English
Dansk
Deutsch
Español
Italiano
Português (Brasil)
Português (Europa)
Knowledge Base/Support & Answers
Can I Add a CAPTCHA field to QuickEnroll?
Tiago Soromenho
posted this on April 24, 2009 10:19 pm
QUESTION:
I keep getting some blank or weird submissions from my online program enrollment form on my website. Is it possible to add a CAPTCHA to the form (you know, those boxes with oddly shaped words that you have to type into box) to prevent these abuses?
ANSWER:
Yes, here's how to do it:
First, rename the file with the form in it with a .php extension (it can't be a regular .html file anymore.) We suggest "signup.php"
If you rename it to something else other than "signup.php", make sure to replace "signup.php" with that file name on the second set of code on this page.
Replace the form on your site with the following code:
<form action="register.php" method="post" name="add_customer_form">
<link href="<?php echo (!empty($_REQUEST['css'])) ? $_REQUEST['css'] : 'display.css'; ?>" rel="stylesheet" media="screen">
<div id="enroll_form_header">
Please fill out this form to register for the <b><?php echo (!empty($_REQUEST['c'])) ? $_REQUEST['c'] : '<span class="error">[ERROR]</span>'; ?></b> program:<br>
</div>
<div id="enroll_form_body">
<table cellspacing="4" cellpadding="0" border="0">
<?php if (!empty($_REQUEST['msg'])) {
echo '<tr>
<td colspan="2" class="error">Error: '.$_REQUEST['msg'].'<br>
<br></td>
</tr>';
} ?>
<tr>
<td>First Name:</td><td><input type="text" name="first_name" size="24" maxlength="50" border="0" value="<?php echo (!empty($_REQUEST['first_name']))? $_REQUEST['first_name'] : ''; ?>"></td>
</tr>
<td>Last Name:</td><td><input type="text" name="last_name" size="24" maxlength="255" border="0" value="<?php echo (!empty($_REQUEST['last_name']))? $_REQUEST['last_name'] : ''; ?>"></td>
</tr>
<tr>
<td>Email Address:</td><td><input type="text" name="email" size="24" maxlength="255" border="0" value="<?php echo (!empty($_REQUEST['email']))? $_REQUEST['email'] : ''; ?>"></td>
</tr>
<tr>
<td>Phone Number:</td><td><input type="text" name="phone" size="24" maxlength="16" border="0" value="<?php echo (!empty($_REQUEST['phone']))? $_REQUEST['phone'] : ''; ?>"></td>
</tr>
<tr>
<td><br></td>
</tr>
<tr>
<td>Street Line 1:</td><td><input type="text" name="street1" size="24" maxlength="255" border="0" value="<?php echo (!empty($_REQUEST['street1']))? $_REQUEST['street1'] : ''; ?>"></td>
</tr>
<tr>
<td>Street Line 2:</td><td><input type="text" name="street2" size="24" maxlength="255" border="0" value="<?php echo (!empty($_REQUEST['street2']))? $_REQUEST['street2'] : ''; ?>"></td>
</tr>
<tr>
<td>City:</td><td><input type="text" name="city" size="24" maxlength="255" border="0" value="<?php echo (!empty($_REQUEST['city']))? $_REQUEST['city'] : ''; ?>"></td>
</tr>
<tr>
<td>State / Province:</td><td><input type="text" name="state" size="24" maxlength="50" border="0" value="<?php echo (!empty($_REQUEST['state']))? $_REQUEST['state'] : ''; ?>"></td>
</tr>
<tr>
<td>Zip / Postal Code:</td><td><input type="text" name="postal_code" size="24" maxlength="50 border="0" value="<?php echo (!empty($_REQUEST['postal_code']))? $_REQUEST['postal_code'] : ''; ?>"></td>
</tr>
<tr>
<td>Country:</td><td><input type="text" name="country" size="24" maxlength="2555" border="0" value="<?php echo (!empty($_REQUEST['country']))? $_REQUEST['country'] : ''; ?>"></td>
</tr>
<tr>
<td><br></td>
</tr>
<tr>
<td>Special Note:</td><td><input type="text" name="custom1" size="30" maxlength="255" border="0" value="<?php echo (!empty($_REQUEST['custom1']))? $_REQUEST['custom1'] : ''; ?>"></td>
</tr>
</table>
</div>
<div id="enroll_form_captcha">
<a id="captcha_reload"
onMouseOver="this.style.color = '#303030'"
onMouseOut="this.style.color = '#606060'"
onclick="Javascript:this.style.color = '#303030';document.getElementById('captcha').src = 'http://www.rewardspixie.com/securimage/securimage_show.php?' + Math.random();return false;">
<img id="captcha" src="http://www.rewardspixie.com/securimage/securimage_show.php" alt="CAPTCHA Image" align="absmiddle"/> (Click to show another code)</a>
<br>
Please type the code in the image above:
<input type="text" name="captcha_code" size="10" maxlength="6" />
</div>
<div id="enroll_form_submit">
<input type="submit" border="0" value="Submit">
</div>
</form>
You can add the Javascript validation from the following article, if you want: http://support.stickystreet.com/forums/16257/entries/16413
Once this form has been added to your site, use the following code for the register.php file:
(Make sure to remember to replace all the "AAAAAAAA", "BBBBBBBBB", etc. with the proper values.
