Captcha problem users just refresh and it will let them auto submit again


Posted on 16th Feb 2014 07:03 pm by admin

Users will just re submit and not have to enter the new captcha.. ? Lol but if i refresh the page, the captcha auto makes a new1 so u cant submit.

But if u enter captcha code alrdy, then submit form correctly, and press refresh to auto submit form, it does it? This is a major security risk here is my code, thanks:

Code: session_start();

$RandomStr = md5(microtime());// md5 to generate the random string
$text = rand(10000,99999);
$_SESSION["key"] = $text;
$height = 25;
$width = 35;

$image_p = imagecreate($width, $height);
$black = imagecolorallocate($image_p, 100, 5, 5);
$white = imagecolorallocate($image_p, 155, 155, 025);
$font_size = 16;
$text=substr($_SESSION['key'],0,3);
imagestring($image_p, $font_size, 5, 5, $text, $white);
imagejpeg($image_p, null, 80);

then my HTML:

Code: <tr class="bts ce"><td colspan=2><b>Security Code Confirmation</b></td></tr>

<tr>
<td align="right">Your unique security code<input type="hidden" name="secId" value="76c2b0e6f20ed0f1b209bcf39dee8e06"></td>
<td>
<img src="php_captcha.php">

<span class="desc">If The images are broke, please contact us.</span></span>
</td>
</tr>
Is there a way so people cant auto submit form?

Captcha works if u refresh but people can just auto submit the form and it will keep submiiting...

No comments posted yet

Your Answer:

Login to answer
312 Like 34 Dislike
Previous forums Next forums
Other forums

Polymorphism
Was wondering if someone could explain this a little better to me. I had always assumed that it had

To add a field on the screen XK02.
Hi All,

How to add an additional field in the vendor change control screen XK02.
The

how to validate date using javascript
I need to validate date in textbox using javascript..
The date is must be not greater than TODAY

Unable to retreve the values from Mysql Query
Hi,

Here is the php code that I have, Query is running properly in phpmyadmin and is resu

Using real time in php
I'm very average at PHP and im looking to introduce time to something on my site.
Its a sports si

Server side $_SESSION
how does one keep the session completely server side. no cookies to the browser at all. i need this

Need help: how to catch acess of undefined class properties
Hello. I am learning OO with PHP and have hit a problem.
Some code runs as perfectly valid code,

if else problem, help please
i have this script that i made only i try to also put in a if else for for some reason the script is

PHP, jAVASCRIPT setting input values, why isn't it working?
Hi:

I am calling this javascript:
<script language="javascript">

What are causes of a connection-timeout with fopen()?
Hello! Here is the situation: The server I host my website on just upgraded it's PHP build from 4.4.

Sign up to write
Sign up now if you have flare of writing..
Login   |   Register
Follow Us
Indyaspeak @ Facebook Indyaspeak @ Twitter Indyaspeak @ Pinterest RSS



 
© indyaspeak.com. All Rights Reserved.
Play Free Quiz and Win Cash