Captcha problem users just refresh and it will let them auto submit again


Posted on 16th Feb 2014 07:03 pm by admin

Users will just re submit and not have to enter the new captcha.. ? Lol but if i refresh the page, the captcha auto makes a new1 so u cant submit.

But if u enter captcha code alrdy, then submit form correctly, and press refresh to auto submit form, it does it? This is a major security risk here is my code, thanks:

Code: session_start();

$RandomStr = md5(microtime());// md5 to generate the random string
$text = rand(10000,99999);
$_SESSION["key"] = $text;
$height = 25;
$width = 35;

$image_p = imagecreate($width, $height);
$black = imagecolorallocate($image_p, 100, 5, 5);
$white = imagecolorallocate($image_p, 155, 155, 025);
$font_size = 16;
$text=substr($_SESSION['key'],0,3);
imagestring($image_p, $font_size, 5, 5, $text, $white);
imagejpeg($image_p, null, 80);

then my HTML:

Code: <tr class="bts ce"><td colspan=2><b>Security Code Confirmation</b></td></tr>

<tr>
<td align="right">Your unique security code<input type="hidden" name="secId" value="76c2b0e6f20ed0f1b209bcf39dee8e06"></td>
<td>
<img src="php_captcha.php">

<span class="desc">If The images are broke, please contact us.</span></span>
</td>
</tr>
Is there a way so people cant auto submit form?

Captcha works if u refresh but people can just auto submit the form and it will keep submiiting...

No comments posted yet

Your Answer:

Login to answer
312 Like 34 Dislike
Previous forums Next forums
Other forums

Error Messaging not working
I changed the way my form tells the user of an error. But I can't seem to get it to work properly.

What am I missing here? Help!
Hello all!. I can't seem to get this working right. Well - it renders right, but something is goin

Somebody hacked into my site and changed coding >>> URGENT HELP NEEDED <<<
I am not that much into programming , but somebody is hacking to my site and injecting some kind of

DB2 for z/OS, LUW, iSeries
Hello, In this forum a lot of threads related to other members of the DB2 family than DB2 for z/OS

Price in PR
Dear Experts,
Why we have to enter the price in the PR, and why there is no free goods indicato

Check premium expire
Hi,

I am making a simple file hosting site and want to check if users premium subscriptions h

Getting Subdomain Name With PHP?
I want to grab the subdomain name with PHP so I can generate database queries.

for example my

output printing as hexadecmal... XD
Everything works except the calcem call for the totusold and totuprice. The out put shows up as hex.

Need Successful Return
Hello I am currently working a form here, and I have everything figured out except when I click the

ScriptResource.axd gives an error on fresh install of ASP.NET Ajax 1.0
Hello,I have a fresh install of Microsoft ASP.NET Ajax 1.0. When I create an Ajax enabled website in

Sign up to write
Sign up now if you have flare of writing..
Login   |   Register
Follow Us
Indyaspeak @ Facebook Indyaspeak @ Twitter Indyaspeak @ Pinterest RSS



Play Free Quiz and Win Cash