<?php // Define Set Parameters $url = 'https://www.scanandgorewards.com/admin.php'; $user_id = 'AAAAAAAA'; $user_token = 'BBBBBBBB'; $campaign_id = 'CCCCCCCC'; $redirect_url = 'DDDDDDDD'; //$auto_add = 'EEEEEEEE'; // Validate the CAPTCHA: session_start(); include_once 'http://www.rewardspixie.com/securimage/securimage.php'; $securimage = new Securimage(); if ($securimage->check($_POST['captcha_code']) == false) { // the code was incorrect // Resubmit all passed parameters $to_post = ''; $to_post .= (!empty($_REQUEST['first_name'])) ? '&first_name='.$_REQUEST['first_name'] : ''; $to_post .= (!empty($_REQUEST['last_name'])) ? '&last_name='.$_REQUEST['last_name'] : ''; $to_post .= (!empty($_REQUEST['email'])) ? '&email='.$_REQUEST['email'] : ''; $to_post .= (!empty($_REQUEST['phone'])) ? '&phone='.$_REQUEST['phone'] : ''; $to_post .= (!empty($_REQUEST['street1'])) ? '&street1='.$_REQUEST['street1'] : ''; $to_post .= (!empty($_REQUEST['street2'])) ? '&street2='.$_REQUEST['street2'] : ''; $to_post .= (!empty($_REQUEST['city'])) ? '&city='.$_REQUEST['city'] : ''; $to_post .= (!empty($_REQUEST['state'])) ? '&state='.$_REQUEST['state'] : ''; $to_post .= (!empty($_REQUEST['postal_code'])) ? '&postal_code='.$_REQUEST['postal_code'] : ''; $to_post .= (!empty($_REQUEST['country'])) ? '&country='.$_REQUEST['country'] : ''; $to_post .= (!empty($_REQUEST['custom1'])) ? '&custom1='.$_REQUEST['custom1'] : ''; $to_post .= '&msg=The%20verification%20code%20did%20not%20match%20the%20picture.'; // Start the curl session $ch = curl_init(); // set the target url: $url = "signup.php"; curl_setopt($ch, CURLOPT_URL, "$url"); // Send query and close curl_setopt($ch, CURLOPT_POST, 1); curl_setopt($ch, CURLOPT_POSTFIELDS, $to_post); curl_setopt($ch, CURLOPT_HEADER, false); curl_exec($ch); curl_close($ch); } else { // Captcha code was correct: // Start the curl session $ch = curl_init(); // set the target url: $url = 'https://www.scanandgorewards.com/admin.php'; curl_setopt($ch, CURLOPT_URL, "$url"); // put together the parameters to post: $to_post = ''; $to_post .= '&type=record_customer'; $to_post .= '&api=y'; $to_post .= '&user_id='.$user_id; $to_post .= '&user_password='.$user_token; //$to_post .= '&auto_add='.$auto_add; $to_post .= '&campaign_id='.$campaign_id; $to_post .= (!empty($_REQUEST['first_name'])) ? '&first_name='.$_REQUEST['first_name'] : ''; $to_post .= (!empty($_REQUEST['last_name'])) ? '&last_name='.$_REQUEST['last_name'] : ''; $to_post .= (!empty($_REQUEST['email'])) ? '&email='.$_REQUEST['email'] : ''; $to_post .= (!empty($_REQUEST['phone'])) ? '&phone='.$_REQUEST['phone'] : ''; $to_post .= (!empty($_REQUEST['street1'])) ? '&street1='.$_REQUEST['street1'] : ''; $to_post .= (!empty($_REQUEST['street2'])) ? '&street2='.$_REQUEST['street2'] : ''; $to_post .= (!empty($_REQUEST['city'])) ? '&city='.$_REQUEST['city'] : ''; $to_post .= (!empty($_REQUEST['state'])) ? '&state='.$_REQUEST['state'] : ''; $to_post .= (!empty($_REQUEST['postal_code'])) ? '&postal_code='.$_REQUEST['postal_code'] : ''; $to_post .= (!empty($_REQUEST['country'])) ? '&country='.$_REQUEST['country'] : ''; $to_post .= (!empty($_REQUEST['custom1'])) ? '&custom1='.$_REQUEST['custom1'] : ''; // set other curl options curl_setopt($ch, CURLOPT_POST, 1); curl_setopt($ch, CURLOPT_POSTFIELDS, $to_post); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER,false); curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE); // curl_setopt($ch, CURLOPT_HEADER, TRUE); // Send query: $result = curl_exec($ch); // Close. curl_close($ch); // Where to redirect the user after the form has been submitted: header('Location: '.$redirect_url); } ?>
This implementation of CAPTCHA uses the SecurImage open-source script from PHPcaptcha.oerg ( http://www.phpcaptcha.org ). Your server configuration may have problems accessing our installation of it on line 12 of the PHP script in the second set of code above.
include_once 'http://www.rewardspixie.com/securimage/securimage.php';
You have two ways to solve this:
1) Modify the php.ini settings to allow includes from outside your own sebserver, a security risk.
or
2) Install the SecurImage files into your server directly. They are quite small, and there's nothing to configure other than uploading the files by FTP. If you choose that option, make sure to replace all the references to "http://www.rewardspixie.com/secureimage" in BOTH scripts above.
If you have any questions, or run into any problems, let us know!
Add a comment