Hello all,

I run simply php scripts on my site that allows people to leave comments, for example here on my ANTM page.

I have been trying to incorporate a captcha which works well speperately but I just cannot get it into the comment.php file.

The captcha works if I just post the following on a html/php page:

<formname="signupform"method="post"action="<?=$_SERVER["PHP_SELF"]?>">
Please sign up for our website:
<br>
<br>
Name: 
 
<formname="signupform"method="post"action="<?=$_SERVER["PHP_SELF"]?>">
 
<? insertSecurityImage("security_refid") ?>
<br>
Enter what you see: 
<inputname="security_try"type="text"id="security_try"size="20"maxlength="10">
(can't see? try reloading page) 
<br>
<br>
<inputtype="submit"name="Submit"value="Signup!">
</form>

However, I want to include it in the comment form in its php file which looks like this:

<formname=\"submitcomment\"method=\"post\"action=\"comment/submitcomment.php\"onSubmit=\" return form_Validator(this)\">
<tablewidth=\"100%\">
<tr>
<thcolspan=\"2\"><h3class=\"formtitle\">Leave your comment:</h3></th>
</tr>
<tr>
 
<thscope=\"row\"><pclass=\"req\">Name:</p></th>
<td><inputclass=\"form\"tabindex=\"1\"id=\"name\"name=\"name\" /></td>
</tr>
<tr>
<thscope=\"row\"><pclass=\"opt\">Email:</p></th>
<td><inputclass=\"form\"tabindex=\"2\"id=\"email\"name=\"email\" /></td>
</tr>
<tr>
 
<thscope=\"row\"><pclass=\"opt\">URL:</p></th>
<td><inputclass=\"form\"tabindex=\"3\"id=\"url\"name=\"url\" /></td>
</tr>
<trvalign=\"top\">
<thscope=\"row\"><pclass=\"req\">Comments:</p><br /></th>
<td><textareaclass=\"formtext\"tabindex=\"4\"id=\"message\"name=\"message\"rows=\"10\"cols=\"50\"></textarea></td>
</tr>
 
<tr>
<td>[B][I]&nbsp[/I][/B];</td>
<td><inputtype=\"submit\"name=\"post\"class=\"submit\"value=\"Submit Comment\" /><br />
<p>Note: Emails will not be visible or used in any way, and are not required. Please keep comments relevant. Any content deemed inappropriate or offensive may be edited and/or deleted. </p>
 
 
 
</td>
</tr>
 
 
 
</table>
<inputtype=\"hidden\"name=\"tuturl\"value=\"$tuturl\" />
<inputtype=\"hidden\"name=\"tutid2\"value=\"$tutid2\" />
</form>

I thought that just adding a new line and inserting the relevant part would work, but it just won't! I have tried this for days now and would be really grateful if someone knew how to do it? :eek:

Can u post the code wherein you actually merged the two so we could get a clear picture of how you inserted the captcha code into your comment.php script. It's hard to see where you might have gone wrong if we can't see the actual code.

Thank you very much for your reply.

I have given up on that particular script, and tried to install the captcha used by the author of my comment script (see here), which is the standard captcha v. 0.9.

I think my trouble is the integration because the captcha works seperately but I think the issue might be calling up php commands within the form that is in itself contained in a php file.

I am going to include and attach (1) test.php and (2)inc_rate.php (3) captcha.php.
I am trying to replicate the incorporation of captche in inc_rate.php

I have bolded and italiced my additions in the <form> part of inc_rate.php. Unfortunately, I get no more than a black bar as you can see on my .html page. :rolleyes:

This is the test.php where the captcha works in a simple form:

<html>
<head>
<title>captcha.php testing</title>
<style>
html {
border-left: 30pxsolid#222222;
}
input,textarea {
background: #333333;
color: #dddddd;
border: 2pxsolid#555555;
}
.captcha {
border: 2pxdashed: #331111;
background: #110000;
padding: 5px;
}
form {
border: 1pxdashed#551111;
padding: 2px;
}
</style>
</head>
<bodybgcolor="#000000"text="#ffffff">
<h1>CAPTCHA Test</h1>
<?php
define("CAPTCHA_INVERSE", 1);
include"captcha.php";
?>

<formaction="_test.1.php">
(we have an example input &lt;form&gt; here)<br>
<textareacols=50rows=3><?php
$res = captcha::check();
if (isset($res)) {
if ($res) {
$msg = "SUCCESS!!";
}
else {
$msg = "FAILED.";
}
for ($n=0; $n<5; $n++) {
echo"$msg\n";
}
}
?></textarea>
<br>
<br>
<?php
echocaptcha::form();
?>
<br>
<inputtype="submit"value="Test &amp; Save">
</form>

<br>
<br>

This is just an example. It's function-less form, which appears over
and over again. You'd typically also want to provide a more senseful
error message, if captcha::test() fails.

