|
Posted by Co on March 8, 2009, 5:15 am
Please log in for more thread options
Hi All,
I'm trying to write a registration page for my website using a
captcha.
On the register.php page the user fills in his credentials and a
security code (captcha).
These are send to register2.php. There an error check is done.
Register2.php checks if all the fields are filled out and if the right
security code was submitted.
When something is wrong he is redirected to register.php.
1. somehow the security code is always wrong, or the $_SESSION
['security_code'] = empty.;
2. when the user is redirected to register.php I get this error
"Warning: session_start() [function.session-start]: Cannot send
session cache limiter - headers already sent".
When I run the captcha code as a seperate example it works but not
embedded in my code.
CaptchaSecurityImages.php
<?php
session_start();
class CaptchaSecurityImages {
var $font = 'monofont.ttf';
function generateCode($characters) {
/* list all possible characters, similar looking
characters and
vowels have been removed */
$possible = '23456789bcdfghjkmnpqrstvwxyz';
$code = '';
$i = 0;
while ($i < $characters) {
$code .= substr($possible, mt_rand(0, strlen
($possible)-1), 1);
$i++;
}
return $code;
}
function CaptchaSecurityImages($width='120',$height='40',
$characters='6') {
show/hide quoted text
$code = $this->generateCode($characters);
/* font size will be 75% of the image height */
$font_size = $height * 0.75;
$image = @imagecreate($width, $height) or die('Cannot
initialize new
GD image stream');
/* set the colours */
$background_color = imagecolorallocate($image, 255,
255, 255);
$text_color = imagecolorallocate($image, 20, 40, 100);
$noise_color = imagecolorallocate($image, 100, 120,
180);
/* generate random dots in background */
for( $i=0; $i<($width*$height)/3; $i++ ) {
imagefilledellipse($image, mt_rand(0,$width),
mt_rand(0,$height),
1, 1, $noise_color);
}
/* generate random lines in background */
for( $i=0; $i<($width*$height)/150; $i++ ) {
imageline($image, mt_rand(0,$width), mt_rand
(0,$height), mt_rand
(0,$width), mt_rand(0,$height), $noise_color);
}
/* create textbox and add text */
show/hide quoted text
$textbox = imagettfbbox($font_size, 0, $this->font,
$code) or die
('Error in imagettfbbox function');
$x = ($width - $textbox[4])/2;
$y = ($height - $textbox[5])/2;
imagettftext($image, $font_size, 0, $x, $y,
$text_color, $this-
show/hide quoted text
>font , $code) or die('Error in imagettftext function');
/* output captcha image to browser */
header('Content-Type: image/jpeg');
imagejpeg($image);
imagedestroy($image);
$_SESSION['security_code'] = $code;
}
}
$width = isset($_GET['width']) ? $_GET['width'] : '120';
$height = isset($_GET['height']) ? $_GET['height'] : '40';
show/hide quoted text
$characters = isset($_GET['characters']) && $_GET['characters'] > 1 ?
$_GET['characters'] : '6';
$captcha = new CaptchaSecurityImages($width,$height,$characters);
show/hide quoted text
?>
Register.php
<?
session_start();
if ($_SESSION['email_address'] != "" ) {
show/hide quoted text
echo "<b>You do not have the appropriate permissions to enter
new
show/hide quoted text
distributors.</b><br><br><br>";
if ( empty( $first_name ) ) {
print "Please login below!";
include 'index.php';
}
} else { echo "
show/hide quoted text
<HTML>
<HEAD>
<title>Sphinx Registreren</title>
show/hide quoted text
*</
show/hide quoted text
td>
</tr>
<tr>
<td align=left valign=top>Achternaam</td>
<td><input name=last_name type=text id=last_name> *</td>
</tr>
<tr>
<td align=left valign=top>E-mail adres</td>
<td><input name=email_address type=text id=email_address> *</td>
</tr>
<tr>
<td align=left valign=top>Gewenste Username</td>
<td><input name=username type=text id=username> *</td>
</tr>
<tr>
<td align=left valign=top>Informatie over jou</td>
<td><textarea name=info id=info></textarea></td></tr>
<tr>
<tr><br>
<td align=left valign=top>Ontvang <strong>Gratis</strong> SMS
bij Nieuws.</td>
<td><input type=checkbox name=sms value='ja'></td></tr>
<tr>
<tr>
<td align=left valign=top>Mobiel nummer</td>
<td><input name=gsm type=text id=gsm><br>(Format +31612345678)</
td></tr>
show/hide quoted text
Velden gemarkeerd met een asterisk (*) zijn verplicht.
