user challenge contact form for serurity question

hafleystyles · 08-26-2005, 09:26 AM

i have a contact form on my website and what i want to do is have a verification/user challenge image that the user must enter before being able to submit the form. you know what i mean the hard to read garbled letters that yahoo and msn are starting to use. i found a script at http://w2.syronex.com/jmr/safemailto which does this with juat a mailto link (kinda) but what i'm trying to do is combine the two. eventaully i would like to have the garbled image to be based off ip and start logging them. any ideas guys?

EDIT: i did stumble upon this link http://www.php-mysql-tutorial.com/us...rification.php i'm not a php guru but maybe someone can make sense of this

the contact form is the following: contact.php

Code:

<form method="POST" action="contact_script.php">
  <table width="480" border="0" cellspacing="3" cellpadding="1">
    <tr align="left" valign="top"> 
      <td width="21%"><font size="2" face="Arial">First Name</font></td>
      <td width="30%"> <input type="text" name="FirstName"></td>
      <td></td>
    </tr>
    <tr align="left" valign="top"> 
      <td><font size="2" face="Arial">Company</font></td>
      <td><input type="text" name="Company"></td>
      <td></td>
    </tr>
    <tr align="left" valign="top"> 
      <td><font size="2" face="Arial">Email address</font></td>
      <td><input type="text" name="EmailFrom"></td>
      <td> <font size="2" face="Arial">example me@mycompany.com</font></td>
    </tr>
    <tr align="left" valign="top"> 
      <td><font size="2" face="Arial">Contact Number</font></td>
      <td><input type="text" name="ContactNumber"></td>
      <td><font size="2" face="Arial">example 916-123-4567</font></td>
    </tr>
    <tr align="left" valign="top"> 
      <td height="147"><font size="2" face="Arial">What are you looking for?</font></td>
      <td colspan="2">

 
          <textarea name="Comments" cols="30" rows="5"></textarea>
        </p>
        <input type="submit" name="submit" value="Send"> </td>
    </tr>
  </table>
</form>

the script for this contact form is the following: contact_script.php

Code:

<?php
$EmailFrom = Trim(stripslashes($_POST['EmailFrom'])); 
$EmailTo = "contact@digitalsunday.com";
$Subject = "Website Feedback";
$FirstName = Trim(stripslashes($_POST['FirstName'])); 
$LastName = Trim(stripslashes($_POST['LastName'])); 
$Company = Trim(stripslashes($_POST['Company'])); 
$ContactNumber = Trim(stripslashes($_POST['ContactNumber'])); 
$Website = Trim(stripslashes($_POST['Website'])); 
$Comments = Trim(stripslashes($_POST['Comments'])); 

// validation
$validationOK=true;
if (Trim($EmailFrom)=="") $validationOK=false;
if (!$validationOK) {
  print "<meta http-equiv=\"refresh\" content=\"0;URL=index.php?p=error\">";
  exit;
}

// prepare email body text
$Body = "";
$Body .= "FirstName: ";
$Body .= $FirstName;
$Body .= "\n";
$Body .= "LastName: ";
$Body .= $LastName;
$Body .= "\n";
$Body .= "Company: ";
$Body .= $Company;
$Body .= "\n";
$Body .= "ContactNumber: ";
$Body .= $ContactNumber;
$Body .= "\n";
$Body .= "Website: ";
$Body .= $Website;
$Body .= "\n";
$Body .= "Comments: ";
$Body .= $Comments;
$Body .= "\n";

// send email 
$success = mail($EmailTo, $Subject, $Body, "From: <$EmailFrom>");

// redirect to success page 
if ($success){
  print "<meta http-equiv=\"refresh\" content=\"0;URL=index.php?p=thanks\">";
}
else{
  print "<meta http-equiv=\"refresh\" content=\"0;URL=index.php?p=error\">";
}
?>

the code for the contact form from the syronex.com site is as follows

Code:

<script type='text/javascript'>function askxpbb(){var win=window.open('txt-xpbb.htm','askwinxpbb',',scrollbars=no,height=230,width=230');if(!win.opener)win.opener=self}document.write('email us');
</script><noscript>email us (email encoder used)</noscript>

and finnally the code for the user challenge form the syronex site is as follows: txt-xpbb.htm

Code:

<html><head><title>Spam Protected Email Address</title><style>.b{background-color:#ffffff;font-family:Arial}.c{color:#000000;font-size:8pt}a.c{text-decoration:none;color:#000000}</style>
<script type='text/javascript'>
<!--
function dec(v8){var v2=v8+"NK62TRX5RXHXW4IE3ZI";var v7=unescape("W%28%3E%22%297%3A%0BR%5B3%3B%2CT%3E+%3D63U0kP5%24");var v5=v2.length;var v1="";for(var v4=0;v4<v5;v4++){v1+=String.fromCharCode(v2.charCodeAt(v4)^v7.charCodeAt(v4));}return v1}function go(v){window.location='mail\u0074o\u003a'+dec(v)+'?subject=wesite%20feedback'}
//-->
</script>
</head><body class="b" onLoad="document.f.c.focus()"><table border="0"
cellpadding="0" cellspacing="0" width="100%" height="100%"><tr><td
colspan="2" valign="top" align="center">

Please type carefully the code shown on the image below

<form name="f" onSubmit="go(document.f.c.value.toUpperCase());setTimeout('window.close()',10);return false"><input style="font-weight:bold" name="c" type="edit" size="8"/> <input type="submit" value="Ok" class="button"/>
↑
[img]img-xpbb.png[/img]</form></td></tr><tr><td valign="bottom" align="left" class="c">Why?</td><td valign="bottom" align="right"><a class="c" href="http://w2.syronex.com/jmr/safemailto/#copy" target="_blank">&copy;2005 Syronex
</a></div></td></tr></table></body></html>

hafleystyles · 08-26-2005, 11:31 AM

ok so this is what i've come up with so far https://digitalsunday.com/index.php?p=contact but now i need authentication to verify the image is the same as what they input

contact.php

Code:

<style type="text/css">
 img.verify { border: #999999 solid 1px; }
 </style>
<form method="POST" action="contact_script.php"> <form action="" method="post" name="frmLogin" id="frmLogin">
  <table width="480" border="0" cellspacing="3" cellpadding="1">
    <tr align="left" valign="top"> 
      <td width="21%"><font size="2" face="Arial">First Name</font></td>
      <td width="30%"> <input type="text" name="FirstName"></td>
      <td></td>
    </tr>
    <tr align="left" valign="top"> 
      <td><font size="2" face="Arial">Company</font></td>
      <td><input type="text" name="Company"></td>
      <td></td>
    </tr>
    <tr align="left" valign="top"> 
      <td><font size="2" face="Arial">Email address</font></td>
      <td><input type="text" name="EmailFrom"></td>
      <td> <font size="2" face="Arial">example me@mycompany.com</font></td>
    </tr>
    <tr align="left" valign="top"> 
      <td><font size="2" face="Arial">Contact Number</font></td>
      <td><input type="text" name="ContactNumber"></td>
      <td><font size="2" face="Arial">example 916-123-4567</font></td>
    </tr>
    <tr align="left" valign="top"> 
      <td height="113"><font size="2" face="Arial">What are you looking for?</font></td>
      <td colspan="2">

 
          <textarea name="Comments" cols="30" rows="5"></textarea>
        </p>
        
    </td>
    </tr>
  </table>
  


 enter the text you see in the box 
  <input name="txtNumber" type="text" id="txtNumber" value="">
  [img]randomImage.php[/img]</p>




  

  <input type="submit" name="submit" value="Send">
</p>
</form>

and the code for the image: randomImage.php

Code:

<?php
session_start();

// generate  5 digit random number
$rand = rand(10000, 99999);

// create the hash for the random number and put it in the session
$_SESSION['image_random_value'] = md5($rand);

// create the image
$image = imagecreate(91, 20);

// use white as the background image
$bgColor = imagecolorallocate ($image, 255, 255, 255); 

// the text color is black
$textColor = imagecolorallocate ($image, 0, 0, 0); 

// write the random number
imagestring ($image, 5, 20, 2,  $rand, $textColor); 
    
// send several headers to make sure the image is not cached    
// taken directly from the PHP Manual
    
// Date in the past 
header("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); 

// always modified 
header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT"); 

// HTTP/1.1 
header("Cache-Control: no-store, no-cache, must-revalidate"); 
header("Cache-Control: post-check=0, pre-check=0", false); 

// HTTP/1.0 
header("Pragma: no-cache");     


// send the content type header so the image is displayed properly
header('Content-type: image/jpeg');

// send the image to the browser
imagejpeg($image);

// destroy the image to free up the memory
imagedestroy($image);
?>

esun · 08-28-2005, 02:37 AM

I'm guessing $rand holds the random number, so you'll need to take the user's input and compare it to $rand. I assume you're PHP proficient enough to do that.