<br>
<br>

</body>
</html>

The following is my comment script php file - inc_rate.php:

<?
//PleasesetthefollowingvariablesforyourMySQLdatabase:
//PleasesetthefollowingvariablesforyourMySQLdatabase:
//itishighlyrecommendedthatyourestrictaccessfortheuserforsecurityreasons
//itonlyneeds"INSERT"privileges

$db_hostname = "localhost"; //usually"localhost be default"
$db_username = "wa4398_3"; //yourusername
$db_pass = "XXXXXXXXX"; //thepasswordforyouruser
$db_name = "wa4398_db3"; //thenameofthedatabase


/*MYSQLDATABASECONNECTION/ TRACKINGFUNCTIONS
--------------------------------------*/
// connecttodatabase
$dbh = mysql_connect ($db_hostname, $db_username, $db_pass) ordie ('Icannotconnecttothedatabasebecause: ' . mysql_error());
mysql_select_db ($db_name);



//forsecurity, htmlisnotallowed, sobbcodeisusedforformatting

//START3rdPARTYCODE: Ididnotwritethis
/************************************************/
/* BBCodev1.0a */
/* Date: 03/2003 */
/* */
/* Asimpleandeffectivescriptthat */
/* allowsyoutoimplementbbcodetype */
/* behaviouronyourphpwebsite. */
/* */
/* Contact: bbcode@netgem.freeserve.co.uk */
/* */
/* Usage: */
/* */
/* Putthefollowinglineatthetopof */
/* thepageyouwanttohavethebbocde */
/* in...(assumesbothpagesareinthe */
/* folder */
/* */
/* include("bbCode.php"); */
/* */
/* Passthetexttothefunction: */
/* */
/* $mytext = BBCode("This is my BBCODE"); */
/* or */
/* $mytext = "This is my text"; */
/* $mytext = BBCode($mytext); */
/* */
/* echo $mytext; */
/* */
/************************************************/
?>
<styletype="text/css">
<!--
body {
font-family: Verdana, Arial, Helvetica, sans-serif;
font-size: 12px;
}

.bold {
font-weight: bold;
}

.italics {
font-style: italic;
}

.underline {
text-decoration: underline;
}

.strikethrough {
text-decoration: line-through;
}

.overline {
text-decoration: overline;
}

.sized {
text-size:
}

.quotecodeheader {
font-family: Verdana, arial, helvetica, sans-serif;
font-size: 12px;
font-weight: bold;
}

.codebody {
background-color: #FFFFFF;
font-family: Couriernew, courier, mono;
font-size: 12px;
color: #006600;
border: 1pxsolid#BFBFBF;
}

.quotebody {
background-color: #FFFFFF;
font-family: Couriernew, courier, mono;
font-size: 12px;
color: #660002;
border: 1pxsolid#BFBFBF;
}

.listbullet {
list-style-type: disc;
list-style-position: inside;
}

.listdecimal {
list-style-type: decimal;
list-style-position: inside;
}

.listlowerroman {
list-style-type: lower-roman;
list-style-position: inside;
}

.listupperroman {
list-style-type: upper-roman;
list-style-position: inside;
}

.listloweralpha {
list-style-type: lower-alpha;
list-style-position: inside;
}

.listupperalpha {
list-style-type: upper-alpha;
list-style-position: inside;
}
-->
</style>









<?php
//Localcopy

functionBBCode($Text)
{
// ReplaceanyhtmlbracketswithHTMLEntitiestopreventexecutingHTMLorscript
// Don'tusestrip_tagsherebecauseitbreaks [url] searchbyreplacing & withamp
$Text = str_replace("<", "&lt;", $Text);
$Text = str_replace(">", "&gt;", $Text);



