Skip navigation
streetwitch
Currently Being Moderated

php problem

Jan 20, 2014 8:52 AM

I created this page using Dreamweaver, and following a php tutorial (thanks, David Powers).  I'm not at all experienced with writing php and have run into problems trying to incorporate a recaptcha spam check.  I've used the check successfully with forms which call a separate script, but need to incorporate the code on the actual page in this case and can't get it to work.

 

Can anyone help?

 

Here's the page:  http://www.ukcountryradio.com/vote_artist2.php

 

And here's the php - I've included all of it so there's quite a lot...  The page works correctly apart from the recaptcha check.

 

Thanks,

 

SW

 

 

<?php require_once('Connections/ukcr.php'); ?>

<?php

if (!function_exists("GetSQLValueString")) {

function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "")

{

  if (PHP_VERSION < 6) {

    $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;

  }

 

  $theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);

 

  switch ($theType) {

    case "text":

      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";

      break;   

    case "long":

    case "int":

      $theValue = ($theValue != "") ? intval($theValue) : "NULL";

      break;

    case "double":

      $theValue = ($theValue != "") ? doubleval($theValue) : "NULL";

      break;

    case "date":

      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";

      break;

    case "defined":

      $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;

      break;

  }

  return $theValue;

}

}

 

mysql_select_db($database_ukcr, $ukcr);

$today = date('l');

$query_schedules = "SELECT `day`, `time`, short_title, presenter FROM schedules WHERE day='{$today}' AND time > '0700' ORDER BY time, short_title ASC";

$schedules = mysql_query($query_schedules, $ukcr) or die(mysql_error());

$row_schedules = mysql_fetch_assoc($schedules);

$totalRows_schedules = mysql_num_rows($schedules);

 

$errorurl = "http://www.ukcountryradio.com/error.php" ;

$my_recaptcha_private_key = '6LdAFb0SAAAAAP5qTVqEAfoycaImqp7-koT8tWlK' ;

 

$editFormAction = $_SERVER['PHP_SELF'];

if (isset($_SERVER['QUERY_STRING'])) {

  $editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']);

}

 

if (strlen( $my_recaptcha_private_key )) {

                require_once( 'recaptchalib.php' );

                $resp = recaptcha_check_answer ( $my_recaptcha_private_key, $_SERVER['REMOTE_ADDR'], $_POST['recaptcha_challenge_field'], $_POST['recaptcha_response_field'] );

}

 

if ((isset($_POST["MM_insert"])) && ($_POST["MM_insert"] == "vote_artist")) {

  $insertSQL = sprintf("INSERT INTO vote_artist (`name`, `email`, artist, REMOTE_ADDR) VALUES (%s, %s, %s, %s)",

GetSQLValueString($_POST['name'], "text"),

GetSQLValueString($_POST['email'], "text"),

GetSQLValueString($_POST['artist'], "text"),

                                                                                    GetSQLValueString($_SERVER['REMOTE_ADDR'], "text"));

 

mysql_select_db($database_ukcr, $ukcr);

  $Result1 = mysql_query($insertSQL, $ukcr) or die(mysql_error());

 

  $insertGoTo = "vote_thanks_artist.php";

  if (isset($_SERVER['QUERY_STRING'])) {

    $insertGoTo .= (strpos($insertGoTo, '?')) ? "&" : "?";

    $insertGoTo .= $_SERVER['QUERY_STRING'];

  }

header(sprintf("Location: %s", $insertGoTo));

}

?>

 
Replies 1 2 Previous Next
  • Currently Being Moderated
    Jan 20, 2014 10:15 AM   in reply to streetwitch

    I went to your page, cast a vote, and everything appeared to work. What is your problem? Is it that the votes are not being counted? The captcha is working and pointing me to the success your vote has counted page.

     
    |
    Mark as:
  • Currently Being Moderated
    Jan 20, 2014 5:13 PM   in reply to streetwitch

    Nope. FYI I use a hidden text field instead go capcha because IMHO it is more secure and much more friendly than any other system. I have had capcha forms hacked several times. They become a target because it's obvious what kind of protection you are using.

