PDA

View Full Version : Captcha mucking up "Echo Back" on form validate failure


markdmc
05-01-2009, 07:30 AM
Hello,

I'm using a captcha block to catch spam bots (hopefully) for my "create new user" form to which I've also added a lot of error checking. If the error checking finds and error, I want the form to echo back the user entered values to avoid them leaving in frustration. This worked fine before the introduction of the captcha code but now it doesn't. I've attached the form validation, captcha and field definition code below. Any suggestions would be greatly appreciated.

Thanks,

Mark

if ((isset($_POST["MM_insert"])) && ($_POST["MM_insert"] == "form2")) {
//initialize array for error messages
$error = array();

//remove any whitespace and check required values are present

$_POST['first_name'] = trim($_POST['first_name']);
$_POST['last_name'] = trim($_POST['last_name']);
$_POST['email'] = trim($_POST['email']);
if (empty($_POST['first_name'])) {
$error['first_name'] = 'Please enter your first name.';
}
if (empty($_POST['last_name'])) {
$error['last_name'] = 'Please enter your last name.';
}
if (empty($_POST['username'])) {
$error['username'] = 'Please enter a user name.';
}
if (empty($_POST['email'])) {
$error['email'] = 'Please enter your email address.';
}
if (empty($_POST['zipCode'])) {
$error['zipCode'] = 'Please enter your zipCode.';
}
if (empty($_POST['bDay'])) {
$error['bDay'] = 'Please enter your birthday day.';
}
if (empty($_POST['bMonth'])) {
$error['bMonth'] = 'Please enter your birthday month.';
}
if (empty($_POST['bYear'])) {
$error['bYear'] = 'Please enter your birthday year.';
}

//check required field for proper length
$_POST['username'] = trim($_POST['username']);
if (strlen($_POST['username']) < 6) {
$error['length'] = 'Please select a username that contains at least 6 characters.';
}
$_POST['zipCode'] = trim($_POST['zipCode']);
if (strlen($_POST['zipCode']) < 5) {
$error['zipCode1'] = 'Your ZIP Code must contain 5 characters.';
}
$_POST['bMonth'] = trim($_POST['bMonth']);
if (strlen($_POST['bMonth']) < 2) {
$error['bMonth1'] = 'Your Birthday Month must contain 2 characters, i.e. 01.';
}
$_POST['bDay'] = trim($_POST['bDay']);
if (strlen($_POST['bDay']) < 2) {
$error['bDay1'] = 'Your Birthday Day must contain 2 characters. i.e. 02.';
}$_POST['bYear'] = trim($_POST['bYear']);
if (strlen($_POST['bYear']) < 4) {
$error['bYear1'] = 'Your Birthday Year must contain 4 characters, i.e. 1999.';
}
//set a flag that assumes the password is OK
$pwdOK = true;
//trim leading and trailing whitespace
$_POST['password'] = trim($_POST['password']);
//if less than 8 characters, create alert and set flag to false
if (strlen($_POST['password']) < 8) {
$error['pwd_length'] = 'Your password must be least 8 characters.';
$pwdOK = false;
}
//if passwords do not match, create alert and set flag to false
if ($_POST['password'] != trim($_POST['password_conf'])) {
$error['pwdMatch'] = 'Your passwords do not match';
$pwdOK = false;
}
//if password is OK, encrypt it
if ($pwdOK) {
$_POST['password'] = sha1($_POST['password']);
}
//if emails do not match, create alert and set flag to false
if ($_POST['email'] != trim($_POST['email_conf'])) {
$error['emailMatch'] = 'Your email addresses do not match';
}
// Check the captcha pass-phrase for verification
$user_pass_phrase = sha1($_POST['verify']);
if ($_SESSION['pass_phrase'] != trim($user_pass_phrase)) {
$error['pass_phrase'] = 'Please enter the letters exactly as in the verification box.';
}
//if no errors, insert the record into the database
if(!$error) {
$insertSQL = sprintf("INSERT INTO `user` (first_name, last_name, username, password, email, zipCode, prefRegion, sex, bDay, bMonth, bYear, mStatus, ed) VALUES (%s,%s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s)",
GetSQLValueString($_POST['first_name'], "text"),
GetSQLValueString($_POST['last_name'], "text"),
GetSQLValueString($_POST['username'], "text"),
GetSQLValueString($_POST['password'], "text"),
GetSQLValueString($_POST['email'], "text"),
GetSQLValueString($_POST['zipCode'], "int"),
GetSQLValueString($_POST['prefRegion'], "text"),
GetSQLValueString($_POST['sex'], "text"),
GetSQLValueString($_POST['bMonth'], "int"),
GetSQLValueString($_POST['bDay'], "int"),
GetSQLValueString($_POST['bYear'], "int"),
GetSQLValueString($_POST['mStatus'], "text"),
GetSQLValueString($_POST['ed'], "text"));

mysql_select_db($database_cpadmin, $cpadmin);
$Result1 = mysql_query($insertSQL, $cpadmin);
if (!$Result1 && mysql_errno() == 1062) {
$error['user_name'] = $_POST['user_name'] . ' is already in use. Please choose another username.';
} elseif (mysql_error()) {
$error['dbError'] = 'Sorry, there was a problem processing your request. Please try again later.';
}
$insertGoTo = "home.php";
if (isset($_SERVER['QUERY_STRING'])) {
$insertGoTo .= (strpos($insertGoTo, '?')) ? "&" : "?";
$insertGoTo .= $_SERVER['QUERY_STRING'];
}
header(sprintf("Location: %s", $insertGoTo));
}
}

