How to get the "really simple captcha" to work in a simple contact form?

StackOverflow https://stackoverflow.com/questions/21261593

Question

I tried to create a simple contact form according to this tutorial

To avoid spam attacks I tried to combine that contact form with the really simple captcha plugin.

With the following code I'm able to use the shortcode [contact] in any of my pages and the form is displaying BUT there is a problem when checking the captcha.

This is the plugin's code:

function wptuts_get_the_ip() {
    if (isset($_SERVER["HTTP_X_FORWARDED_FOR"])) {
        return $_SERVER["HTTP_X_FORWARDED_FOR"];
    }
    elseif (isset($_SERVER["HTTP_CLIENT_IP"])) {
        return $_SERVER["HTTP_CLIENT_IP"];
    }
    else {
        return $_SERVER["REMOTE_ADDR"];
    }
}
// short code function 
function wptuts_contact_form_sc( $atts ) {     
add_shortcode( 'contact', 'contact_form_shortcode' );

   extract(shortcode_atts(array(
        "email" => get_bloginfo('admin_email'),
        "subject" => '',
        "label_name" => 'Your Name',
        "label_email" => 'Your E-mail Address',
        "label_subject" => 'Your Answer',
        "label_captcha" => 'Captcha',
        "label_submit" => 'Submit',
        "error_empty" => 'Please fill in all the required fields.',
        "error_noemail" => 'Please enter a valid e-mail address.',
        "success" => 'Thanks for your e-mail! We\'ll get back to you as soon as we can.'
    ), $atts));

    $captcha_instance = new ReallySimpleCaptcha(); //imports really simple captcha plugin
    $word = $captcha_instance->generate_random_word();
    $prefix = mt_rand();
    $image= $captcha_instance->generate_image( $prefix, $word );

    if ($_SERVER['REQUEST_METHOD'] == 'POST') {

        $error = false;
        $required_fields = array("your_name", "email", "captcha", "subject");

        foreach ($_POST as $field => $value) {
            if (get_magic_quotes_gpc()) {
                $value = stripslashes($value);
            }
            $form_data[$field] = strip_tags($value);
        }

        foreach ($required_fields as $required_field) {
            $value = trim($form_data[$required_field]);
            if(empty($value)) {
                $error = true;
                $result = $error_empty;
            }
        }

        if(!is_email($form_data['email'])) {
            $error = true;
            $result = $error_noemail;
        }

        if ($error == false) {

            $captcha_text=$form_data['captcha'];                
            $correct = $captcha_instance->check( $prefix, $captcha_text );

            if($correct==TRUE){

                $email_subject = "[" . get_bloginfo('name') . "] " . $form_data['subject'];
                $email_message = $form_data['captcha'] . "\n\nIP: " . wptuts_get_the_ip();
                $headers  = "From: ".$form_data['your_name']." <".$form_data['email'].">\n";
                $headers .= "Content-Type: text/plain; charset=UTF-8\n";
                $headers .= "Content-Transfer-Encoding: 8bit\n";
                wp_mail($email, $email_subject, $email_message, $headers);
                $result = $success;
                $sent = true;
            }
        }
    }

    if($result != "") {
        $info = '<div class="info">'.$result.'</div>';        
    }

    $email_form = '<form class="contact-form" method="post" action="'.get_permalink().'">
        <div>
            <label for="cf_name">'.$label_name.':</label>
            <input type="text" name="your_name" id="cf_name" size="50" maxlength="50" value="'.$form_data['your_name'].'" />
        </div>
        <div>
            <label for="cf_email">'.$label_email.':</label>
            <input type="text" name="email" id="cf_email" size="50" maxlength="50" value="'.$form_data['email'].'" />
        </div>
        <div>
            <label for="cf_subject">'.$label_subject.':</label>
            <input type="text" name="subject" id="cf_subject" size="50" maxlength="50" value="'.$subject.$form_data['subject'].'" />
        </div>
        <div>
            <label for="cf_message">'.$label_captcha.':</label>
            <input type="text" name="captcha" id="cf_message" size="50" maxlength="50" value=""/>
        </div>
        <div id="captcha"><span id="captcha_text">Captcha:</span><img id="captcha_image" src="'.plugins_url("really-simple-captcha/tmp/" . $image) . '" alt="" /></div>
        <div>
            <input type="submit" value="'.$label_submit.'" name="send" id="cf_send" />
        </div>

    </form>';

    if($sent == true) {
        return $info;
    } else {
        return $info.$email_form;
    }
} 
add_shortcode('contact', 'wptuts_contact_form_sc');

// add plugins style to frontend
function prize_game_contact_form() {
wp_register_style('prize_game_contact_form', plugins_url('css/style.css',__FILE__));
wp_enqueue_style('prize_game_contact_form');
}
add_action('wp_enqueue_scripts', 'prize_game_contact_form');

I didn't add $captcha_instance->remove( $prefix ); so far because it works not as it should. It seems that every time I click on the submit button a new word is created and the function $captcha_instance->check() checks if the new word equals the captcha text in the input field but those words doesn't match of course because it's already a new word. I don't understand why a new word is created when clicking on the submit button. Where is the error?

Was it helpful?

Solution

I believe the problem is that you are generating a new $prefix each time the function runs. So there is no way to run the check() or the remove() because the $prefix used on the form is then a new value.

In your form, create a hidden input field with the value of the $prefix being used. So that value is posted with the form. When the function is run the 2nd time after the form post, use the posted $prefix value to do the check() and remove(). That should do it.

