </tr>
              <!--<tr>
                <td class="main"><?php echo ENTRY_ENQUIRY; ?></td>
              </tr>
              <tr>
                
<td><?php echo tep_draw_textarea_field('enquiry', 'soft',
50, 15, $infotext);
?></td>
              </tr>//-->
<!-- CAPTHCA CODE-- START-->
      <tr>
        <td class="main"><?php echo CAPCTHA_CODE_CATEGORY; ?></td>
      </tr>
      <tr>
        <td><table border="0" width="100%" cellspacing="1" cellpadding="2" class="infoBox">
          <tr class="infoBoxContents">
            <td><table border="0" cellspacing="2" cellpadding="2">

              <tr>
                <td class="main"><?php echo CAPCTHA_CODE_TEXT_INSTRUCTIONS; ?></td>
                
                <td class="main">
                  <?php
              // ----- begin garbage collection --------
    tep_db_query("DELETE FROM " . TABLE_CAPCTHA_CODE . " WHERE dt < DATE_SUB(NOW(), INTERVAL 5 HOUR)");
// ----- end garbage collection --------

                      //can replace the following loop with $capcha_code = substr(str_shuffle (CAPCTHA_CODE_CHARACTER_POOL), 0, rand(3,4)); if you have PHP 4.3
                    $capcha_code = "";
                    for ($i = 1; $i <= rand(3,4); $i++){
                          $capcha_code = $capcha_code . substr(CAPCTHA_CODE_CHARACTER_POOL, rand(0, strlen(CAPCTHA_CODE_CHARACTER_POOL)-1), 1);
                     }
                     $vvcode_oscsid = tep_session_id($HTTP_GET_VARS[tep_session_name()]);
                     tep_db_query("DELETE FROM " . TABLE_CAPCTHA_CODE . " WHERE oscsid='" . $vvcode_oscsid . "'");
                     $sql_data_array = array('oscsid' => $vvcode_oscsid, 'code' => $capcha_code);
                     tep_db_perform(TABLE_CAPCTHA_CODE, $sql_data_array);
                     $capcha_code = "";
                     echo('<img src="' . FILENAME_CAPCTHA_CODE_DISPLAY . '?vvc=' . $vvcode_oscsid . '"');
                  ?>
                </td>
                <td class="main"><?php echo CAPCTHA_CODE_BOX_IDENTIFIER; ?></td>
<td class="main"><?php echo tep_draw_input_field('capcha_code'); ?></td>

              </tr>
            </table></td>
          </tr>
        </table></td>
      </tr>

<!-- testing sign up start//-->  
<TD WIDTH="100%"> 
<tr> <td class="main" align="right"><?php echo ENTRY_TESTING_SIGN_UP; ?> 
<?php echo tep_draw_checkbox_field('testing_sign_up', '1', true); ?>   </td></tr> 
<!--testing sign up end //-->

<!-- CAPTHCA CODE-- STOP -->
                <td width="10"><?php echo tep_draw_separator('pixel_trans.gif', '10', '1'); ?></td> 
            </table></td>
          </tr>
        </table></td>
      </tr>
      <tr>
        <td><?php echo tep_draw_separator('pixel_trans.gif', '100%', '10'); ?></td>
      </tr>
      <tr>
        <td><table border="0" width="100%" cellspacing="1" cellpadding="2" class="infoBox">
          <tr class="infoBoxContents">
            <td><table border="0" width="100%" cellspacing="0" cellpadding="2">
              <tr>
                <td width="10"><?php echo tep_draw_separator('pixel_trans.gif', '10', '1'); ?></td>
                <td align="right"><?php echo tep_image_submit('button_continue.gif', IMAGE_BUTTON_CONTINUE); ?></td> 

                <td width="10"><?php echo tep_draw_separator('pixel_trans.gif', '10', '1'); ?></td>
              </tr>
            </table></td>
          </tr>
        </table></td>
      </tr>
<?php
  }
?>
    </table></form></td>
<!-- body_text_eof //-->
    <td width="<?php echo BOX_WIDTH; ?>" valign="top"><table border="0" width="<?php echo BOX_WIDTH; ?>" cellspacing="0" cellpadding="2">
<!-- right_navigation //-->
<?php require(DIR_WS_INCLUDES . 'column_right.php'); ?>
<!-- right_navigation_eof //-->
    </table></td>
  </tr>
</table>
<!-- body_eof //-->

<!-- footer //-->
<?php require(DIR_WS_INCLUDES . 'footer.php'); ?>
<!-- footer_eof //-->
<br>
</body>
</html>
<?php require(DIR_WS_INCLUDES . 'application_bottom.php'); ?>

Link to comment
Share on other sites
PFMaBiSmAd Advanced Member

PFMaBiSmAd

Posted
Posted

$HTTP_GET_VARS and $HTTP_POST_VARS were depreciated 9 years ago, in favor of the $_GET and $_POST arrays, where turned off by default in php5, finally throw a depreciated error message in php5.3, and will be completely removed in an upcoming php release. Use the $_GET and $_POST arrays instead.

 

You have a simple logic error and are performing the query any time $_POST['testing_sign_up'] is set. You would need to put the query code into the same conditional test you are using for the email code.

Link to comment
Share on other sites
DouglasWalker Newbie

DouglasWalker

Posted
  • Author
Posted

Many thanks for your very fast reply and the advice about $HTTP_GET_VARS and $HTTP_POST_VARS

How would I go about sorting out the logic. I am at  a loss as how to add the same conditional test as the email code.

Also is it as simple as replacing

$HTTP_GET_VARS  with $_GET  and

$HTTP_POST_VARS with $_POST or are there other things which need to be changed

Many thanks

Doug

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.