Member Avatar for zalgawi

Hello people, I've been working on a registration form project that needs to contain a captcha code that will be validated. Even if the captcha string inserted in the text box is correct, it displays the error "Captcha string is incorrect". Also, even if the captcha part did not exist, the form doesn't seem to save the data to my sql database. Can anyone please try to help me out or check if you can notice any obivous errors with my code?

The following code is the PHP and HTML code used for the registration form

<?php

session_start();

$_SESSION['captcha'] = $captchaString;

$_SESSION ['message'] = $captchaString;

//$_SESSION['message'] = '';

$mysqli = new mysqli('ip', 'user', 'pass',  'dbname');
$post = filter_input_array(INPUT_POST);
 if (isset($post)) {

     $skills = $mysqli->real_escape_string($post['skills']);

     if (isset($post['email'])) {
         $email = $post['email'];
     } else {
         $_SESSION['message'] = "Please enter your email!";
     }

     if (isset($post['username'])) {
         $username = $post['username'];
     } else {
         $_SESSION['message'] = "Please enter your username!";
     }

     if (isset($post['password'])) {
         if ($post['password'] === $post['confirmpassword']) {

             $password = password_hash($post['password']); //password hash is more secure. To compare passwords use password_verify($post['password'], $dbpassword);
         } else {
             $_SESSION['message'] = "Two passwords do not match!";
         }
     } else {
         $_SESSION['message'] = "Please enter your password!";
     }

     if(isset($post['captcha'])) {
         if ($post['captcha'] === $_SESSION['captcha']) {
     } else {
         $_SESSION['message'] = "The captcha is not correct";
      }
     } else {
         $_SESSION = "Please enter the captcha";
     }

    if(isset($email) && isset($username) && isset($password) && isset ($captcha)) {
        //if the query is successful, redirect to emailvalidation.php page
        $sql = "INSERT INTO users (username, email, password, skills) "
        ."VALUES ('$username','$email','$password','$skills')";
        echo $sql;
        $mysqli->query($sql);
        $_SESSION['message'] = "Registration Succesful! Added $username to the database!";
        header("location: emailValidation.php");
    }
  }
?>

<!DOCTYPE html>
<html>
<head>
  <link href="https://fonts.googleapis.com/css?family=Roboto" rel="stylesheet">
  <link rel="stylesheet" type="text/css" href="registrationForm.css">

  <style>body {
font-family: 'Roboto', sans-serif;
font-size: 20px;
}</style>

  <title>Registration Form</title>
</head>
<body>
<form class="form" action="registrationForm.php" method="post" style="border:1px solid #ccc">
    <div class="alert error"><?= $_SESSION['message'] ?></div>
  <div class="container">
    <h1>Registration</h1>
    <p>Please fill in this form to create an account.</p>
    <hr>

    <label for="username"><b>Username</b></label>
    <input type="text" placeholder="Enter Username" name="username" required>
    <br>

    <label for="email"><b>Email</b></label>
    <input type="text" placeholder="Enter Email" name="email" required>
    <br>

    <label for="password"><b>Password</b></label>
    <input type="password" placeholder="Enter Password" name="password" required>
    <br>

    <label for="confirmpassword"><b>Repeat Password</b></label>
    <input type="password" placeholder="Repeat Password" name="confirmpassword" required>
    <br>

    <label for="skills"><b>Skills</b></label>
    <input type="text" placeholder="E.G., plumbing,teaching, programming, etc" name="skills" required>
    <br>

    <label for="captcha"><b>Complete CAPTCHA</b></label>
    <br>
    <div class="captcha">
<img src="captcha.php" alt="CAPTCHA image"/>
</div>
    <br>
      <input type="text" name=captcha required>

    <label>
      <input type="checkbox" checked="checked" name="remember" style="margin-bottom:15px"> Remember me
    </label>

    <p>By creating an account you agree to our <a href="#" style="color:dodgerblue">Terms & Privacy</a>.</p>

    <div class="clearfix">
      <button type="button" class="cancelbtn">Cancel</button>
      <button type="submit" class="signupbtn">Sign Up</button>
    </div>
  </div>
</form>
</body>
</html>

The following code is the captcha generator that is used throughout the registration form

    <?php
    # Read background image
    $image = ImageCreateFromPng ("captcha100x40.png");

    # Randomise the text colour
    $red = rand(80,130);
    $green = rand(80,130);
    $blue = 320 -$red - $green;
    $textColour = ImageColorAllocate($image, $red, $green, $blue);

    # Randomly select a character string
    $charArray = array('a','b','c','d','e','f','g','h','j','k','m','n','p','q','r','s','t','u','v','w','x','y','z','A','B','C','D','E','F','G','H','J','K','L','M','N','P','Q','R','T','U','V','W','X','Y','Z','2','3','4','6','7','8','9');
    shuffle($charArray);
    $captchaString = $charArray[0];
    for ($i=1; $i<5; $i++) $captchaString .= ' ' . $charArray[$i];

    # Edit the image
    ImageString($image, 5, 10, 10, $captchaString, $textColour);

    # Enlarge the image
    $bigImage = imagecreatetruecolor(200, 80);
    imagecopyresized($bigImage, $image, 0, 0, 0, 0, 200, 80, 100, 40);

    # Output the image as a low quality JPEG
    header("Content-Type: image/jpeg");
    Imagejpeg($bigImage, NULL, 8);

    # clean up
    ImageDestroy($image);
    ImageDestroy($bigImage);
    ?>
  • 2 Contributors
  • 1 Reply
  • 545 Views
  • 1 Day Discussion Span
  • Latest Post Latest Post by rproffitt
Member Avatar for rproffitt

On line 49, echo these values for you to see. Or COPY someone else's working similar code like I see at https://www.the-art-of-web.com/php/captcha/

Their implementation uses != rather than your stict ===.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.