Firstly thaks for the app. I was able to generate my form easily, post it and have it work - at least for a short period of time.
However..... The form has recently been behaving strangely in the past few days, and does not finish loading the captcha security image. There is no image displayed and the browser does not finish loading the page. To me, the problem appears to be with the captcha feature.
I have contacted my ISP and they too believe that there is a captcha problem:
QUOTE: problem with PHP code
"imagettftext($image, $font_size, 0, $x, $y, $text_color, $this->font , $code) or
die('Error in imagettftext function');"
I have not modified the captcha code at any stage.
On the security side of things, could you advise on:
1) Security considerations and any precautions that should be put in place
2) Requirements for validation of input
3) Other suggestions?
FYI - the form I have created only uses a mail function to deliver user input to an email. Very simple and no SQL involved.
// Sender email is predefined as a hidden html field
$email = "XYZ@gmail.com";
// Name
$name = $_POST['field_1'] . " " . $_POST['field_2'];
// Message body
$message = $_POST['field_1'] . " " . $_POST['field_2'] . " says no to development" . "
Email address: " . $_POST['field_3'] . "
This is what " . $_POST['field_1'] . " has to say:
" . $_POST['field_4'];
//Validation and handling if check box is equal to Yes
if( ($_SESSION['security_code']==$_POST['security_code']) && (!empty($_POST['security_code'])) && ($field_5_opts=="Yes") ) {
//Mail function if check box is equal to Yes
mail("$email,XYZ@gmail.com",$name . " says no",$message,"From: $email");
include("confirm.html");
}
//Validation and handling if check box is not equal to Yes
elseif( ($_SESSION['security_code']==$_POST['security_code']) && (!empty($_POST['security_code'])) && ($field_5_opts!="Yes") ) {
// Mail function
mail($email,$name . " says no",$message,"From: $email");
include("confirm.html");
}
else {
echo "Invalid Captcha String.";
}
?>
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
The captcha image is generated in the form file. The form file includes PHP code that implements captcha. The header of this file is listed below. Make sure your host supports the requirements and follow the link in the header. If you have troubles with captcha the author will be the best person to help you resolve them.
/*
* File: CaptchaSecurityImages.php
* Author: Simon Jarvis
* Copyright: 2006 Simon Jarvis
* Date: 03/08/06
* Updated: 23/11/06
* Requirements: PHP 4/5 with GD and FreeType libraries
* Link: http://www.white-hat-web-design.co.uk/articles/php-captcha.php
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2
* of the License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details:
* http://www.gnu.org/licenses/gpl.html
*
*/
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
1) "The captcha image is generated in the form file": I take it you mean the 'form.html' file and is displayed by the following tag <img src="CaptchaSecurityImages.php">. Is this correct?
2) All requirements in the header are met. Also, there is a new version of the capture code updated on 07/02/07. This has important security fixes applied.
3) I'm suprised there is no validation of form input other than the captcha.
I'm really at a lost for why this is not working. As I have said, it was originally working, worked for a while then stopped working.
Any other ideas,
lhcpr
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
1.) Yes
2.) I have not used the new version so I can not comment on using it.
3.) There is basic form input validation in the form java code and in the process.php code.
Send me a link to your form so I can try it.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I had the exact same issue. My form with captcha worked for over a year and then suddenly the captcha image wouldn't load. I fixed the captcha problem by changing the PHP setting (in 'PHP Config' in my host's control panel) to use PHP5. I was using PHP4. It worked and luckily did not mess up any other of my PHP files.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Hello,
Firstly thaks for the app. I was able to generate my form easily, post it and have it work - at least for a short period of time.
However..... The form has recently been behaving strangely in the past few days, and does not finish loading the captcha security image. There is no image displayed and the browser does not finish loading the page. To me, the problem appears to be with the captcha feature.
I have contacted my ISP and they too believe that there is a captcha problem:
QUOTE: problem with PHP code
"imagettftext($image, $font_size, 0, $x, $y, $text_color, $this->font , $code) or
die('Error in imagettftext function');"
I have not modified the captcha code at any stage.
On the security side of things, could you advise on:
1) Security considerations and any precautions that should be put in place
2) Requirements for validation of input
3) Other suggestions?
FYI - the form I have created only uses a mail function to deliver user input to an email. Very simple and no SQL involved.
Thanks in advance,
lhcpr
My processor code as follows:
<?php
session_start();
// Setup code
$where_form_is="http://".$_SERVER['SERVER_NAME'].strrev(strstr(strrev($_SERVER['PHP_SELF']),"/"));
// Checkbox handling
$field_5_opts = $_POST['field_5'][0];
// Sender email is predefined as a hidden html field
$email = "XYZ@gmail.com";
// Name
$name = $_POST['field_1'] . " " . $_POST['field_2'];
// Message body
$message = $_POST['field_1'] . " " . $_POST['field_2'] . " says no to development" . "
Email address: " . $_POST['field_3'] . "
This is what " . $_POST['field_1'] . " has to say:
" . $_POST['field_4'];
//Validation and handling if check box is equal to Yes
if( ($_SESSION['security_code']==$_POST['security_code']) && (!empty($_POST['security_code'])) && ($field_5_opts=="Yes") ) {
//Mail function if check box is equal to Yes
mail("$email,XYZ@gmail.com",$name . " says no",$message,"From: $email");
include("confirm.html");
}
//Validation and handling if check box is not equal to Yes
elseif( ($_SESSION['security_code']==$_POST['security_code']) && (!empty($_POST['security_code'])) && ($field_5_opts!="Yes") ) {
// Mail function
mail($email,$name . " says no",$message,"From: $email");
include("confirm.html");
}
else {
echo "Invalid Captcha String.";
}
?>
The captcha image is generated in the form file. The form file includes PHP code that implements captcha. The header of this file is listed below. Make sure your host supports the requirements and follow the link in the header. If you have troubles with captcha the author will be the best person to help you resolve them.
/*
* File: CaptchaSecurityImages.php
* Author: Simon Jarvis
* Copyright: 2006 Simon Jarvis
* Date: 03/08/06
* Updated: 23/11/06
* Requirements: PHP 4/5 with GD and FreeType libraries
* Link: http://www.white-hat-web-design.co.uk/articles/php-captcha.php
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2
* of the License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details:
* http://www.gnu.org/licenses/gpl.html
*
*/
Hi TNTEveret - thanks for the follow up,
Just to clarify a few things:
1) "The captcha image is generated in the form file": I take it you mean the 'form.html' file and is displayed by the following tag <img src="CaptchaSecurityImages.php">. Is this correct?
2) All requirements in the header are met. Also, there is a new version of the capture code updated on 07/02/07. This has important security fixes applied.
3) I'm suprised there is no validation of form input other than the captcha.
I'm really at a lost for why this is not working. As I have said, it was originally working, worked for a while then stopped working.
Any other ideas,
lhcpr
1.) Yes
2.) I have not used the new version so I can not comment on using it.
3.) There is basic form input validation in the form java code and in the process.php code.
Send me a link to your form so I can try it.
Hi TNTevert,
As per your request, I have sent you the link for the page where captcha security is playing up to your sourceforge inbox.
Also, does the application / code support PHP version 5.X ? I know the captcha PHP does but not sure of the rest.
Cheers,
Graham
I had the exact same issue. My form with captcha worked for over a year and then suddenly the captcha image wouldn't load. I fixed the captcha problem by changing the PHP setting (in 'PHP Config' in my host's control panel) to use PHP5. I was using PHP4. It worked and luckily did not mess up any other of my PHP files.