//Database query and head info go here

<form action="<?php echo $editFormAction; ?>" method="post" name="form2" id="form2">
<fieldset>
<legend>Create Membership</legend>
<table align="center">
<tr valign="baseline">
<td nowrap="nowrap" align="right">Username:</td>
<td><input name="username" type="text" value="<?php if (!empty($username)) echo $username; ?>" size="32" maxlength="32" /></td>
</tr>
<tr valign="baseline">
<td nowrap="nowrap" align="right">Password:</td>
<td><input name="password" type="password" value="" size="32" maxlength="32" /></td>
</tr>
<tr valign="baseline">
<td nowrap="nowrap" align="right">Confirm Password:</td>
<td><input name="password_conf" type="password" value="" size="32" maxlength="32" /> </td>
</tr>
<tr valign="baseline">
<td nowrap="nowrap" align="right">First Name:</td>
<td><input name="first_name" type="text" value="<?php if (!empty($first_name)) echo $first_name; ?>" size="32" maxlength="32" /></td>
</tr>
<tr valign="baseline">
<td nowrap="nowrap" align="right">Last Name:</td>
<td><input name="last_name" type="text" value="<?php if (!empty($last_name)) echo $last_name; ?>" size="32" maxlength="32" /></td>
</tr>
<tr valign="baseline">
<td nowrap="nowrap" align="right">Email:</td>
<td><input type="text" name="email" value="<?php if (!empty($email)) echo $email; ?>" size="32" /></td>
</tr>
<tr valign="baseline">
<td nowrap="nowrap" align="right">Confirm Email:</td>
<td><input type="text" name="email_conf" value="" size="32" /></td>
</tr>
<tr valign="baseline">
<td nowrap="nowrap" align="right">Zip Code:</td>
<td><input name="zipCode" type="text" value="<?php if (!empty($zipCode)) echo $zipCode; ?>" size="32" maxlength="5" /></td>
</tr>
<tr valign="baseline">
<td nowrap="nowrap" align="right">Gender:</td>
<td><select name="sex">
<option value="null" <?php if (!(strcmp("null", ""))) {echo "SELECTED";} ?>>Please choose:</option>
<option value="m" <?php if (!(strcmp("m", ""))) {echo "SELECTED";} ?>>Male</option>
<option value="f" <?php if (!(strcmp("f", ""))) {echo "SELECTED";} ?>>Female</option>
</select></td>
</tr>
<tr valign="baseline">
<td nowrap="nowrap" align="right">Birth Day (dd):</td>
<td><input name="bDay" type="text" value="<?php if (!empty($bDay)) echo $bDay; ?>" size="32" maxlength="2" /></td>
</tr>
<tr valign="baseline">
<td nowrap="nowrap" align="right">Birth Month (mm):</td>
<td><input name="bMonth" type="text" value="<?php if (!empty($bMonth)) echo $bMonth; ?>" size="32" maxlength="2" /></td>
</tr>
<tr valign="baseline">
<td nowrap="nowrap" align="right">Birth Year (yyyy):</td>
<td><input name="bYear" type="text" value="<?php if (!empty($bYear)) echo $bYear; ?>" size="32" maxlength="4" /></td>
</tr>
<tr valign="baseline">
<td nowrap="nowrap" align="right">Relationship Status:</td>
<td><select name="mStatus">
<option value="null" <?php if (!(strcmp("null", ""))) {echo "SELECTED";} ?>>Please choose:</option>
<option value="s" <?php if (!(strcmp("s", ""))) {echo "SELECTED";} ?>>Single</option>
<option value="m" <?php if (!(strcmp("m", ""))) {echo "SELECTED";} ?>>Married</option>
<option value="r" <?php if (!(strcmp("r", ""))) {echo "SELECTED";} ?>>In a Relationship</option>
</select></td>
</tr>
<tr valign="baseline">
<td nowrap="nowrap" align="right">Education:</td>
<td><select name="ed">
<option value="null" <?php if (!(strcmp("null", ""))) {echo "SELECTED";} ?>>Please choose:</option>
<option value="hs" <?php if (!(strcmp("hs", ""))) {echo "SELECTED";} ?>>High School</option>
<option value="sc" <?php if (!(strcmp("sc", ""))) {echo "SELECTED";} ?>>Some College</option>
<option value="ad" <?php if (!(strcmp("ad", ""))) {echo "SELECTED";} ?>>Associates Degree</option>
<option value="bd" <?php if (!(strcmp("bd", ""))) {echo "SELECTED";} ?>>Bachelors Degree</option>
<option value="md" <?php if (!(strcmp("md", ""))) {echo "SELECTED";} ?>>Masters Degree</option>
<option value="pg" <?php if (!(strcmp("pg", ""))) {echo "SELECTED";} ?>>PhD / Post Grad</option>
</select></td>
</tr>
<tr valign="baseline">
<td nowrap="nowrap" align="right">Preferred Area:</td>
<td><select name="prefRegion">
<?php
do {
?>
<option value="<?php echo $row_area['area_id']?>" ><?php echo $row_area['area_name']?></option>
<?php
} while ($row_area = mysql_fetch_assoc($area));
?>
</select></td>
</tr>
<tr> </tr>
<tr valign="baseline">
<td nowrap="nowrap" align="right">Verification: </td>
<td><input type="text" id="verify" name="verify" value="" />
<img src="Connections/captcha.php" alt="Verification pass-phrase" /></td>
</tr>
<tr valign="baseline">
<td nowrap="nowrap" align="right">&nbsp;</td>
<td><input type="submit" value="Insert record" /></td>
</tr>
</table>
<input type="hidden" name="MM_insert" value="form2" />
</fieldset>
</form>