// SetuptheparametersforaURLsearchstring
$URLSearchString = " a-zA-Z0-9\:\/\-\?\&\.\=\_\~\#\'";
// SetuptheparametersforaMAILsearchstring
$MAILSearchString = $URLSearchString . " a-zA-Z0-9\.@";

//NonBBURLSearch
//$Text = eregi_replace("([[:alnum:]]+)://([^[:space:]]*)([[:alnum:]#?/&=])", "<a href=\"\\1://\\2\\3\" target=\"_blank\" target=\"_new\">\\1://\\2\\3</a>", $Text);
//$Text = eregi_replace("(([a-z0-9_]|\\-|\\.)+@([^[:space:]]*)([[:alnum:]-]))", "<a href=\"mailto:\\1\" target=\"_new\">\\1</a>", $Text);
if (substr($Text,0, 7) == "http://"){
$Text = eregi_replace("([[:alnum:]]+)://([^[:space:]]*)([[:alnum:]#?/&=])", "<a href=\"\\1://\\2\\3\">\\1://\\2\\3</a>", $Text);
// Convertnewlinecharstohtml<br /> tags
$Text = nl2br($Text);
} else {
// Perform URL Search
$Text = preg_replace("/\[url\]([$URLSearchString]*)\[\/url\]/", '<ahref="javascript:go(\'$1\',\'new\')">$1</a>', $Text);
$Text = preg_replace("(\[url\=([$URLSearchString]*)\](.+?)\[/url\])", '<ahref="javascript:go(\'$1\',\'new\')">$2</a>', $Text);
//$Text = preg_replace("(\[url\=([$URLSearchString]*)\]([$URLSearchString]*)\[/url\])", '<ahref="$1"target="_blank">$2</a>', $Text);
// Convert new line chars to html <br /> tags
$Text = nl2br($Text);
}
// Perform MAIL Search
$Text = preg_replace("(\[mail\]([$MAILSearchString]*)\[/mail\])", '<ahref="mailto:$1">$1</a>', $Text);
$Text = preg_replace("/\[mail\=([$MAILSearchString]*)\](.+?)\[\/mail\]/", '<ahref="mailto:$1">$2</a>', $Text);

// Check for bold text
$Text = preg_replace("(\[b\](.+?)\[\/b])is",'<spanclass="bold">$1</span>',$Text);

// Check for Italics text
$Text = preg_replace("(\[i\](.+?)\[\/i\])is",'<spanclass="italics">$1</span>',$Text);

// Check for Underline text
$Text = preg_replace("(\[u\](.+?)\[\/u\])is",'<spanclass="underline">$1</span>',$Text);

// Check for strike-through text
$Text = preg_replace("(\[s\](.+?)\[\/s\])is",'<spanclass="strikethrough">$1</span>',$Text);

// Check for over-line text
$Text = preg_replace("(\[o\](.+?)\[\/o\])is",'<spanclass="overline">$1</span>',$Text);

// Check for colored text
$Text = preg_replace("(\[color=(.+?)\](.+?)\[\/color\])is","<spanstyle=\"color: $1\">$2</span>",$Text);

// Check for sized text
$Text = preg_replace("(\[size=(.+?)\](.+?)\[\/size\])is","<spanstyle=\"font-size: $1px\">$2</span>",$Text);

// Check for list text
$Text = preg_replace("/\[list\](.+?)\[\/list\]/is", '<ulclass="listbullet">$1</ul>' ,$Text);
$Text = preg_replace("/\[list=1\](.+?)\[\/list\]/is", '<ulclass="listdecimal">$1</ul>' ,$Text);
$Text = preg_replace("/\[list=i\](.+?)\[\/list\]/s", '<ulclass="listlowerroman">$1</ul>' ,$Text);
$Text = preg_replace("/\[list=I\](.+?)\[\/list\]/s", '<ulclass="listupperroman">$1</ul>' ,$Text);
$Text = preg_replace("/\[list=a\](.+?)\[\/list\]/s", '<ulclass="listloweralpha">$1</ul>' ,$Text);
$Text = preg_replace("/\[list=A\](.+?)\[\/list\]/s", '<ulclass="listupperalpha">$1</ul>' ,$Text);
$Text = str_replace("
[*]", "<li>", $Text);

