Captcha problem users just refresh and it will let them auto submit again


Posted on 16th Feb 2014 07:03 pm by admin

Users will just re submit and not have to enter the new captcha.. ? Lol but if i refresh the page, the captcha auto makes a new1 so u cant submit.

But if u enter captcha code alrdy, then submit form correctly, and press refresh to auto submit form, it does it? This is a major security risk here is my code, thanks:

Code: session_start();

$RandomStr = md5(microtime());// md5 to generate the random string
$text = rand(10000,99999);
$_SESSION["key"] = $text;
$height = 25;
$width = 35;

$image_p = imagecreate($width, $height);
$black = imagecolorallocate($image_p, 100, 5, 5);
$white = imagecolorallocate($image_p, 155, 155, 025);
$font_size = 16;
$text=substr($_SESSION['key'],0,3);
imagestring($image_p, $font_size, 5, 5, $text, $white);
imagejpeg($image_p, null, 80);

then my HTML:

Code: <tr class="bts ce"><td colspan=2><b>Security Code Confirmation</b></td></tr>

<tr>
<td align="right">Your unique security code<input type="hidden" name="secId" value="76c2b0e6f20ed0f1b209bcf39dee8e06"></td>
<td>
<img src="php_captcha.php">

<span class="desc">If The images are broke, please contact us.</span></span>
</td>
</tr>
Is there a way so people cant auto submit form?

Captcha works if u refresh but people can just auto submit the form and it will keep submiiting...

No comments posted yet

Your Answer:

Login to answer
312 Like 34 Dislike
Previous forums Next forums
Other forums

Looking for help on using joining mysql tables and php....
Does anyone have any good links to references on how to pull mysql data, through joining tables and

registration form
first time posting. did some searches but didnt find exactly what i am looking for. dont flame cause

need help in update query
i create a form for update. there are 8 columns in my mysql table. on my main page all the data is r

Form a inline view based on the results of the previous query?
Hi Experts,
Can we form a inline view on the results of a previous query (another inline view)?

SQL Injection
In my attempts to protect my database from mySQL injection I have created another problem for myself

php sessions,logouts & the bloomin back button!
Hi All,

I've got a cms that members can log into. When they logout, the session is destroyed,

EU VAT Package 2010
Does any one know whether SAP will be developing new reporting functionality due the new VAT rules t

iMatch stored value with the current value in a loop
Hello,

I have a MySQL db were I store articles in.

I have a form to fill these article

please help
HTML Code:

Code: <span id="ctl00"><span>

Switch letters in message (basic cryptology)...
I am trying to switch letters around in a message for an application on my site (see here). The prob

Sign up to write
Sign up now if you have flare of writing..
Login   |   Register
Follow Us
Indyaspeak @ Facebook Indyaspeak @ Twitter Indyaspeak @ Pinterest RSS



 
© indyaspeak.com. All Rights Reserved.
Play Free Quiz and Win Cash