     

    A normal text field moved way off the page by CSS and a standard id type will be filled in by a spambot then some simple php will redirect the bot to a phony thank you page and kill the post at the same time.

     
    |
    Mark as:
  • Currently Being Moderated
    Jan 21, 2014 6:58 AM   in reply to streetwitch

    If you have this CSS -

     

    <style type="text/css">

    #address2 { left:-999px; top:-999px; }

    </style>

     

    And this field in your form -

     

    <input type="text" id="address2" name="address2" value="">

     

    Then the field would be invisibly placed 999px to the left and 999px above the page (use left and above since they won't generate scrollbars). A spam bot will see that field as part of the form, though and will fill it in. SO your PHP would just check to see if the field value is still null, and if it isn't then you must have a bot submission, for example -

     

    <?php

     

    if (array_key_exists('submit', $_POST)) {

     

    if ($_POST['address2'] == '') {

         /* continue with your processing - it's safe */

    } else {

         /* got a bot */

         header("Location: http://www.example.com/botpage.php");

    }

    }

    ?>

     

    Get it?

     
    |
    Mark as:
  • Currently Being Moderated
    Jan 21, 2014 6:59 AM   in reply to MurraySummers

    This code assumes your form has a submit button named "submit"!

     
    |
    Mark as:
  • Currently Being Moderated
    Jan 21, 2014 9:11 AM   in reply to streetwitch

    Good luck!

     
    |
    Mark as:
  • Currently Being Moderated
    Jan 21, 2014 4:44 PM   in reply to MurraySummers

    Murray's code is almost identical to mine. The only difference is that I have a specific time generated hashed placeholder in the text field that css pushes off the page and if 8 seconds have not passed since the page was opened the error is thrown and the bot is sent to a phony thank you page that looks just like the real one. Nobody can fill in the form in less than 10 seconds but a bot will do it in a few milliseconds...

     
    |
    Mark as:
  • Currently Being Moderated
    Jan 22, 2014 6:27 AM   in reply to streetwitch

    This is on an insert page not a 'submit' page, so you can just duplicate the code already there to test if the insert button has been clicked -

     

    if ((isset($_POST["MM_insert"])) && ($_POST["MM_insert"] == "vote_artist")) {

    if ($_POST['address2'] == '') {

         /* continue with your processing - it's safe */

    } else {

         /* got a bot */

         header("Location: http://www.ukcountryradio.com/botpage.php");

    }

    }



     
    |
    Mark as:
  • Currently Being Moderated
    Jan 22, 2014 8:01 AM   in reply to streetwitch

    Using the code already posted :

    <?php

     

    if (array_key_exists('submit', $_POST)) {

     

    //changed this - use isempty() as it will return 0 even if the variable is "" or 0;

    if (isempty($_POST['address2'])) {

        

             /* YOUR CODE GOES HERE -

                this part of the code will only execute if the above is true, or in this case address2 is empty */

     

    } else {

     

         /*BOT CODE : $_POST['address2'] wasn't empty so we have a bot and need to exit/redirrect. */

     

        header("Location: http://www.example.com/botpage.php");

     

    }

    }

    ?>

     
    |
    Mark as:
  • Currently Being Moderated
    Jan 22, 2014 8:05 AM   in reply to streetwitch

    Let's see the PHP you have now, please.

     
    |
    Mark as:
  • Currently Being Moderated
    Jan 22, 2014 8:22 AM   in reply to streetwitch

    Show us your form code, please (the HTML).

     
    |
    Mark as:
  • Currently Being Moderated
    Jan 22, 2014 8:49 AM   in reply to streetwitch

    Change this -

     

    if (array_key_exists('submit', $_POST)) {

    ...everything else to the bottom of the PHP block

     

    to this -

     

    if ((isset($_POST["MM_insert"])) && ($_POST["MM_insert"] == "vote_artist")) {

    /* only executes if form has been submitted */

         if( isempty($_POST['address2'])) {

              /* not a bot */

         } else {

                   /* got a bot */

                   /*BOT CODE : $_POST['address2'] wasn't empty so we have a bot and need to exit/redirect. */

                   header("Location: http://www.ukcountryradio.com/botpage.php");

                   exit();

         }

    $insertSQL = sprintf("INSERT INTO vote_artist (`name`, `email`, artist, REMOTE_ADDR) VALUES (%s, %s, %s, %s)",

                           GetSQLValueString($_POST['name'], "text"),

                           GetSQLValueString($_POST['email'], "text"),

                           GetSQLValueString($_POST['artist'], "text"),

                           GetSQLValueString($_SERVER['REMOTE_ADDR'], "text"));

     

      mysql_select_db($database_ukcr, $ukcr);

      $Result1 = mysql_query($insertSQL, $ukcr) or die(mysql_error());

     

      $insertGoTo = "vote_thanks.php";

      if (isset($_SERVER['QUERY_STRING'])) {

        $insertGoTo .= (strpos($insertGoTo, '?')) ? "&" : "?";

        $insertGoTo .= $_SERVER['QUERY_STRING'];

      }

      header(sprintf("Location: %s", $insertGoTo));

    }

     