// Check for font change text
$Text = preg_replace("(\(.+?)\[\/font\])","<spanstyle=\"font-family: $1;\">$2</span>",$Text);

// Declare the format for [code] layout
$CodeLayout = '<tablewidth="90%"border="0"align="center"cellpadding="0"cellspacing="0">
<tr>
<tdclass="quotecodeheader"> Code:</td>
</tr>
<tr>
<tdclass="codebody">$1</td>
</tr>
</table>';
// Check for [code] text
$Text = preg_replace("/\[code\](.+?)\[\/code\]/is","$CodeLayout", $Text);

// Declare the format for [quote] layout
$QuoteLayout = '<tablewidth="90%"border="0"align="center"cellpadding="0"cellspacing="0">
<tr>
<tdclass="quotecodeheader"> Quote:</td>
</tr>
<tr>
<tdclass="quotebody">$1</td>
</tr>
</table>';

// Check for [code] text

$Text = preg_replace("/\[quote\](.+?)\[\/quote\]/is","$QuoteLayout", $Text);

// Images
// [img]pathtoimage[/img]
$Text = preg_replace("/\[img\](.+?)\[\/img\]/", '<imgsrc="$1">', $Text);

// [img=widthxheight]image source[/img]
$Text = preg_replace("/\[img\=([0-9]*)x([0-9]*)\](.+?)\[\/img\]/", '<imgsrc="$3"height="$2"width="$1">', $Text);

return $Text;
}


//END 3rd PARTY CODE

//quick script to make the data look nice
function formatDate($val)
{
list($date, $time) = explode(" ", $val);
list($year, $month, $day) = explode("-", $date);
list($hour, $minute, $second) = explode (":", $time);
return date("l, m.j.y @ H:ia", mktime($hour, $minute, $second, $month, $day, $year));
}



function getComments($tutid){
//creates a function that can easily be called from any page

//create the css code to make the form look good. You can edit this to change colors, etc:
echo "
<style>
/*COMMENTS
*------------------------------------*/

.postedby {
padding: 00018px;
background: url(images/abullet.gif) no-repeat04px;
}

h3.formtitle {
margin : 0px0px0px0px;
border-bottom: 1pxdotted#ccc;
padding-bottom: 8px;
}

.commentbody {
border-top: 1pxdotted#ccc;
}

/*gray box*/
.submitcomment, #submitcomment, #currentcomments, #rating, .textad {
background-color: #F5F5F5;
border: 1pxdotted#ccc;
padding: 5px;
padding: 5px;
margin: 20px0px0px0px;
}


/*FORMS
*------------------------------------*/

.form {
background-color: #FAFAFA;
border: solid1px#C6C6C6;
padding: 2px;
}

.formtext {
background-color: #FAFAFA;
border: solid1px#C6C6C6;
padding: 2px;
border-bottom: 1pxdotted#ccc
}

.form:hover, .formtext:hover {
background: white;
}

.form:focus, .formtext:focus {
background: white;
border: solid1px#000000;
}

.submit {
background-color: #D3D3D3;
border: solid1px#C6C6C6;
border-right: solid1px#9A9A9A;
border-bottom: solid1px#9A9A9A;
}

.submit:hover, .submit:focus {
background: #EDEDED;
}

html {
border-left: 30pxsolid#222222;
}
input,textarea {
background: #333333;
color: #dddddd;
border: 2pxsolid#555555;
}
.captcha {
border: 2pxdashed: #331111;
background: #110000;
padding: 5px;
}
form {
border: 1pxdashed#551111;
padding: 2px;
}
</style>


