validate captcha in a classic "input form action"

#1
bonjour,

i have no answer from french social forum so i come to this international forum :

i have a captcha.php (works well) :

<?php
session_start();
$_SESSION['captcha'] = mt_rand(1000,9999);
$[/contents/391-fichier-img img] = imagecreate(65,35);
$font = 'fonts/OldeEnglish.ttf';
$bg = imagecolorallocate($img, 0, 255, 255);
$textcolor = imagecolorallocate($img, 255, 0, 0);
imagettftext($img, 23, 0, 3, 30, $textcolor, $font, $_SESSION['captcha']);
header('Content-type:image/jpeg');
imagejpeg($img);
imagedestroy($img);
?>

a index.php with a classic input form action :

<FORM ACTION="https://mysite/index1.php">
<input type="button" value=" i know what you means , i accept this regulation !" style="width: 11.99cm; height: 1cm" onclick="window.open('https://mysite/index1.php', 'exemple', 'height=900, width=1000, top=90, left=350, toolbar=no, menubar=no, location=yes, resizable=yes, scrollbars=yes, status=no');">
</div>
<form action="../../../../Documents/indexredirect.php">
<div align="center">
<input type="button" value="don't be curious REFUSE now" style="width: 10.99cm; height: 2cm" onclick="window.open('http://www.google.com', 'exemple', 'height=600, width=800, top=90, left=350, toolbar=no, menubar=no, location=yes, resizable=yes, scrollbars=yes, status=no');">
</div>
</form>


the captcha condition (work well too) :
<?php
session_start();
if(isset($_POST['captcha'])) {
if($_POST['captcha'] == $_SESSION['captcha']) {
echo "captch valide !";
} else {
echo "captcha invalide ... !";
}
}
?>
<form method ="POST">
<img src="captcha.php" />
<input type="text" name="captcha" />
<input type="submit" />
</form>

My problem is how integrated for validated captch AND validated this input form action for go in index1.php safely ?

my knowledge in php is limited , so thanks for a simple answer asap
mr t.c
 

Mark Miller

2Captcha Engineer
#3
Hi!
The forum is mostly related to captcha bypassing, but you're looking for help in installing the captcha on your website.
Actually the solution you're using looks really insecure as it's generates a simple image that can be easily recognized.

Anyway it looks like your code stores the text from the captcha in $_SESSION['captcha'] and you have a condition that compares this value with the value from input $_POST['captcha'].
For example, if your captcha is shown on index.php and then you're submitting form to index1.php - you got to place the the captcha condition in your index1.php and if the captcha is validated - you can render a page (or whatever the user should normally get on index1.php), and if captcha is not validated, for example, you can redirect him back to index.php.
 
#4
bonjour,

Thanks a lot , your speaking fit perfectly my understanding .

---------------------------------------------------------------------------------------

In other words thanks fo your consideration Mark Miller !

mr t-c