Hi, I've tried a few tutorials but I just don't understand captcha.. can anyone give me instructions to add it into the below code or add it for me, thanks.
I don't see a CAPTCHA in your code - do you want us to help you *create* it? Is this a code you bought/downloaded from somewhere?
You can start from here: http://pear.php.net/package/Text_CAPTCHA http://www.ejeliot.com/pages/2 http://captcha.megaleecher.net/ Come back here if you need more help, ok?
I created a sample script which incorprates a question type captcha into a form. This is the thread: http://forums.digitalpoint.com/showthread.php?t=229690 For image captchas I use code created by Simon Jervis' php-captcha I keep that in a separate file. I make sure sessions are started in both that file and the form submission file. In the part of the form which includes the captcha looks something olike this: <tr> <p>'.$captchaERR.'</p> <input type="text" name="captcha" value="" size="50" /><br /> <img src="http://localhost/captcha.php" /> Code (markup): The captcha.php script displays an image at that point in the form. The value in the captcha is saved into a session variable. After the user submits the form, their response to the captcha is matched with the one saved in the session variable. If they are the same, the user passed the test, otherwise redisplay the form showing the error.
Here is a nice tutorial I created, don't understand something, just ask: http://www.phptricks.com/lesson.php?id=32 Peace,
This guy (below) claims most CAPTCHAs have important security risks, and his free one is better. ~~~~~~~~~ ~~~~~~~~~ "A lot of CAPTCHAs are secure against OCR attacks, but fail to account for other attacks, such as session re-use and cross-vhost file inclusion on shared servers." http://www.puremango.co.uk/cm_php_captcha_script_113.php ~~~~~ I want to tackle the 'learning curve' on this. Any 'experts' have advice on if his claims are 'valid', and if this free script is 'useful.' Thanks
The puremango implementation is solid. Glancing through the code I did not see where it specifically protects against "session re-use and cross-vhost file inclusion on shared servers". However, I would never discourage you from using it. It is certainly a useful implementation.
you must be looking for your directory, you need to checked which captcha phpld directory scripts are using, i think they are efficient.