    That should work.

     
    |
    Mark as:
  • Currently Being Moderated
    Jan 22, 2014 9:10 AM   in reply to MurraySummers

    if ( isempty ( $_POST['address2'] )) {

              /* not a bot */

    } else {

                   /* got a bot */

                   /*BOT CODE : $_POST['address2'] wasn't empty so we have a bot and need to exit/redirect. */

                   header("Location: http://www.ukcountryradio.com/botpage.php");

                   exit();

    }

     

    If your not going to wrap code inside the IF/ELSE condition it could be inverted to NOT by using - ! - you could then leave out the ELSE statement

     

    //IF address2 is NOT empty

    if ( ! isempty ( $_POST['address2'] )) {

     

      //redirrect the page

      header("Location: http://www.ukcountryradio.com/botpage.php");

     

      //Stop any further PHP from executing, even if the header redirrect doesn't work

      exit();

    }

     

     

    Might be easier to understand whats happening.

     
    |
    Mark as:
  • Currently Being Moderated
    Jan 22, 2014 9:14 AM   in reply to Dsarchy

    Yes.

     
    |
    Mark as:
  • Currently Being Moderated
    Jan 22, 2014 9:37 AM   in reply to MurraySummers

    Just to butt in and confuse mattters why are we placing the field off to the left of the page with css when you could just hide it?

     

    <input type="hidden" id="address2">

     
    |
    Mark as:
  • Currently Being Moderated
    Jan 22, 2014 9:36 AM   in reply to streetwitch

    streetwitch wrote:

     

    Thanks - done, but now its coming up with a fatal error: 

    Fatal error:  Call to undefined function isempty() in /homepages/18/d238009569/htdocs/vote_artist2.php on line 51

     

    Line 51 is:  if( isempty($_POST['address2'])) {

     


    No such thing as 'is' should be:

     

    if(!empty($_POST['address2'])) {

     

    }

     
    |
    Mark as:
  • Currently Being Moderated
    Jan 22, 2014 10:44 AM   in reply to streetwitch

    Try amending the bottom section of the php script to as below. The script should stop running IF address2 form field has been filled out.

     

     

    if(!empty($_POST['address2'])) {

    exit;

    }

    else ((isset($_POST["MM_insert"])) && ($_POST["MM_insert"] == "vote_artist")) {

      $insertSQL = sprintf("INSERT INTO vote_artist (`name`, `email`, artist, REMOTE_ADDR) VALUES (%s, %s, %s, %s)",

    GetSQLValueString($_POST['name'], "text"),

    GetSQLValueString($_POST['email'], "text"),

    GetSQLValueString($_POST['artist'], "text"),

                                                                                         GetSQLValueString($_SERVER['REMOTE_ADDR'], "text"));

     

    mysql_select_db($database_ukcr, $ukcr);

      $Result1 = mysql_query($insertSQL, $ukcr) or die(mysql_error());

     

      $insertGoTo = "vote_thanks_artist.php";

      if (isset($_SERVER['QUERY_STRING'])) {

        $insertGoTo .= (strpos($insertGoTo, '?')) ? "&" : "?";

        $insertGoTo .= $_SERVER['QUERY_STRING'];

      }

    header(sprintf("Location: %s", $insertGoTo));

    }

    ?>

     
    |
    Mark as:
  • Currently Being Moderated
    Jan 22, 2014 10:46 AM   in reply to streetwitch

    streetwitch wrote:

     

    Forgot to say - the address2 field is the unlabelled one at the bottom of the form,

     

    Thanks by the way to everyone for the help with this - its much appreciated,

     

    SW

    Not sure what you mean 'unlabelled' just needs to be:

     

    <input type="text" name="address2">

     

    Then you can hide it once testing is over:

     

    <input type="hidden" name="address2">

     
    |
    Mark as:
  • Currently Being Moderated
    Jan 22, 2014 11:03 AM   in reply to osgood_

    No such thing as 'is' should be:

     

    if(!empty($_POST['address2'])) {

     

    }

    My Bad :3 (java syntax)

     
    |
    Mark as:
  • Currently Being Moderated
    Jan 22, 2014 11:33 AM   in reply to Dsarchy

    Dsarchy wrote:

     

    No such thing as 'is' should be:

     

    if(!empty($_POST['address2'])) {

     

    }

    My Bad :3 (java syntax)

     

    No worries, I have a lot of brain freeze dealing with so many different aspects of web design. I kind of got heavily into jQuery a couple of weeks ago after avoiding it for several years............now I have trouble remembering which syntax to use for which language I'm writing in.

