close ad
Databridge V2 with MySQLi support IS Now Available!
open ad
View Menu

Technical Support Forums

Free, outstanding support from WebAssist and your colleagues

rating

CAPTCHA security validation

Thread began 12/29/2010 4:16 pm by MikeyT | Last modified 1/03/2011 9:59 am by Jason Byrnes | 1800 views | 12 replies |

MikeyT

CAPTCHA security validation

Does the validation functionality for CAPTCHA security actually analyze a user's input and crosscheck with the CAPTCHA graphic for accuracy (and also checks the Security Question's answer) or is it simply looking for any type of human input?

Long story short (sort of), I had a simple contact form built with Form Builder 1 for a client's site. It worked perfectly on my testing server and on my client's remote server. Upon hitting the Submit button you were taken to a Thank You page and my client received the HTML email with the user's contact info that was submitted. All working flawlessly. I'm pretty positive that the CAPTCHA's validation gave me a warning when the user's input did not match what was required. Just recently, coincidentally after upgrading to Form Builder 2, my form is suddenly not working in various ways. For instance, I'm seeing the ‘failure error’ in the URL bar after form submission, and no matter what I type into the CAPTCHA fields, it always validates - even intentional, incorrect answers. However, the validation does work properly for name, company, and email fields - you get the expected warnings - in my case, a red message.

So then I built an experimental form from scratch using Form Builder 2 with CAPTCHA and am getting the same bad results as stated above. But, after stripping out all security validation, I finally get the form to submit properly and result in the Thank You page and HTML email. Every form with security validation I now build has absolutely no arguments with the security answers I submit, no matter how incorrect they are, AND I can't get the form to result in a Thank You confirmation page and HTML email. Same failure error in URL bar.

I've checked the server behaviors, and at one point I had a dupe Universal Email behavior, but nothing else seems out of sorts. I've even pulled archived form files from Time Machine (Mac OSX user here) from a time when my client's form was definitely functioning properly, but still the same bad results occur. I've also reinstalled FB2 and tossed the file that's mentioned in other threads when extensions aren't working properly. I'm at a loss. I can post some files when I'm back in my home office, but in the meantime, I'm really curious about an answer to my question in the first paragraph.

Really sorry for the long-winded post. My setup includes Mac, Snow Leopard (latest build), Dreamweaver CS5.

Thanks to all who can help.

Sign in to reply to this post

Ray BorduinWebAssist

It does an actual text comparison to find a match with the CAPTCHA and security question.

However, that validation takes place on the server and not in client side code, for security reasons the answer never appears on the page even in script.

You should see a "Server Validation" server behavior on the form action page before the Universal email. It sounds like server validation isn't working properly, so I'd like to see a sample page that doesn't work to analyze what is going wrong.

Sign in to reply to this post

MikeyT

working on testing server / not on remote servers

Thanks, Ray. I appreciate the quick response.

Both, the contact forms I built for my client and the quick experimental one (zipped files attached) are showing perfectly working server validation on my test server, but NOT on each respective remote server. Keep getting the ‘?invalid=true’ message in URL bar. Two different hosting companies apply here for each form I'm playing with, and both are subscribed to php hosting plans.

Attached Files
contactFormTest.zip
Sign in to reply to this post

MikeyT

source code attached

Ray,

Attached is the source code for my Client's contact page as well as the Experiment form I'm referencing in the previous post. The client form was created with FB 1 so the Universal Email functionality was added separately afterwards. The Experiment form was created with FB 2. I noticed up top in my Client form source code that there are two references made to the same php file ‘WAVT_Scripts_PHP.php.’ - not sure if that has any bearing on the issue I'm having. And when comparing the two source code blocks, I see the invalid redirect is handled differently - I assume that's a difference between the two versions of FB?

Thanks again.

Attached Files
sourceCode.zip
Sign in to reply to this post

Jason ByrnesWebAssist

The code in both of these files appears correct.


the first thing I would like to test is the servers session management.

Download the sessionTest.php file from the following thread and upload it to your server to test session management:
showpost.php?p=23826&postcount=2



If the session test checks OK, find the following code in your page:

php:
if ($WAFV_Errors != "")  {

    PostResult($WAFV_Redirect,$WAFV_Errors,"contact");
  }



and change it to:

php:
if ($WAFV_Errors != "")  {

    die($WAFV_Errors);
    PostResult($WAFV_Redirect,$WAFV_Errors,"contact");
  }




this will help us pinpoint exactly which validation is failing to troubleshoot further.

Sign in to reply to this post

MikeyT

sessionTest complete

Jason,

I believe the session test checked out OK. I saw the code you first reference and replaced it with the second block you've included. It's now uploaded.

Sign in to reply to this post

Jason ByrnesWebAssist

the session test is failing.

when you click the first link on the session test page, it sets the session variable:
Session Test = test


when you click the second link, this should not change, but it does, it changes to:
Session Test = NULL


This means that the servers session management is not functioning. you will need to contact them to have the problem corrected.


Most likely, it is an issue with the session.save_path setting in the php.ini file, but the host will need to look into the issue to determine the cause.

Sign in to reply to this post

MikeyT

thanks, but...

I see what you're referring to on the live sessionTest.php page. I also uploaded it to the server hosting my experiment form and am getting the same NULL result from the sessionTest. What are the odds that the same problem is occurring at the same exact time with two different hosting companies?

sessionTest.php

sessionTest.php

Sign in to reply to this post

Jason ByrnesWebAssist

it's not at all unheard of. but it may not be exactly the same cause in both cases, you will need to contact the host to have them correct the problem.

Sign in to reply to this post

MikeyT

alright… thanks for all your help.

Sign in to reply to this post
loading

Build websites with a little help from your friends

Your friends over here at WebAssist! These Dreamweaver extensions will assist you in building unlimited, custom websites.

Build websites from already-built web applications

These out-of-the-box solutions provide you proven, tested applications that can be up and running now.  Build a store, a gallery, or a web-based email solution.

Want your website pre-built and hosted?

Close Windowclose

Rate your experience or provide feedback on this page

Account or customer service questions?
Please user our contact form.

Need technical support?
Please visit support to ask a question

Content

rating

Layout

rating

Ease of use

rating

security code refresh image

We do not respond to comments submitted from this page directly, but we do read and analyze any feedback and will use it to help make your experience better in the future.

Close Windowclose

We were unable to retrieve the attached file

Close Windowclose

Attach and remove files

add attachmentAdd attachment
Close Windowclose

Enter the URL you would like to link to in your post

Close Windowclose

This is how you use right click RTF editing

Enable right click RTF editing option allows you to add html markup into your tutorial such as images, bulleted lists, files and more...

-- click to close --

Uploading file...