hello i was wondering if someone could help me please? error.... when i fill out my form and hit send button everything is working just fine,but i noticed when i left off 1 letter from the captcha image the form would still submit so that tells me that the form is not checking if the captcha image has been inputted correctly.was hoping someone could help me sort this out as i have no knowledge on php please. contact.php <?php session_start(); if(isset($_POST["code"])) { if(($_SESSION['captcha_code'] == $_POST['code']) && (!empty($_SESSION['captcha_code'])) ) { //Passed! $captcha_msg=""; }else{ // Not passed 8-( $captcha_msg=""; if(isset($_POST["MM_insert"])){ unset($_POST["MM_insert"]); } if(isset($_POST["MM_update"])){ unset($_POST["MM_update"]); } } } class CaptchaImage { var $font = "verdana.ttf"; function hex_to_dec($hexcolor){ //convert hex hex values to decimal ones $dec_color=array('r'=>hexdec(substr($hexcolor,0,2)),'g'=>hexdec(substr($hexcolor,2,2)),'b'=>hexdec(substr($hexcolor,4,2))); return $dec_color; } function generateCode($characters) { /* list all possible characters, similar looking characters and vowels have been removed */ $possible = '23456789bcdfghjkmnpqrstvwxyz'; $code = ''; $i = 0; while ($i < $characters) { $code .= substr($possible, mt_rand(0, strlen($possible)-1), 1); $i++; } return $code; } function CaptchaImage($width='120',$height='30',$characters='6',$hex_bg_color='FFFFFF',$hex_text_color="FF0000",$hex_noise_color="CC0000", $img_file='captcha.jpg') { $rgb_bg_color=$this->hex_to_dec($hex_bg_color); $rgb_text_color=$this->hex_to_dec($hex_text_color); $rgb_noise_color=$this->hex_to_dec($hex_noise_color); $code = $this->generateCode($characters); /* font size will be 60% of the image height */ $font_size = $height * 0.60; $image = @imagecreate($width, $height) or die('Cannot Initialize new GD image stream'); /* set the colours */ $background_color = imagecolorallocate($image, $rgb_bg_color['r'], $rgb_bg_color['g'],$rgb_bg_color['b']); $text_color = imagecolorallocate($image, $rgb_text_color['r'], $rgb_text_color['g'],$rgb_text_color['b']); $noise_color = imagecolorallocate($image, $rgb_noise_color['r'], $rgb_noise_color['g'],$rgb_noise_color['b']); /* generate random dots in background */ for( $i=0; $i<($width*$height)/3; $i++ ) { imagefilledellipse($image, mt_rand(0,$width), mt_rand(0,$height), 1, 1, $noise_color); } /* generate random lines in background */ for( $i=0; $i<($width*$height)/150; $i++ ) { imageline($image, mt_rand(0,$width), mt_rand(0,$height), mt_rand(0,$width), mt_rand(0,$height), $noise_color); } /* create textbox and add text */ $textbox = imagettfbbox($font_size, 0, $this->font, $code); $x = ($width - $textbox[4])/2; $y = ($height - $textbox[5])/2; imagettftext($image, $font_size, 0, $x, $y, $text_color, $this->font , $code); /* save the image */ imagejpeg($image,$img_file); imagedestroy($image); echo "<img src=\"$img_file?".time()."\" width=\"$width\" height=\"$height\" alt=\"security code\" id=\"captchaImg\">"; $_SESSION['captcha_code'] = $code; } } ?> <?php include('includes/corefuncs.php'); if (function_exists('nukeMagicQuotes')) { nukeMagicQuotes(); } // process the email if (array_key_exists('send', $_POST)) { $to = 'you@youremail.com'; // use your own email address $heading = '**You Have Mail**'; // list expected fields $expected = array('name', 'email', 'subject', 'message', 'code'); // set required fields $required = array('name', 'email', 'subject', 'message', 'code'); // create empty array for any missing fields $missing = array(); // assume that there is nothing suspect $suspect = false; // create a pattern to locate suspect phrases $pattern = '/Content-Type:|Bcc:|Cc:/i'; // function to check for suspect phrases function isSuspect($val, $pattern, &$suspect) { // if the variable is an array, loop through each element // and pass it recursively back to the same function if (is_array($val)) { foreach ($val as $item) { isSuspect($item, $pattern, $suspect); } } else { // if one of the suspect phrases is found, set Boolean to true if (preg_match($pattern, $val)) { $suspect = true; } } } // check the $_POST array and any sub-arrays for suspect content isSuspect($_POST, $pattern, $suspect); if ($suspect) { $mailSent = false; unset($missing); } else { // process the $_POST variables foreach ($_POST as $key => $value) { // assign to temporary variable and strip whitespace if not an array $temp = is_array($value) ? $value : trim($value); // if empty and required, add to $missing array if (empty($temp) && in_array($key, $required)) { array_push($missing, $key); } // otherwise, assign to a variable of the same name as $key elseif (in_array($key, $expected)) { ${$key} = $temp; } } } // validate the email address if (!empty($email)) { // regex to ensure no illegal characters in email address $checkEmail = '/^[^@]+@[^\s\r\n\'";,@%]+$/'; // reject the email address if it doesn't match if (!preg_match($checkEmail, $email)) { array_push($missing, 'email'); } } // go ahead only if not suspect and all required fields OK if (!