     
    |
    Mark as:
  • Currently Being Moderated
    Jan 23, 2014 2:20 AM   in reply to streetwitch

    Try the below. I've moved the if/else statment further up the php script:

     

     

     

     

    <?php require_once('Connections/ukcr.php'); ?>

     

    <?php

     

    if (!function_exists("GetSQLValueString")) {

     

    function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "")

     

    {

     

      if (PHP_VERSION < 6) {

     

        $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;

     

      }

     

     

     

      $theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);

     

     

     

      switch ($theType) {

     

        case "text":

     

          $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";

     

          break;  

     

        case "long":

     

        case "int":

     

          $theValue = ($theValue != "") ? intval($theValue) : "NULL";

     

          break;

     

        case "double":

     

          $theValue = ($theValue != "") ? doubleval($theValue) : "NULL";

     

          break;

     

        case "date":

     

          $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";

     

          break;

     

        case "defined":

     

          $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;

     

          break;

     

      }

     

      return $theValue;

     

    }

     

    }

     

     

    if (!empty($_POST['address2'])) {

    exit;

    }

    else {

    mysql_select_db($database_ukcr, $ukcr);

     

    $today = date('l');

     

    $query_schedules = "SELECT `day`, `time`, short_title, presenter FROM schedules WHERE day='{$today}' AND time > '0700' ORDER BY time, short_title ASC";

     

    $schedules = mysql_query($query_schedules, $ukcr) or die(mysql_error());

     

    $row_schedules = mysql_fetch_assoc($schedules);

     

    $totalRows_schedules = mysql_num_rows($schedules);

     

     

     

    $errorurl = "http://www.ukcountryradio.com/error.php" ;

     

    $my_recaptcha_private_key = '6LdAFb0SAAAAAP5qTVqEAfoycaImqp7-koT8tWlK' ;

     

     

     

    $editFormAction = $_SERVER['PHP_SELF'];

     

    if (isset($_SERVER['QUERY_STRING'])) {

     

      $editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']);

     

    }

     

     

     

    if (strlen( $my_recaptcha_private_key )) {

     

                    require_once( 'recaptchalib.php' );

     

                    $resp = recaptcha_check_answer ( $my_recaptcha_private_key, $_SERVER['REMOTE_ADDR'], $_POST['recaptcha_challenge_field'], $_POST['recaptcha_response_field'] );

     

    }

     

     

     

    if ((isset($_POST["MM_insert"])) && ($_POST["MM_insert"] == "vote_artist")) {

     

      $insertSQL = sprintf("INSERT INTO vote_artist (`name`, `email`, artist, REMOTE_ADDR) VALUES (%s, %s, %s, %s)",

     

    GetSQLValueString($_POST['name'], "text"),

     

    GetSQLValueString($_POST['email'], "text"),

     

    GetSQLValueString($_POST['artist'], "text"),

     

                                                                                         GetSQLValueString($_SERVER['REMOTE_ADDR'], "text"));

     

     

     

    mysql_select_db($database_ukcr, $ukcr);

     

      $Result1 = mysql_query($insertSQL, $ukcr) or die(mysql_error());

     

     

     

      $insertGoTo = "vote_thanks_artist.php";

     

      if (isset($_SERVER['QUERY_STRING'])) {

     

        $insertGoTo .= (strpos($insertGoTo, '?')) ? "&" : "?";

     

        $insertGoTo .= $_SERVER['QUERY_STRING'];

     

      }

     

    header(sprintf("Location: %s", $insertGoTo));

     

    }

    }

     

    ?>

     
    |
    Mark as:
  • Currently Being Moderated
    Jan 23, 2014 2:38 AM   in reply to osgood_

    Actually the first post should have worked but seems I missed out a couple of braces (see below the text marked  in red)

     

    if(!empty($_POST['address2'])) {

    exit;

    }

    else {

    if ((isset($_POST["MM_insert"])) && ($_POST["MM_insert"] == "vote_artist")) {

      $insertSQL = sprintf("INSERT INTO vote_artist (`name`, `email`, artist, REMOTE_ADDR) VALUES (%s, %s, %s, %s)",

    GetSQLValueString($_POST['name'], "text"),

    GetSQLValueString($_POST['email'], "text"),

    GetSQLValueString($_POST['artist'], "text"),

                                                                                          GetSQLValueString($_SERVER['REMOTE_ADDR'], "text"));

     

    mysql_select_db($database_ukcr, $ukcr);

      $Result1 = mysql_query($insertSQL, $ukcr) or die(mysql_error());

     

      $insertGoTo = "vote_thanks_artist.php";

      if (isset($_SERVER['QUERY_STRING'])) {

        $insertGoTo .= (strpos($insertGoTo, '?')) ? "&" : "?";