show/hide quoted text
</form>
</center>
</body>
</html>
"; } ?>
Register2.php
<?php
// SET ERROR REPORTING
error_reporting(E_ALL ^ E_NOTICE);
date_default_timezone_set('Europe/Paris');
$database_name = "l";
$db_password = "";
$adminemail = "";
$connection = mysql_connect("mysql50-c1.stommen.nl", $database_name ,
$db_password) or die(mysql_error());
$db = mysql_select_db($database_name) or die(mysql_error());
// Define post fields into simple variables
$first_name = $_POST['first_name'];
$last_name = $_POST['last_name'];
$email_address = $_POST['email_address'];
$username = $_POST['username'];
$info = $_POST['info'];
$gsm = $_POST['gsm'];
$sitename = "Sphinx Website";
if (isset($_POST['sms'])) {
$sms = $_POST['sms'];
if ($sms == 'ja') {
$sms = 1;
}
else { $sms = 0;
}
}
/* Lets strip some slashes in case the user entered
any escaped characters. */
$first_name = stripslashes($first_name);
$last_name = stripslashes($last_name);
$email_address = stripslashes($email_address);
$username = stripslashes($username);
$info = stripslashes($info);
$gsm = stripslashes($gsm);
/* Do some error checking on the form posted fields */
if( $_SESSION['security_code'] == $_POST['security_code'] && !empty
($_SESSION['security_code'] ) ) {
unset($_SESSION['security_code']);
} else {
echo "<link rel=\"stylesheet\" href=\"images/style.css
\" type=\"text/
show/hide quoted text
code ingegeven.</
show/hide quoted text
div><br />";
include 'register.php'; // Show the form again!
exit(); // if the error checking has failed, we'll
exit the script!
}
if(empty($_POST['first_name']) || empty($_POST['last_name']) || empty
($_POST['email_address']) || empty($_POST['username']) || empty($_POST
['gsm'])){
echo "<link rel=\"stylesheet\" href=\"images/style.css\" type=
\"text/
show/hide quoted text
css\" />";
if(!$first_name){
show/hide quoted text
echo "<div class=msg>Voornaam is een verplicht veld.
Vul het alsnog
show/hide quoted text
in.</div><br />";
}
if(!$last_name){
show/hide quoted text
echo "<div class=msg>Achternaam is een verplicht veld.
Vul het
show/hide quoted text
alsnog in.</div><br />";
}
if(!$email_address){
show/hide quoted text
echo "<div class=msg>E-mail adres is een verplicht
veld. Vul het
show/hide quoted text
alsnog in.</div><br />";
}
if(!$username){
show/hide quoted text
echo "<div class=msg>Gebruikersnaam is een verplicht
veld. Vul het
show/hide quoted text
alsnog in.</div><br />";
}
if(empty($_POST['gsm'])){
if($_POST['sms'] == 'ja'){
show/hide quoted text
echo "<div class=msg>Vul je mobiele nummer in
om SMS te kunnen
show/hide quoted text
ontvangen.</div><br />";
}
}
session_unset();
session_destroy();
include 'register.php'; // Show the form again!
/* End the error checking and if everything is ok, we'll move
on to
creating the user account */
exit(); // if the error checking has failed, we'll exit the
script!
}
if(preg_match("/^[0-9]$/s", $_POST['gsm']) || preg_match("/^+[0-9]
$/s", $_POST['gsm'])) {
} else {
echo "<link rel=\"stylesheet\" href=\"images/style.css\" type=
\"text/
show/hide quoted text
controleer
show/hide quoted text
het format.</div><br />";
session_unset();
session_destroy();
include 'register.php'; // Show the form again!
exit(); // if the error checking has failed, we'll exit the
script!
}
/* Let's do some checking and ensure that the user's email address or
username
does not exist in the database */
$sql_email_check = mysql_query("SELECT email_address FROM members
WHERE email_address='$email_address'");
$sql_username_check = mysql_query("SELECT username FROM members WHERE
username='$username'");
$email_check = mysql_num_rows($sql_email_check);
$username_check = mysql_num_rows($sql_username_check);
show/hide quoted text
if(($email_check > 0) || ($username_check > 0)){
echo "<link rel=\"stylesheet\" href=\"images/style.css\" type=
\"text/
show/hide quoted text
show/hide quoted text
in onze
show/hide quoted text
database. Gebruik een ander E-mail adres!</div><br />";
unset($email_address);
}
show/hide quoted text
voor in onze
show/hide quoted text
database. Gebruik een andere username!</div><br />";
unset($username);
}
session_unset();
session_destroy();
include 'register.php'; // Show the form again!
exit(); // exit the script so that we do not create this
account!
}
/* Everything has passed both error checks that we have done.
It's time to create the account! */
show/hide quoted text
?>
<HTML>
<HEAD>
<title>Sphinx Registreren</title>
<meta http-equiv="REFRESH" content="5;url=http://
www.stommen.nl/
show/hide quoted text
mylogin.php">
</HEAD>
</HTML>
Marco
| 
XML Sitemap