Here is a detailed article on how to integrate Really Simple Captcha plugin into your plugin or theme together with the hidden prefix field I just mentioned: http://www.lost-in-code.com/platforms/wordpress/wordpress-plugins/wordpress-using-really-simple-captcha/

Feel free to let me know if you need any assistance.

OTHER TIPS

Are you using Wordpress? Do not try to reinvent the wheel.

Download a free plugin like Contact Form 7 which includes an Ajax powered (doesn't require page refresh) Askimet Spam Filter, plus CAPTCHA system.

  • CAPTCHA works only half as well as it did 3-5 years back.

My advise to you is this:

  • Do not look for simple, but look for what works.

if you're not using WordPress then you might check this simple form & captcha idea - if you can grab out the captcha part that is, captcha has become incredibly complex and over engineered when all it needs to do is differentiate simply between a human and non-human for most purposes.

You must create the variables $word, $prefix and $image only after you check the correctness of the user answer, and you must pass the $prefix value through a hidden input field. I haven't checked it, but this code should work now:

function wptuts_get_the_ip() {
    if (isset($_SERVER["HTTP_X_FORWARDED_FOR"])) {
        return $_SERVER["HTTP_X_FORWARDED_FOR"];
    }
    elseif (isset($_SERVER["HTTP_CLIENT_IP"])) {
        return $_SERVER["HTTP_CLIENT_IP"];
    }
    else {
        return $_SERVER["REMOTE_ADDR"];
    }
}
// short code function 
function wptuts_contact_form_sc( $atts ) {     
add_shortcode( 'contact', 'contact_form_shortcode' );

   extract(shortcode_atts(array(
        "email" => get_bloginfo('admin_email'),
        "subject" => '',
        "label_name" => 'Your Name',
        "label_email" => 'Your E-mail Address',
        "label_subject" => 'Your Answer',
        "label_captcha" => 'Captcha',
        "label_submit" => 'Submit',
        "error_empty" => 'Please fill in all the required fields.',
        "error_noemail" => 'Please enter a valid e-mail address.',
        "success" => 'Thanks for your e-mail! We\'ll get back to you as soon as we can.'
    ), $atts));

    $captcha_instance = new ReallySimpleCaptcha(); //imports really simple captcha plugin

    if ($_SERVER['REQUEST_METHOD'] == 'POST') {

        $error = false;
        $required_fields = array("your_name", "email", "captcha", "subject");

        foreach ($_POST as $field => $value) {
            if (get_magic_quotes_gpc()) {
                $value = stripslashes($value);
            }
            $form_data[$field] = strip_tags($value);
        }

        foreach ($required_fields as $required_field) {
            $value = trim($form_data[$required_field]);
            if(empty($value)) {
                $error = true;
                $result = $error_empty;
            }
        }

        if(!is_email($form_data['email'])) {
            $error = true;
            $result = $error_noemail;
        }

        if ($error == false) {

            $captcha_text=$form_data['captcha'];
            $captcha_prefix=$form_data['prefix'];
            $correct = $captcha_instance->check( $captcha_prefix, $captcha_text );

            if($correct==TRUE){

                $email_subject = "[" . get_bloginfo('name') . "] " . $form_data['subject'];
                $email_message = $form_data['captcha'] . "\n\nIP: " . wptuts_get_the_ip();
                $headers  = "From: ".$form_data['your_name']." <".$form_data['email'].">\n";
                $headers .= "Content-Type: text/plain; charset=UTF-8\n";
                $headers .= "Content-Transfer-Encoding: 8bit\n";
                wp_mail($email, $email_subject, $email_message, $headers);
                $result = $success;
                $sent = true;
            }
        }
    }

    $word = $captcha_instance->generate_random_word();        
    $prefix = mt_rand();
    $image= $captcha_instance->generate_image( $prefix, $word );

    if($result != "") {
        $info = '<div class="info">'.$result.'</div>';        
    }

    $email_form = '<form class="contact-form" method="post" action="'.get_permalink().'">
        <div>
            <label for="cf_name">'.$label_name.':</label>
            <input type="text" name="your_name" id="cf_name" size="50" maxlength="50" value="'.$form_data['your_name'].'" />
        </div>
        <div>
            <label for="cf_email">'.$label_email.':</label>
            <input type="text" name="email" id="cf_email" size="50" maxlength="50" value="'.$form_data['email'].'" />
        </div>
        <div>
            <label for="cf_subject">'.$label_subject.':</label>
            <input type="text" name="subject" id="cf_subject" size="50" maxlength="50" value="'.$subject.$form_data['subject'].'" />
        </div>
        <div>
            <label for="cf_message">'.$label_captcha.':</label>
            <input type="text" name="captcha" id="cf_message" size="50" maxlength="50" value=""/>
            <input type="hidden" name="prefix" id="prefix" value="'.$prefix.'"/>
        </div>
        <div id="captcha"><span id="captcha_text">Captcha:</span><img id="captcha_image" src="'.plugins_url("really-simple-captcha/tmp/" . $image) . '" alt="" /></div>
        <div>
            <input type="submit" value="'.$label_submit.'" name="send" id="cf_send" />
        </div>

    </form>';

    if($sent == true) {
        return $info;
    } else {
        return $info.$email_form;
    }
} 
add_shortcode('contact', 'wptuts_contact_form_sc');

// add plugins style to frontend
function prize_game_contact_form() {
wp_register_style('prize_game_contact_form', plugins_url('css/style.css',__FILE__));
wp_enqueue_style('prize_game_contact_form');
}
add_action('wp_enqueue_scripts', 'prize_game_contact_form');
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top