Captcha problem users just refresh and it will let them auto submit again


Posted on 16th Feb 2014 07:03 pm by admin

Users will just re submit and not have to enter the new captcha.. ? Lol but if i refresh the page, the captcha auto makes a new1 so u cant submit.

But if u enter captcha code alrdy, then submit form correctly, and press refresh to auto submit form, it does it? This is a major security risk here is my code, thanks:

Code: session_start();

$RandomStr = md5(microtime());// md5 to generate the random string
$text = rand(10000,99999);
$_SESSION["key"] = $text;
$height = 25;
$width = 35;

$image_p = imagecreate($width, $height);
$black = imagecolorallocate($image_p, 100, 5, 5);
$white = imagecolorallocate($image_p, 155, 155, 025);
$font_size = 16;
$text=substr($_SESSION['key'],0,3);
imagestring($image_p, $font_size, 5, 5, $text, $white);
imagejpeg($image_p, null, 80);

then my HTML:

Code: <tr class="bts ce"><td colspan=2><b>Security Code Confirmation</b></td></tr>

<tr>
<td align="right">Your unique security code<input type="hidden" name="secId" value="76c2b0e6f20ed0f1b209bcf39dee8e06"></td>
<td>
<img src="php_captcha.php">

<span class="desc">If The images are broke, please contact us.</span></span>
</td>
</tr>
Is there a way so people cant auto submit form?

Captcha works if u refresh but people can just auto submit the form and it will keep submiiting...

No comments posted yet

Your Answer:

Login to answer
312 Like 34 Dislike
Previous forums Next forums
Other forums

Appending GET data with form submition
Okay, what I'm trying to do is to use a form to append an already existing GET data string.

I

SAP Treasury - Commodities
We are running SAP ECC 6.0 with Treasury Activated.
EA-FIN is also activated (SFW5).

Saving PHP output as a file
I wondered if anyone knows how to save the rendered output of a PHP script as a file?

I have

Hyperlink in PHP to MySQL record
Hello,

I am having trouble as i am new to php. I have connected to the database and I have di

! = ''
In the following 'IF' statement if v_ompcat = PU for example then Oracle equates that 'IF' statement

I need some help with the IF command...
I have a large number of images in one section of my website with the .jpg format. I'm adding a bun

$_POST variable un-useable
I'm trying to use a $_POST variable in a mysql update statement but i can't use it for some unknown

What is SAP Avatar ?
Hi All,

This G.Satish , my boss asked me to explore on SAP Avatar. I searced in internet

Blogging s/w
heya frndz!!! i want to start a blog.... m looking for a s/w like oscommerce which is thr for e-comm

Default TimeZone
The server I'm working with is hosted in America so all times inserted into the database are coming

Sign up to write
Sign up now if you have flare of writing..
Login   |   Register
Follow Us
Indyaspeak @ Facebook Indyaspeak @ Twitter Indyaspeak @ Pinterest RSS



 
© indyaspeak.com. All Rights Reserved.
Play Free Quiz and Win Cash