        $insertGoTo .= $_SERVER['QUERY_STRING'];

      }

    header(sprintf("Location: %s", $insertGoTo));

    }

    }

    ?>

     
    |
    Mark as:
  • Currently Being Moderated
    Jan 23, 2014 3:06 AM   in reply to streetwitch

    Try the solution posted 2.38 and see if that works. There might be some php scripting above that which you may need. Yes, you can delete the recaptha php code.....I was just trying to find a complete copy of the php and that was from your first post.

     
    |
    Mark as:
  • Currently Being Moderated
    Jan 23, 2014 5:15 AM   in reply to streetwitch

    streetwitch wrote:

     

    No joy I'm afraid - the code is still stopping the script correctly, but neither of the headers are working.  I can see that the original one to the bot page is missing (I'm not sure how to insert it), but can see that the code for the thankyou page is there.  No idea what to do now - can you help?

     

    Thanks, again

     

    Does a record still get inserted into the database if you fill in the required form fields?

     

    But then you don't get redirected to to the thankyou page?

     
    |
    Mark as:
  • Currently Being Moderated
    Jan 23, 2014 5:27 AM   in reply to osgood_

    OK try a differnt approach - the antispam field has been amalgamated with the if statement - see below. Not sure if this will work but give it a go and see what happens. What it is saying now is ' if address2 is empty proceed'. If address2 is not empty it should not process the code between the braces.

     

     

     

    if ((isset($_POST["MM_insert"])) && ($_POST["MM_insert"] == "vote_artist") && (empty($_POST['address2'])) {

     

      $insertSQL = sprintf("INSERT INTO vote_artist (`name`, `email`, artist, REMOTE_ADDR) VALUES (%s, %s, %s, %s)",

     

    GetSQLValueString($_POST['name'], "text"),

     

    GetSQLValueString($_POST['email'], "text"),

     

    GetSQLValueString($_POST['artist'], "text"),

     

                                                                                         GetSQLValueString($_SERVER['REMOTE_ADDR'], "text"));

     

     

     

    mysql_select_db($database_ukcr, $ukcr);

     

      $Result1 = mysql_query($insertSQL, $ukcr) or die(mysql_error());

     

     

     

      $insertGoTo = "vote_thanks_artist.php";

     

      if (isset($_SERVER['QUERY_STRING'])) {

     

        $insertGoTo .= (strpos($insertGoTo, '?')) ? "&" : "?";

     

        $insertGoTo .= $_SERVER['QUERY_STRING'];

     

      }

     

    header(sprintf("Location: %s", $insertGoTo));

     

    }

     

    ?>

     
    |
    Mark as:
  • Currently Being Moderated
    Jan 23, 2014 5:50 AM   in reply to osgood_

    Bum - left a ) off the end see marked in red.

     

    if ((isset($_POST["MM_insert"])) && ($_POST["MM_insert"] == "vote_artist") && (empty($_POST['address2'])))

     

     

     

    So the bottom bit of the script should look like:

     

     

    if ((isset($_POST["MM_insert"])) && ($_POST["MM_insert"] == "vote_artist") && (empty($_POST['address2']))) {

     

      $insertSQL = sprintf("INSERT INTO vote_artist (`name`, `email`, artist, REMOTE_ADDR) VALUES (%s, %s, %s, %s)",

     

    GetSQLValueString($_POST['name'], "text"),

     

    GetSQLValueString($_POST['email'], "text"),

     

    GetSQLValueString($_POST['artist'], "text"),

     

      GetSQLValueString($_SERVER['REMOTE_ADDR'], "text"));

     

     

     

    mysql_select_db($database_ukcr, $ukcr);

     

      $Result1 = mysql_query($insertSQL, $ukcr) or die(mysql_error());

     

     

     

      $insertGoTo = "vote_thanks_artist.php";

     

      if (isset($_SERVER['QUERY_STRING'])) {

     

        $insertGoTo .= (strpos($insertGoTo, '?')) ? "&" : "?";

     

        $insertGoTo .= $_SERVER['QUERY_STRING'];

     

      }

     

    header(sprintf("Location: %s", $insertGoTo));

     

    }

     

    ?>

     

     

     


     
    |
    Mark as:
1 2 Previous Next
Actions

More Like This

  • Retrieving data ...

Bookmarked By (0)

Answers + Points = Status

  • 10 points awarded for Correct Answers
  • 5 points awarded for Helpful Answers
  • 10,000+ points
  • 1,001-10,000 points
  • 501-1,000 points
  • 5-500 points