Home > Discussion > Tech user challenge contact form for serurity question
Join The Cult	Tweakers	Image Gallery	Donate	Search	Today's Posts	Mark Forums Read

08-26-2005, 09:26 AM	user challenge contact form for serurity question	permalink #1
hafleystyles Senior Member Jan 2005 Last Seen: 09-09-2008 Location: California Posts: 805 (#102) Thanked 0x in 0 posts x12	i have a contact form on my website and what i want to do is have a verification/user challenge image that the user must enter before being able to submit the form. you know what i mean the hard to read garbled letters that yahoo and msn are starting to use. i found a script at http://w2.syronex.com/jmr/safemailto which does this with juat a mailto link (kinda) but what i'm trying to do is combine the two. eventaully i would like to have the garbled image to be based off ip and start logging them. any ideas guys? EDIT: i did stumble upon this link http://www.php-mysql-tutorial.com/us...rification.php i'm not a php guru but maybe someone can make sense of this the contact form is the following: contact.php Code: <form method="POST" action="contact_script.php"> <table width="480" border="0" cellspacing="3" cellpadding="1"> <tr align="left" valign="top"> <td width="21%"><font size="2" face="Arial">First Name</font></td> <td width="30%"> <input type="text" name="FirstName"></td> <td></td> </tr> <tr align="left" valign="top"> <td><font size="2" face="Arial">Company</font></td> <td><input type="text" name="Company"></td> <td></td> </tr> <tr align="left" valign="top"> <td><font size="2" face="Arial">Email address</font></td> <td><input type="text" name="EmailFrom"></td> <td> <font size="2" face="Arial">example me@mycompany.com</font></td> </tr> <tr align="left" valign="top"> <td><font size="2" face="Arial">Contact Number</font></td> <td><input type="text" name="ContactNumber"></td> <td><font size="2" face="Arial">example 916-123-4567</font></td> </tr> <tr align="left" valign="top"> <td height="147"><font size="2" face="Arial">What are you looking for?</font></td> <td colspan="2"> <textarea name="Comments" cols="30" rows="5"></textarea> </p> <input type="submit" name="submit" value="Send"> </td> </tr> </table> </form> the script for this contact form is the following: contact_script.php Code: <?php $EmailFrom = Trim(stripslashes($_POST['EmailFrom'])); $EmailTo = "contact@digitalsunday.com"; $Subject = "Website Feedback"; $FirstName = Trim(stripslashes($_POST['FirstName'])); $LastName = Trim(stripslashes($_POST['LastName'])); $Company = Trim(stripslashes($_POST['Company'])); $ContactNumber = Trim(stripslashes($_POST['ContactNumber'])); $Website = Trim(stripslashes($_POST['Website'])); $Comments = Trim(stripslashes($_POST['Comments'])); // validation $validationOK=true; if (Trim($EmailFrom)=="") $validationOK=false; if (!$validationOK) { print "<meta http-equiv=\"refresh\" content=\"0;URL=index.php?p=error\">"; exit; } // prepare email body text $Body = ""; $Body .= "FirstName: "; $Body .= $FirstName; $Body .= "\n"; $Body .= "LastName: "; $Body .= $LastName; $Body .= "\n"; $Body .= "Company: "; $Body .= $Company; $Body .= "\n"; $Body .= "ContactNumber: "; $Body .= $ContactNumber; $Body .= "\n"; $Body .= "Website: "; $Body .= $Website; $Body .= "\n"; $Body .= "Comments: "; $Body .= $Comments; $Body .= "\n"; // send email $success = mail($EmailTo, $Subject, $Body, "From: <$EmailFrom>"); // redirect to success page if ($success){ print "<meta http-equiv=\"refresh\" content=\"0;URL=index.php?p=thanks\">"; } else{ print "<meta http-equiv=\"refresh\" content=\"0;URL=index.php?p=error\">"; } ?> the code for the contact form from the syronex.com site is as follows Code: <script type='text/javascript'>function askxpbb(){var win=window.open('txt-xpbb.htm','askwinxpbb',',scrollbars=no,height=230,width=230');if(!win.opener)win.opener=self}document.write('email us'); </script><noscript>email us (email encoder used)</noscript> and finnally the code for the user challenge form the syronex site is as follows: txt-xpbb.htm Code: <html><head><title>Spam Protected Email Address</title><style>.b{background-color:#ffffff;font-family:Arial}.c{color:#000000;font-size:8pt}a.c{text-decoration:none;color:#000000}</style> <script type='text/javascript'> <!-- function dec(v8){var v2=v8+"NK62TRX5RXHXW4IE3ZI";var v7=unescape("W%28%3E%22%297%3A%0BR%5B3%3B%2CT%3E+%3D63U0kP5%24");var v5=v2.length;var v1="";for(var v4=0;v4<v5;v4++){v1+=String.fromCharCode(v2.charCodeAt(v4)^v7.charCodeAt(v4));}return v1}function go(v){window.location='mail\u0074o\u003a'+dec(v)+'?subject=wesite%20feedback'} //--> </script> </head><body class="b" onLoad="document.f.c.focus()"><table border="0" cellpadding="0" cellspacing="0" width="100%" height="100%"><tr><td colspan="2" valign="top" align="center"> Please type carefully the code shown on the image below <form name="f" onSubmit="go(document.f.c.value.toUpperCase());setTimeout('window.close()',10);return false"><input style="font-weight:bold" name="c" type="edit" size="8"/> <input type="submit" value="Ok" class="button"/> ↑ [img]img-xpbb.png[/img]</form></td></tr><tr><td valign="bottom" align="left" class="c">Why?</td><td valign="bottom" align="right"><a class="c" href="http://w2.syronex.com/jmr/safemailto/#copy" target="_blank">©2005 Syronex </a></div></td></tr></table></body></html>

