PHP mailer with CAPTCHA

Hi guys, I have a old PHP mailer i created a while ago which works like a charm, no problems.
I need to use it now for a project, but i need to incorporate a CAPTCHA to it.

I found a PHP Captcha online, which seems very basic and simple to use...but the mailer doesnt work now....and the captcha doesnt seem to run either.

I tried the demo files i downloaded from the php captcha script im using, and sure enough they work. but when i copy the code to my script, it doesnt work. It refreshes the page like i want it to, but it does this even if i enter the wrong captcha code.?

could someone have a look for me, maybe im missing something really simple?

NOTE::: my mailer code starts from the variables, down to the line opening "thankyou.html" the rest was from the CAPTCHA code.

Code:

<?php session_start(); if( isset($_POST['submit'])) { if( $_SESSION['security_code'] == $_POST['security_code'] && !empty($_SESSION['security_code'] ) ) { // Insert you code for processing the form here, e.g emailing the submission, entering it into a database. $url= 'thankyou.html'; $subject= 'Mammoth Website Enquiry'; $from= 'Mammoth Website'; $today = date('l, jS, F, Y'); $name=$_POST['name']; $email=$_POST['email']; $message=$_POST['message']; $toaddress="info@icgdesigns.site90.com"; $EmailBody =" <html> <head> </head> <body> <font size=\"4\", color=\"#BB0000\" face=\"Arial\"><b>Mammoth Carpet Cleaning</b></font><br><br> <table width=\"100%\" border=\"0px\" cellspacing=\"2px\" cellpadding=\"2px\"> <tr> <td colspan=\"4\"><b>Viewer Contact Details</b></td> </tr> <tr> <td width=\"100\">Name:</td> <td width=\"312\">$name</td> </tr> <tr> <td>Email:</td> <td>$email</td> </tr> </table> <table width=\"100%\" border=\"1px\" cellpadding=\"5px\" cellspacing=\"0px\"> <tr> <td width=\"400px\"> <font size=\"4\", color=\"#666666\" face=\"Arial\"><b><br>Message</b></font> </td> </tr> <tr> <td width=\"400px\"> <font size=\"3\", color=\"#999999\">$message</font> </td> </tr> </table> </body> </html> "; $headers = 'MIME-Version: 1.0' . "\r\n"; $headers .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n"; $headers .= 'From:' .$name. '<'.$email.'>' . "\r\n"; //if(mail($toaddress,$subject,$EmailBody,$headers,"From: ".$name." <".$email.">")){ if(mail($toaddress,$subject,$EmailBody,$headers)){ $name=''; $email=''; $tel=''; $subject=''; $EmailBody=''; echo "<meta http-equiv=\"refresh\" content=\"0;URL=http://www.mammothcarpetcleaning.com.au/thankyou.html\">"; } unset($_SESSION['security_code']); } else { // Insert your code for showing an error message here echo "<meta http-equiv=\"refresh\" content=\"0;URL=http://www.mammothcarpetcleaning.com.au/contact.html\">"; } } else { echo "<meta http-equiv=\"refresh\" content=\"0;URL=http://www.mammothcarpetcleaning.com.au/contact.html\">"; } ?>

Maybe I'm blind but I don't see anything for the captcha in this code. can you post the code that has the captcha and the form in it.

sorry, the captcha code isnt in there, i didnt think it was needed since its working.
anyway, here it is. and the form.

Code:

<?php session_start(); /* * File: CaptchaSecurityImages.php * Author: Simon Jarvis * Copyright: 2006 Simon Jarvis * Date: 03/08/06 * Updated: 07/02/07 * Requirements: PHP 4/5 with GD and FreeType libraries * Link: http://www.white-hat-web-design.co.uk/articles/php-captcha.php * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License * as published by the Free Software Foundation; either version 2 * of the License, or (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details: * http://www.gnu.org/licenses/gpl.html * */ class CaptchaSecurityImages { var $font = 'monofont.ttf'; function generateCode($characters) { /* list all possible characters, similar looking characters and vowels have been removed */ $possible = '23456789bcdfghjkmnpqrstvwxyz'; $code = ''; $i = 0; while ($i < $characters) { $code .= substr($possible, mt_rand(0, strlen($possible)-1), 1); $i++; } return $code; } function CaptchaSecurityImages($width='120',$height='40',$characters='6') { $code = $this->generateCode($characters); /* font size will be 75% of the image height */ $font_size = $height * 0.75; $image = @imagecreate($width, $height) or die('Cannot initialize new GD image stream'); /* set the colours */ $background_color = imagecolorallocate($image, 255, 255, 255); $text_color = imagecolorallocate($image, 20, 40, 100); $noise_color = imagecolorallocate($image, 100, 120, 180); /* generate random dots in background */ for( $i=0; $i<($width*$height)/3; $i++ ) { imagefilledellipse($image, mt_rand(0,$width), mt_rand(0,$height), 1, 1, $noise_color); } /* generate random lines in background */ for( $i=0; $i<($width*$height)/150; $i++ ) { imageline($image, mt_rand(0,$width), mt_rand(0,$height), mt_rand(0,$width), mt_rand(0,$height), $noise_color); } /* create textbox and add text */ $textbox = imagettfbbox($font_size, 0, $this->font, $code) or die('Error in imagettfbbox function'); $x = ($width - $textbox[4])/2; $y = ($height - $textbox[5])/2; imagettftext($image, $font_size, 0, $x, $y, $text_color, $this->font , $code) or die('Error in imagettftext function'); /* output captcha image to browser */ header('Content-Type: image/jpeg'); imagejpeg($image); imagedestroy($image); $_SESSION['security_code'] = $code; } } $width = isset($_GET['width']) ? $_GET['width'] : '120'; $height = isset($_GET['height']) ? $_GET['height'] : '40'; $characters = isset($_GET['characters']) && $_GET['characters'] > 1 ? $_GET['characters'] : '6'; $captcha = new CaptchaSecurityImages($width,$height,$characters); ?>

the form:
mammoth_process.php is the php mailer with captcha posted in the first post.

Code:

<form action="mail/mammoth_process.php" method="post" enctype="multipart/form-data" name="contact_form" id="contact_form"> <tr> <td width="100%"> <span id="sprytextfield3"> <label>Name:*<br /> <input name="name" type="text" class="bodytext" id="name" size="40" maxlength="40" /> <span class="textfieldRequiredMsg"><br />Please enter your name.</span></label> </span></td> </tr> <tr> <td width="100%"> <span id="sprytextfield2"> <label>Email:*<br /> <input name="email" type="text" class="bodytext" id="email" size="40" maxlength="40" /> </label> <span class="textfieldRequiredMsg"><br />Please enter a valid email</span><span class="textfieldInvalidFormatMsg"><br />Invalid format.</span></span></td> </tr> <tr> <td width="100%"> <span id="sprytextfield4"> <label>Subject:*<br /> <input name="subject" type="text" class="bodytext" id="subject" size="40" maxlength="40" /> <span class="textfieldRequiredMsg"><br />Please specify a Subject.</span></label> </span> </td> </tr> <tr> <td width="100%"> <span id="sprytextarea1"> <label>Message:*<br> <textarea name="message" cols="40" rows="10" class="bodytext" id="message"></textarea> <span id="countsprytextarea1"><br /> </span></label> <span class="textareaRequiredMsg"><br />Please enter a message.</span></span></td> </tr> <tr> <td width="100%"> <img src="CaptchaSecurityImages.php?width=100&height=40&characters=5" alt="captcha" /> <br /> <label for="security_code">Security Code: </label> <input id="security_code" name="security_code" type="text" /><br /> </td> </tr> <tr> <td width="100%"> <input type="submit" value="Submit" name="Submit" /> </td> </tr> </form>

Ok, I think the main issue was that you had a piece of code that you // out but it had a { at the end and php still sees that even if it's // out. I helped another person the other day with the same issue of the {.

I also moved your {} brackets around to make it easier to follow where they end the block, I suggest trying to code more like this with the indents of blocks cause it'll make it easier to know where a block starts and ends, in turn easier to diagnose a problem.

Last I am not totally sure where or when you want to unset the session code but you had it between a if and else part which won't work, so I put it inside the if block assuming that if the mail happens you want to unset the code.

So try this and see if it works, obviously I can't verify everything since I am not on your server and can't verify the mail sent and such.

PHP Code:

<?php session_start(); if( isset($_POST['submit'])) { if( $_SESSION['security_code'] == $_POST['security_code'] && !empty($_SESSION['security_code'] ) ) { // Insert you code for processing the form here, e.g emailing the submission, entering it into a database. $url= 'thankyou.html'; $subject= 'Mammoth Website Enquiry'; $from= 'Mammoth Website'; $today = date('l, jS, F, Y'); $name=$_POST['name']; $email=$_POST['email']; $message=$_POST['message']; $toaddress="info@icgdesigns.site90.com"; $EmailBody =" <html> <head> </head> <body> <font size=\"4\", color=\"#BB0000\" face=\"Arial\"><b>Mammoth Carpet Cleaning</b></font><br><br> <table width=\"100%\" border=\"0px\" cellspacing=\"2px\" cellpadding=\"2px\"> <tr> <td colspan=\"4\"><b>Viewer Contact Details</b></td> </tr> <tr> <td width=\"100\">Name:</td> <td width=\"312\">$name</td> </tr> <tr> <td>Email:</td> <td>$email</td> </tr> </table> <table width=\"100%\" border=\"1px\" cellpadding=\"5px\" cellspacing=\"0px\"> <tr> <td width=\"400px\"> <font size=\"4\", color=\"#666666\" face=\"Arial\"><b><br>Message</b></font> </td> </tr> <tr> <td width=\"400px\"> <font size=\"3\", color=\"#999999\">$message</font> </td> </tr> </table> </body> </html> "; $headers = 'MIME-Version: 1.0' . "\r\n"; $headers .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n"; $headers .= 'From:' .$name. '<'.$email.'>' . "\r\n"; //if(mail($toaddress,$subject,$EmailBody,$headers,"From: ".$name." <".$email.">")) if(mail($toaddress,$subject,$EmailBody,$headers)) { $name=''; $email=''; $tel=''; $subject=''; $EmailBody=''; echo "<meta http-equiv=\"refresh\" content=\"0;URL=http://www.mammothcarpetcleaning.com.au/thankyou.html\">"; unset($_SESSION['security_code']); } else { // Insert your code for showing an error message here echo "<meta http-equiv=\"refresh\" content=\"0;URL=http://www.mammothcarpetcleaning.com.au/contact.html\">"; } } else { echo "<meta http-equiv=\"refresh\" content=\"0;URL=http://www.mammothcarpetcleaning.com.au/contact.html\">"; } } ?>

For reference this is the // that had the { in it.

PHP Code:

//if(mail($toaddress,$subject,$EmailBody,$headers,"From: ".$name." <".$email.">")){

Hi Fastsol, thanx for going through the code. Unfortunately its still not working. The php doesnt even redirect after submitting now.

This is giving me such a headache.=(

Does it send the email? At this point the best thing to do is to take out the meta refresh part and echo out something like "mail sent" and then on the next else{} echo something different and again on the last else{}. Then run the script and see what it echos, that will tell you which code block you are ending in and should be able to diagnose from there.

Also it would be better to use the header() in stead of the meta tags. But only change is to that after you get the script to work or you'll get a error saying headers already sent cause of the echo at the end of each if/else.

Here is what I mean to test things:

PHP Code:

if(mail($toaddress,$subject,$EmailBody,$headers)) { $name=''; $email=''; $tel=''; $subject=''; $EmailBody=''; echo "Mail Sent"; unset($_SESSION['security_code']); } else { // Insert your code for showing an error message here echo "Failed number 1"; } } else { echo "Failed number 2"; }

i have actually tried that, changing to echo. and none trigger....hence why i said im getting a headache! =(

got it working

K i managed to get it working. Basically I just took all the code out of the if() statement, replacing it only with mail()
that did the trick. Im guessing the issue was some conflict with the mailer code and if() statement of the captcha.

Along side this, I opted for a contact.php instead of submitting the form information to a external php page. So now the form and mailer is in one page.

but now, i've had a change of heart of what i want to happen if the code entered is wrong. originally i thought to redirect to a error page..but that requires the user to click "back" and re-enter all the details again.
So i thought maybe just show a Alert/Confirm window.
I got a snippet online for a Alert pop-up, which works. Tho the page goes blank once it comes up, and after confirming.

Have you any ideas on how to get the Alert pop up while keeping the page as is? including all the details entered into the form?

PHP Code:

<?php session_start(); if( isset($_POST['Submit'])) { $msg= 'The Security code you have entered is incorrect.'; $url= 'thankyou.html'; $subject= 'Mammoth Website Enquiry'; $from= 'Mammoth Website'; $today = date('l, jS, F, Y'); $name=$_POST['name']; $email=$_POST['email']; $message=$_POST['message']; $toaddress="icgdesigns@yahoo.com"; $EmailBody =" <html> <head> </head> <body> <font size=\"4\", color=\"#BB0000\" face=\"Arial\"><b>Mammoth Carpet Cleaning</b></font><br><br> <table width=\"100%\" border=\"0px\" cellspacing=\"2px\" cellpadding=\"2px\"> <tr> <td colspan=\"4\"><b>Viewer Contact Details</b></td> </tr> <tr> <td width=\"100\">Name:</td> <td width=\"312\">$name</td> </tr> <tr> <td>Email:</td> <td>$email</td> </tr> </table> <table width=\"100%\" border=\"1px\" cellpadding=\"5px\" cellspacing=\"0px\"> <tr> <td width=\"400px\"> <font size=\"4\", color=\"#666666\" face=\"Arial\"><b><br>Message</b></font> </td> </tr> <tr> <td width=\"400px\"> <font size=\"3\", color=\"#999999\">$message</font> </td> </tr> </table> </body> </html> "; $headers = 'MIME-Version: 1.0' . "\r\n"; $headers .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n"; $headers .= 'From:' .$name. '<'.$email.'>' . "\r\n"; if(($_SESSION['security_code'] == $_POST['security_code']) && (!empty($_SESSION['security_code'])) ) { // Insert you code for processing the form here, e.g emailing the submission, entering it into a database. mail($toaddress,$subject,$EmailBody,$headers); unset($_SESSION['security_code']); header( 'Location: http://www.mammothcarpetcleaning.com.au/thankyou.html' ) ; } else { // Insert your code for showing an error message here echo "<script langauge=\"javascript\">alert(\"".$msg."\");</script>"; } } else { ?> <table width="100%" cellspacing="0px" cellpadding="2px"> <form action="form.php" method="POST" enctype="multipart/form-data" name="contact_form" id="contact_form"> <tr> <td width="100%"> <span id="sprytextfield3"> <label>Name:*<br /> <input name="name" type="text" class="bodytext" id="name" size="40" maxlength="40" /> <span class="textfieldRequiredMsg"><br />Please enter your name.</span></label> </span></td> </tr> <tr> <td width="100%"> <span id="sprytextfield2"> <label>Email:*<br /> <input name="email" type="text" class="bodytext" id="email" size="40" maxlength="40" /> </label> <span class="textfieldRequiredMsg"><br />Please enter a valid email</span><span class="textfieldInvalidFormatMsg"><br />Invalid format.</span></span></td> </tr> <tr> <td width="100%"> <span id="sprytextfield4"> <label>Subject:*<br /> <input name="subject" type="text" class="bodytext" id="subject" size="40" maxlength="40" /> <span class="textfieldRequiredMsg"><br />Please specify a Subject.</span></label> </span> </td> </tr> <tr> <td width="100%"> <span id="sprytextarea1"> <label>Message:*<br> <textarea name="message" cols="40" rows="10" class="bodytext" id="message"></textarea> <span id="countsprytextarea1"><br /> </span></label> <span class="textareaRequiredMsg"><br />Please enter a message.</span></span></td> </tr> <tr> <td width="100%"> <table width="300px" cellpadding="0px" cellspacing="0px"> <td align="center"> <img src="CaptchaSecurityImages.php?width=100&height=40&characters=5" alt="captcha" /> </td> <td align="left"> <label for="security_code">Security Code: </label> <br> <input id="security_code" name="security_code" type="text" /><br /> </td> </table> </td> </tr> <tr> <td width="100%"> <input type="submit" value="Submit" name="Submit" /> </td> </tr> </form> </table> <?php } ?>

It goes blank cause you have all your code in cluding the form inside your if (isset ($_POST['submit'])){}, so once it isset everything else disappears except what's in the ending if/else{}, hence your alert message and stuff. Pull your form out of the if{} and then it will show all the time. Then do something like this in the form to retain the fields entered even after posting.

PHP Code:

<input name="email" type="text" class="bodytext" id="email" size="40" maxlength="40" value="<?php echo $email; ?>"/>

if i dont have the isset condition, the else{} will trigger onLoad from the captcha code.
is there another way to get that to work without checking the submit button?

I must not be understanding something with how this captcha works that you are using, cause pulling the table and form out of the if block and putting it below the if(isset) block shouldn't affect anything with the captcha. Just move the table and form below the last } in your code you last posted.

If that doesn't work then I am not sure without totally recreating the whole deal myself and playing more with it. I have used captcha before from http://www.captcha.net/ without any issue.

sorry for the late reply, work is a ***** sometimes =(
I removed the form from the else statement, and it seems to work ok still. Thanx.

the only issue im having is im using a javascript alert box to pop up if the captcha code is wrong, while it works nicely in firefox, in IE it pops up twice.
i had a search online for similar issues but i came up with nothing.
Have you any ideas? ever had this happen before?

Sorry I am not very good at javascript so even if I looked at it I probably won't find the issue. Plus I have not tried to use javascript with a captcha, so I don't even know where to start with that I guess.

thats kool, just thought i'd ask to see if maybe you've run into that issue or have heard of it, cuz i couldnt find anything about it.
its not such a big deal i guess, im hoping the users os IE arent that high =P

Thanx for all your help, much appreciated.