$suspect && empty($missing)) { // build the message $comments = "Name: $name\n\n"; $comments .= "Email: $email\n\n"; $comments .= "Message: $message"; // limit line length to 70 characters $message = wordwrap($message, 70); // create additional headers $additionalHeaders = 'From: <WebContact>'; if (!empty($email)) { $additionalHeaders .= "\r\nReply-To: $email"; } // send it $mailSent = mail($to, $heading, $comments, $additionalHeaders); if ($mailSent) { // $missing is no longer needed if the email is sent, so unset it unset($missing); } } } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <title>Contact Our Company</title> <link href="assets/formstyle.css" rel="stylesheet" type="text/css" media="screen" /> <style type="text/css"> <!-- .style1 { color: #00FF00; font-weight: bold; font-style: italic; } .style4 {color: #FF0000; font-style: italic; } --> </style> </head> <body> <div id="form-area"> <p> <?php if ($_POST && isset($missing)) { ?> <span class="warning"><em>Please complete the missing item(s) indicated.</em></span></p> <p> <?php } elseif ($_POST && !$mailSent) { ?> <span class="warning"><em>Sorry, there was a problem sending your message. Please try later.</em></span></p> <p> <?php } elseif ($_POST && $mailSent) { ?> <span class="style1">Thank You....Your Message Was Successfully Sent. </span></p> <p> <?php } ?> </p> <form id="feedback" method="post" action=""> <p> <label for="name"><span class="style4">*</span><em> Your Name:</em> <?php if (isset($missing) && in_array('name', $missing)) { ?> <span class="warning"><em>Please Enter Your Name !! </em></span> <?php } ?> </label> <input name="name" id="name" type="text" class="formbox" <?php if (isset($missing)) { echo 'value="'.htmlentities($_POST['name']).'"';} ?> /> </p> <p> <label for="email"><span class="style4">*</span><em> Your E-mail :</em> <?php if (isset($missing) && in_array('email', $missing)) { ?> <span class="warning"><em>Please Enter Your E-mail !! </em></span> <?php } ?> </label> <input name="email" id="email" type="text" class="formbox" <?php if (isset($missing)) { echo 'value="'.htmlentities($_POST['email']).'"';} ?> /> </p> <p> <label for="subject"><span class="style4">*</span><em> Your Subject:</em> <?php if (isset($missing) && in_array('subject', $missing)) { ?> <span class="warning"><em>Please Enter Your Subject !! </em></span> <?php } ?> </label> <input name="subject" id="subject" type="text" class="formbox" <?php if (isset($missing)) { echo 'value="'.htmlentities($_POST['subject']).'"';} ?> /> </p> <p> <label for="message"><span class="style4">*</span><em> Your Message :</em> <?php if (isset($missing) && in_array('message', $missing)) { ?> <span class="warning"><em>Please Enter Your Message !! </em></span> <?php } ?> </label> <textarea name="message" id="message" cols="60" rows="8"><?php if (isset($missing)) { echo htmlentities($_POST['message']); } ?></textarea> </p> <p> <?php $captcha = new CaptchaImage(150,50,5,'FFFFFF','FF0000','999999');?></p> <p> <label for="code"><span class="style4">*</span><em> Type Security Code :</em> <?php if (isset($missing) && in_array('code', $missing)) { ?> <span class="warning"><em>Please Enter Security Code!! </em></span> <?php } ?> </label> <input name="code" id="code" type="text" class="formbox" <?php if (isset($missing)) { echo 'value="'.htmlentities($_POST['code']).'"';} ?> /> <p> <input name="send" id="send" type="submit" value="Send Message" class="button" /> </p> </form> </div> </div> </body> </html> PHP: now i noticed here //Passed! $captcha_msg=""; }else{ // Not passed 8-( $captcha_msg=""; PHP: is probably the error message to be shown but i have it setup like this: <label for="code"><span class="style4">*</span><em> Type Security Code :</em> <?php if (isset($missing) && in_array('code', $missing)) { ?> <span class="warning"><em>Please Enter Security Code!! </em></span> <?php } ?> </label> <input name="code" id="code" type="text" class="formbox" <?php if (isset($missing)) { echo 'value="'.htmlentities($_POST['code']).'"';} ?> /> PHP: that is probably why it's not checking if the actual code has been filled in correctly. or i may be completely off page.was hoping someone could lend a hand. if you see my script above all my error messages look great on page so i was trying to do the same for my captcha but no doubt a messed it up. yours hopefully Brett