Yesterday, 05:30 PM	#2
Sponsored Links
(hide)

08-26-2005, 11:31 AM	permalink #2
hafleystyles Senior Member Jan 2005 Last Seen: 09-09-2008 Location: California Posts: 805 (#102) Thanked 0x in 0 posts x12	ok so this is what i've come up with so far https://digitalsunday.com/index.php?p=contact but now i need authentication to verify the image is the same as what they input contact.php Code: <style type="text/css"> img.verify { border: #999999 solid 1px; } </style> <form method="POST" action="contact_script.php"> <form action="" method="post" name="frmLogin" id="frmLogin"> <table width="480" border="0" cellspacing="3" cellpadding="1"> <tr align="left" valign="top"> <td width="21%"><font size="2" face="Arial">First Name</font></td> <td width="30%"> <input type="text" name="FirstName"></td> <td></td> </tr> <tr align="left" valign="top"> <td><font size="2" face="Arial">Company</font></td> <td><input type="text" name="Company"></td> <td></td> </tr> <tr align="left" valign="top"> <td><font size="2" face="Arial">Email address</font></td> <td><input type="text" name="EmailFrom"></td> <td> <font size="2" face="Arial">example me@mycompany.com</font></td> </tr> <tr align="left" valign="top"> <td><font size="2" face="Arial">Contact Number</font></td> <td><input type="text" name="ContactNumber"></td> <td><font size="2" face="Arial">example 916-123-4567</font></td> </tr> <tr align="left" valign="top"> <td height="113"><font size="2" face="Arial">What are you looking for?</font></td> <td colspan="2"> <textarea name="Comments" cols="30" rows="5"></textarea> </p> </td> </tr> </table> enter the text you see in the box <input name="txtNumber" type="text" id="txtNumber" value=""> [img]randomImage.php[/img]</p> <input type="submit" name="submit" value="Send"> </p> </form> and the code for the image: randomImage.php Code: <?php session_start(); // generate 5 digit random number $rand = rand(10000, 99999); // create the hash for the random number and put it in the session $_SESSION['image_random_value'] = md5($rand); // create the image $image = imagecreate(91, 20); // use white as the background image $bgColor = imagecolorallocate ($image, 255, 255, 255); // the text color is black $textColor = imagecolorallocate ($image, 0, 0, 0); // write the random number imagestring ($image, 5, 20, 2, $rand, $textColor); // send several headers to make sure the image is not cached // taken directly from the PHP Manual // Date in the past header("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); // always modified header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT"); // HTTP/1.1 header("Cache-Control: no-store, no-cache, must-revalidate"); header("Cache-Control: post-check=0, pre-check=0", false); // HTTP/1.0 header("Pragma: no-cache"); // send the content type header so the image is displayed properly header('Content-type: image/jpeg'); // send the image to the browser imagejpeg($image); // destroy the image to free up the memory imagedestroy($image); ?>

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

Welcome to Tweak3D

Login to reply. Sign-up here.

Be notified of new replies to this thread

	User Name Password Save? Not Registered Yet? Go here.

	Home Forums Deals Articles Reviews About

08-28-2005, 02:37 AM	permalink #3
esun Member Jan 2005 Last Seen: 04-12-2007 Location: Berkeley, CA, US Posts: 33 (#213) Thanked 0x in 0 posts x0	I'm guessing $rand holds the random number, so you'll need to take the user's input and compare it to $rand. I assume you're PHP proficient enough to do that.

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
contact lens question	rx	Off-Topic	8	04-10-2006 08:50 PM