Server Side validtion and captcha

5/27/2014 6:37 am | #1 Steve

Hello,
On a form with Server Side Validation I have also added Captcha...

The problem is that while it works with two independent validations, the form elements do not retain their Post values on refresh of checking the captcha.

I can see that two separate server validations are the problem.

What's the quick and simple way to merge the two and have both work?

Here are the two sections of code:

<?php 
if ($_SERVER["REQUEST_METHOD"] == "POST")  {
  $WAFV_Redirect = "index.php";
  $_SESSION['WAVT_indexX_276_Errors'] = "";
  if ($WAFV_Redirect == "")  {
    $WAFV_Redirect = $_SERVER["PHP_SELF"];
  }
  $WAFV_Errors = "";
  $WAFV_Errors .= WAValidateLE($_SESSION['captcha_Security_Code_1'] . "",((isset($_POST["Security_Code_1"]))?$_POST["Security_Code_1"]:"") . "",true,35);

  if ($WAFV_Errors != "")  {
    PostResult($WAFV_Redirect,$WAFV_Errors,"indexX_276");
  }
}
?>
<?php 
if (($_SERVER["REQUEST_METHOD"] == "POST") && (isset($_SERVER["HTTP_REFERER"]) && strpos(urldecode($_SERVER["HTTP_REFERER"]), urldecode($_SERVER["SERVER_NAME"].$_SERVER["PHP_SELF"])) > 0) && isset($_POST))  {
  $WAFV_Redirect = "";
  $_SESSION['WAVT_index_524_Errors'] = "";
  if ($WAFV_Redirect == "")  {
    $WAFV_Redirect = $_SERVER["PHP_SELF"];
  }
  $WAFV_Errors = "";
  $WAFV_Errors .= WAValidateRQ(((isset($_POST["sel-week"]))?$_POST["sel-week"]:"") . "",false,1);
  $WAFV_Errors .= WAValidateRQ(((isset($_POST["Name"]))?$_POST["Name"]:"") . "",false,2);
  $WAFV_Errors .= WAValidateRQ(((isset($_POST["LastName"]))?$_POST["LastName"]:"") . "",false,3);
  $WAFV_Errors .= WAValidateRQ(((isset($_POST["Age"]))?$_POST["Age"]:"") . "",false,4);
  $WAFV_Errors .= WAValidateRQ(((isset($_POST["Height"]))?$_POST["Height"]:"") . "",false,5);
  $WAFV_Errors .= WAValidateRQ(((isset($_POST["HeightInch"]))?$_POST["HeightInch"]:"") . "",false,6);
  $WAFV_Errors .= WAValidateRQ(((isset($_POST["Shirt_Size"]))?$_POST["Shirt_Size"]:"") . "",false,1);
  $WAFV_Errors .= WAValidateRQ(((isset($_POST["Name2"]))?$_POST["Name2"]:"") . "",false,7);
  $WAFV_Errors .= WAValidateRQ(((isset($_POST["LastName2"]))?$_POST["LastName2"]:"") . "",false,8);
  $WAFV_Errors .= WAValidateRQ(((isset($_POST["ParentGuardian"]))?$_POST["ParentGuardian"]:"") . "",false,9);
  $WAFV_Errors .= WAValidateRQ(((isset($_POST["Email"]))?$_POST["Email"]:"") . "",false,10);
  $WAFV_Errors .= WAValidateRQ(((isset($_POST["Address"]))?$_POST["Address"]:"") . "",false,11);
  $WAFV_Errors .= WAValidateRQ(((isset($_POST["City"]))?$_POST["City"]:"") . "",false,12);
  $WAFV_Errors .= WAValidateRQ(((isset($_POST["State"]))?$_POST["State"]:"") . "",false,13);
  $WAFV_Errors .= WAValidateRQ(((isset($_POST["Zip"]))?$_POST["Zip"]:"") . "",false,14);
  $WAFV_Errors .= WAValidateRQ(((isset($_POST["areaMedCon"]))?$_POST["areaMedCon"]:"") . "",false,15);
  $WAFV_Errors .= WAValidateRQ(((isset($_POST["Medications"]))?$_POST["Medications"]:"") . "",false,16);
  $WAFV_Errors .= WAValidateRQ(((isset($_POST["Interval"]))?$_POST["Interval"]:"") . "",false,17);
  $WAFV_Errors .= WAValidateRQ(((isset($_POST["areaAllergies"]))?$_POST["areaAllergies"]:"") . "",false,18);
  $WAFV_Errors .= WAValidateRQ(((isset($_POST["Contact1_Name"]))?$_POST["Contact1_Name"]:"") . "",false,19);
  $WAFV_Errors .= WAValidateRQ(((isset($_POST["Contact1_Relationship"]))?$_POST["Contact1_Relationship"]:"") . "",false,20);
  $WAFV_Errors .= WAValidateRQ(((isset($_POST["Contact1_Home_Phone"]))?$_POST["Contact1_Home_Phone"]:"") . "",false,21);
  $WAFV_Errors .= WAValidateRQ(((isset($_POST["Contact1_Cell_Phone"]))?$_POST["Contact1_Cell_Phone"]:"") . "",false,22);
  $WAFV_Errors .= WAValidateRQ(((isset($_POST["Contact1_Address"]))?$_POST["Contact1_Address"]:"") . "",false,23);
  $WAFV_Errors .= WAValidateRQ(((isset($_POST["Contact1_City"]))?$_POST["Contact1_City"]:"") . "",false,24);
  $WAFV_Errors .= WAValidateRQ(((isset($_POST["Contact1_State"]))?$_POST["Contact1_State"]:"") . "",false,25);
  $WAFV_Errors .= WAValidateRQ(((isset($_POST["Contact1_Zip"]))?$_POST["Contact1_Zip"]:"") . "",false,26);
  $WAFV_Errors .= WAValidateRQ(((isset($_POST["Contact2_Name"]))?$_POST["Contact2_Name"]:"") . "",false,27);
  $WAFV_Errors .= WAValidateRQ(((isset($_POST["Contact2_Relationship"]))?$_POST["Contact2_Relationship"]:"") . "",false,28);
  $WAFV_Errors .= WAValidateRQ(((isset($_POST["Contact2_Home_Phone"]))?$_POST["Contact2_Home_Phone"]:"") . "",false,29);
  $WAFV_Errors .= WAValidateRQ(((isset($_POST["Contact2_Cell_Phone"]))?$_POST["Contact2_Cell_Phone"]:"") . "",false,30);
  $WAFV_Errors .= WAValidateRQ(((isset($_POST["Contact2_Address"]))?$_POST["Contact2_Address"]:"") . "",false,31);
  $WAFV_Errors .= WAValidateRQ(((isset($_POST["Contact2_City"]))?$_POST["Contact2_City"]:"") . "",false,32);
  $WAFV_Errors .= WAValidateRQ(((isset($_POST["Contact2_State"]))?$_POST["Contact2_State"]:"") . "",false,33);
  $WAFV_Errors .= WAValidateRQ(((isset($_POST["Contact2_Zip"]))?$_POST["Contact2_Zip"]:"") . "",false,34);
  