";
//fetch all comments from database where the tutorial number is the one you are asking for
$commentquery = mysql_query("SELECT * FROM comments WHERE tutorialid='$tutid' ORDER BY date DESC") or die(mysql_error()); 
//find the number of comments
$commentNum = mysql_num_rows($commentquery);
//create a headline
echo "<divid=\"currentcomments\"class=\"submitcomment\"><h3class=\"formtitle\">Current Comments</h3>\n";
echo $commentNum . " comments so far (<ahref=\"#post\">post your own</a>)\n";
//for each comment in the database in the right category number...
while($commentrow = mysql_fetch_row($commentquery)){
//for security, parse through the bbcode script
//the number corresponds to the column (the message is always stored in column 4
//COUTING STARTS at 0!!!
$commentbb = BBCode($commentrow[4]);
//create the right date format
$commentDate = formatDate($commentrow[6]);

echo "<divclass=\"commentbody\"id=\"$commentrow[0]\">\n
<p>$commentbb</p>\n
<pclass=\"postedby\">Posted by ";
if($commentrow[3]){
echo "<ahref=\"$commentrow[3]\">$commentrow[2]</a> ";
} else {
echo "$commentrow[2] ";
}
echo "on $commentDate | #$commentrow[0]</p>\n
\n</div>";

}
echo "</div>";
}

function submitComments($tutid2,$tuturl){
//a javascript script to make sure all the required fields are filled in
?>
<script language="javascript">

function form_Validator(form)
{

if (form.name.value == "")
{
alert("Please enter your name.");
form.name.focus();
return (false);
}

if (form.message.value == "")
{
alert("Please enter your message.");
form.message.focus();
return (false);
}

return (true);
    }
//-->
</script>



<?php
//createtheformtosubmitcomments
//youcanaddmorefields, butmakesureyouaddthemtothedbtableandthepage, submitcomment.php
echo"
<aname=\"post\"></a>
<divid=\"submitcomment\"class=\"submitcomment\">

<?php
define(\"CAPTCHA_INVERSE\", 1);
include \"captcha.php\";
?>


<formname=\"submitcomment\"method=\"post\"action=\"submitcomment.php\"onSubmit=\" return form_Validator(this)\">
<tablewidth=\"100%\">
<tr>
<thcolspan=\"2\"><h3class=\"formtitle\">Leave your comment:</h3></th>
</tr>
<tr>

<thscope=\"row\"><pclass=\"req\">Name:</p></th>
<td><inputclass=\"form\"tabindex=\"1\"id=\"name\"name=\"name\" /></td>
</tr>
<tr>
<thscope=\"row\"><pclass=\"opt\">Email:</p></th>
<td><inputclass=\"form\"tabindex=\"2\"id=\"email\"name=\"email\" /></td>
</tr>
<tr>

<thscope=\"row\"><pclass=\"opt\">URL:</p></th>
<td><inputclass=\"form\"tabindex=\"3\"id=\"url\"name=\"url\" /></td>
</tr>
<trvalign=\"top\">
<thscope=\"row\"><pclass=\"req\">Comments:</p><br /></th>
<td><textareaclass=\"formtext\"tabindex=\"4\"id=\"message\"name=\"message\"rows=\"10\"cols=\"50\"></textarea></td>
</tr>

<tr><tdwidth=\"50\">&nbsp;</td><tdstyle=\"width: 200px; display: block;\"><divclass=\"captcha\">
<?php
echocaptcha::form();
?>
</div></td></tr>


Note: Emails will not be visible or used in any way, and are not required. Please keep comments relevant. Any content deemed inappropriate or offensive may be edited and/or deleted. </p></tr>







<inputtype=\"hidden\"name=\"tuturl\"value=\"$tuturl\" />
<inputtype=\"hidden\"name=\"tutid2\"value=\"$tutid2\" />
</form>



</div>
";
}
?>

Hi! I did a comparison between inc_rate.php and _test.1.php and the difference I saw was that _test.1.php used this code

$res = captcha::check();
  if (isset($res)) {
     if ($res) {
        $msg = "SUCCESS!!";
     }
     else {
        $msg = "FAILED.";
     }
     for ($n=0; $n<5; $n++) {
        echo "$msg\n";
     }

before captcha::form() was called. I couldn't run inc_rate.php on my localhost because I don't have your database so I couldn't really tell, but that's the only difference I see in the scripts based on what you posted.

Thanks so muc for your help! The basic problem is that the captcha does not show up.

I think there may be an issue with calling a .php file from a .html file when the .php file contains <?php ... ?> within <?php ... ?> .

Should I be concerned that the .php ends in:

";
}
?>


Still very puzzled...

Ohhh now I see... I think I had the same problem before. When you include the php file on an html document, the php script does not get executed. Try converting the html into a php script and see if it works