Captcha problem users just refresh and it will let them auto submit again


Posted on 16th Feb 2014 07:03 pm by admin

Users will just re submit and not have to enter the new captcha.. ? Lol but if i refresh the page, the captcha auto makes a new1 so u cant submit.

But if u enter captcha code alrdy, then submit form correctly, and press refresh to auto submit form, it does it? This is a major security risk here is my code, thanks:

Code: session_start();

$RandomStr = md5(microtime());// md5 to generate the random string
$text = rand(10000,99999);
$_SESSION["key"] = $text;
$height = 25;
$width = 35;

$image_p = imagecreate($width, $height);
$black = imagecolorallocate($image_p, 100, 5, 5);
$white = imagecolorallocate($image_p, 155, 155, 025);
$font_size = 16;
$text=substr($_SESSION['key'],0,3);
imagestring($image_p, $font_size, 5, 5, $text, $white);
imagejpeg($image_p, null, 80);

then my HTML:

Code: <tr class="bts ce"><td colspan=2><b>Security Code Confirmation</b></td></tr>

<tr>
<td align="right">Your unique security code<input type="hidden" name="secId" value="76c2b0e6f20ed0f1b209bcf39dee8e06"></td>
<td>
<img src="php_captcha.php">

<span class="desc">If The images are broke, please contact us.</span></span>
</td>
</tr>
Is there a way so people cant auto submit form?

Captcha works if u refresh but people can just auto submit the form and it will keep submiiting...

No comments posted yet

Your Answer:

Login to answer
312 Like 34 Dislike
Previous forums Next forums
Other forums

Estimations and Effort
HI Gurus,

Would like to know whether SAP have a provision for carrying out the Project es

Thought I has this figured out especially after all the help i received?
Cags, Salathe, Daniel helped me with this yesterday, but not sure i took it all in.
I am attempti

Accessing Infotype data in dialog program
Hi All
In Dialog programs attributes I didn't see any logical database field. How can I access

DateTimeZone::listIdentifiers headache
http://php.net/manual/en/datetimezone.listidentifiers.php


So the documentation states tha

Delete all from a table
I can not get the following code to work. If I run the sql statement in the db it will delete all t

order by date not ID number help php
I am trying to orginize the following code to order by date not id number.
any help would be grea

Undefined variable: adHTML
Hello:

While checking my site error logs, I've noticed one repetitive error that fills the lo

writing a screen scraper
Hello,

I'm writing a screen scraper application and want to be able to get absolute addresses

How to add an image/C++ OpenGL?
Hi,

I have been trying to look online for this and, so far, I haven't found anything usef

Change log of Cost centre change in Plant maintenance order
Hi,
How to view Change log of Cost centre in Plant maintenance order. Not visible thru 'Docume

Sign up to write
Sign up now if you have flare of writing..
Login   |   Register
Follow Us
Indyaspeak @ Facebook Indyaspeak @ Twitter Indyaspeak @ Pinterest RSS



Play Free Quiz and Win Cash