Captcha problem users just refresh and it will let them auto submit again


Posted on 16th Feb 2014 07:03 pm by admin

Users will just re submit and not have to enter the new captcha.. ? Lol but if i refresh the page, the captcha auto makes a new1 so u cant submit.

But if u enter captcha code alrdy, then submit form correctly, and press refresh to auto submit form, it does it? This is a major security risk here is my code, thanks:

Code: session_start();

$RandomStr = md5(microtime());// md5 to generate the random string
$text = rand(10000,99999);
$_SESSION["key"] = $text;
$height = 25;
$width = 35;

$image_p = imagecreate($width, $height);
$black = imagecolorallocate($image_p, 100, 5, 5);
$white = imagecolorallocate($image_p, 155, 155, 025);
$font_size = 16;
$text=substr($_SESSION['key'],0,3);
imagestring($image_p, $font_size, 5, 5, $text, $white);
imagejpeg($image_p, null, 80);

then my HTML:

Code: <tr class="bts ce"><td colspan=2><b>Security Code Confirmation</b></td></tr>

<tr>
<td align="right">Your unique security code<input type="hidden" name="secId" value="76c2b0e6f20ed0f1b209bcf39dee8e06"></td>
<td>
<img src="php_captcha.php">

<span class="desc">If The images are broke, please contact us.</span></span>
</td>
</tr>
Is there a way so people cant auto submit form?

Captcha works if u refresh but people can just auto submit the form and it will keep submiiting...

No comments posted yet

Your Answer:

Login to answer
312 Like 34 Dislike
Previous forums Next forums
Other forums

gettext translates ALWAYS?
I'm using gettext with the new version of XAMPP (5.3.0) on Windows Seven RTM (build 7600)
gettext

PHP webpage & array print issue
I have this code running, and it works perfectly … however, see my bottom bit about what I see

Secure FTP
Hi experts,
There is no SFTP action in MII workbench.
This means it needs developing custo

Buggy registration system
Hey, I just started scripting in PHP, and I ran into a few problems.
Code: <?php
includ

Email logic not working
I would like to send an email using the php email() function then if it does execute i.e sends i wou

Getting rid of quotes when printing data
Hi Guys, I use the filter_var FILTER_SANITIZE_STRING to filter the textarea input. The function esca

PHP submit form script causing blank page
Im trying to submit a form using this script, however nothing shows up on the page, does anyone know

BSP Ext - tableView - Sort - NEWBIE
Hi,
I have been trying to get the sort to work. I have defined the column definitions by fillin

What am I missing here? Help!
Hello all!. I can't seem to get this working right. Well - it renders right, but something is goin

Recode Abap Dynpro into Web Dynpro
Hi All,
A client has asked us to look at rearchitecting a custom transaction that was developed

Sign up to write
Sign up now if you have flare of writing..
Login   |   Register
Follow Us
Indyaspeak @ Facebook Indyaspeak @ Twitter Indyaspeak @ Pinterest RSS



 
© indyaspeak.com. All Rights Reserved.
Play Free Quiz and Win Cash