Menu
No matter what I type in (even the correct captcha), I always get missmatched output. I've tried echoing the values (they are supposed to match if you type in the right code). and I always get something like this:
6952304285049
-1247767175
Here's my code (im doing some other validating as well):
<?php
include 'Header.php';
include 'Database.php';
?>
<script type="text/javascript">
$(function() {
$('#defaultReal').realperson();
});
</script>
<h1>Sign Up</h1>
<?php
if ($_POST){
$username = $_POST['username'];
$password = $_POST['password'];
$check = '';
//validate CAPTCHA
function rpHash($value) {
$hash = 5381;
$value = strtoupper($value);
for($i = 0; $i < strlen($value); $i++) {
$hash = (($hash << 5) + $hash) + ord(substr($value, $i));
}
return $hash;
}
if (rpHash($_POST['defaultReal']) == $_POST['defaultRealHash']) { ?>
<p class="accepted">You have entered the "real person" value correctly and the form has been processed.</p>
<?php
//if username is not blank
if($username != ''){
//check if username exists already
$query = "SELECT username FROM tbl_user;";
$result = mysql_query($query) or die(mysql_error());
while ($record = mysql_fetch_row($result))
{
foreach($record as $field)
{
if($field == $username){
//if user exists, dont let them add same user
$error_message_username = 'username already used; choose a unique name';
}
else{
$check = 'pass';
}
}
}
}else{
$error_message_username = 'username cannot be blank';
}
//if password is not blank
if($password != ''){
$error_message_password = '';
// encrypt password
$encrypted_password = md5($password);
if($check == 'pass'){
//set username and password into database
$query = "INSERT INTO tbl_user VALUES('','".$username."','".$encrypted_password."');";
$result = mysql_query($query) or die(mysql_error());
}
}else{
$error_message_password = 'password cannot be blank';
}
} else { ?>
<p class="rejected">You have NOT entered the CAPTCHA value correctly and the form has been rejected.</p>
<?php
echo rpHash($_POST['defaultReal']) . '<br/>';
echo $_POST['defaultRealHash'];
}
}
?>
<form method="post" action="SignUp.php">
<p>
E-Mail:
<input type="text" class="required email" id="username" name="username">
<?php
if ( $error_message_username != '' ) {
print "$error_message_username";
}
?>
</p>
<p>
Password:
<input type="text" name="password">
<?php
if ( $error_message_password != '' ) {
print "$error_message_password";
}
?>
</p>
<p>
CAPTCHA:
<input type="text" id="defaultReal" name="defaultReal">
</p>
<p>
<button class="mybutton" type="submit" value="Sign Up">Sign Up</button>
</p>
</form>
310
Well said Craig Jacobs, it is the same problem which you pointed out. I also faced the same thing and solved by making changes shown below:
function rpHash($value) {
$hash = 5381;
$value = strtoupper($value);
for($i = 0; $i < strlen($value); $i++) {
$hash = (leftShift32($hash, 5) + $hash) + ord(substr($value, $i));
}
return $hash; }
function leftShift32($number, $steps) {
$binary = decbin($number);
$binary = str_pad($binary, 32, "0", STR_PAD_LEFT);
$binary = $binary.str_repeat("0", $steps);
$binary = substr($binary, strlen($binary) - 32);
return ($binary{0} == "0" ? bindec($binary) :
-(pow(2, 31) - bindec(substr($binary, 1))));
}
if (isset($_POST['submit'])) {
.....
if (rpHash($_POST['defaultReal']) != $_POST['defaultRealHash']) {
echo "Invalid contact request, please try again with correct verification code...";
exit;
}
.....
.....
}
Hope it will help someone else too.
188
There are two versions of the php rpHash function provided, one for 32-bit and one for 64-bit PHP. Run phpinfo and make sure you are using the correct version of the function as provided on this page http://keith-wood.name/realPerson.html. The bitwise functions as used here will return different values on 32 and 64 bit machines. See this page: http://www.php.net/manual/en/language.operators.bitwise.php
20
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