  

  if ($WAFV_Errors != "")  {
    PostResult($WAFV_Redirect,$WAFV_Errors,"index_524");
  }
}
?>

In page example:

<input name="Contact2_Zip" type="text"   id="Contact2_Zip" value="<?php echo(ValidatedField("index_524","Contact2_Zip")) ?>" size="12">

<?php
if (ValidatedField('index_524','index_524'))  {
  if ((strpos((",".ValidatedField("index_524","index_524").","), "," . "" . ",") !== false || "" == ""))  {
    if (!(false))  {
?>          <div style="background-color: rgba(255,229,0,1.00); border-radius: 6px; border: 1px solid rgba(255,174,0,1.00);padding:6px;">All fields are REQUIRED except signing up to receive email promotions. Please review your document and complete any fields left unsigned.</div>
        <?php //WAFV_Conditional index.php index_524( :)
    }
  }
}?>


<img id="capt1" src="../webassist/captcha/wavt_captchasecurityimages.php?width=200&height=50&field=Security_Code_1&bgcolor=FFFFFF&transparent=0&bgimage=&gridfreq=20&gridcolor=000000&gridorder=behind&noisefreq=20&noisecolor=000000&noiseorder=behind&characters=5&charheight=&font=fonts/MOM_T___.TTF&textcolor=000000" alt="security code" width="200" height="50" /><img src="../webassist/captcha/images/refresh.png" height="18" onClick="document.getElementById('capt1').src+='&ref=1'">
          
          
          <?php
if (ValidatedField('indexX_276','indexX_276'))  {
  if ((strpos((",".ValidatedField("indexX_276","indexX_276").","), "," . "35" . ",") !== false || "35" == ""))  {
    if (!(false))  {
?>
          <div style="background-color: rgba(255,229,0,1.00); border-radius: 6px; border: 1px solid rgba(255,174,0,1.00); padding: 6px; width: 300px;">Security values not entered as shown. Please enter again and submit.</div>
          <?php //WAFV_Conditional indexX.php indexX_276(35:)
    }
  }
}?>

Is the solution to move the single captcha validation to the full page validations such as :

...
$WAFV_Errors .= WAValidateRQ(((isset($_POST["Contact2_City"]))?$_POST["Contact2_City"]:"") . "",false,32);
$WAFV_Errors .= WAValidateRQ(((isset($_POST["Contact2_State"]))?$_POST["Contact2_State"]:"") . "",false,33);
$WAFV_Errors .= WAValidateRQ(((isset($_POST["Contact2_Zip"]))?$_POST["Contact2_Zip"]:"") . "",false,34);
$WAFV_Errors .= WAValidateLE($_SESSION['captcha_Security_Code_1'] . "",((isset($_POST["Security_Code_1"]))?$_POST["Security_Code_1"]:"") . "",true,35);

Or is it correct to add a new validation such as :

...
$WAFV_Errors .= WAValidateRQ(((isset($_POST["Contact2_City"]))?$_POST["Contact2_City"]:"") . "",false,32);
$WAFV_Errors .= WAValidateRQ(((isset($_POST["Contact2_State"]))?$_POST["Contact2_State"]:"") . "",false,33);
$WAFV_Errors .= WAValidateRQ(((isset($_POST["Contact2_Zip"]))?$_POST["Contact2_Zip"]:"") . "",false,34);
$WAFV_Errors .= WAValidateRQ(((isset($_POST["Security_Code_1"]))?$_POST["Security_Code_1"]:"") . "",false,36);

What is "WAValidateLE" in comparison to "WAValidateRQ"?

5/27/2014 8:03 am | #2 Steve

Completed the migration of validations but now the Captcha does not work... Using the proper Like comparison etc...

??

File attached.

Attached Files

indexx.php.zip

5/27/2014 8:17 am | #3 Jason ByrnesWebAssist

the like entry code is a little off, try this instead:

$WAFV_Errors .= WAValidateLE(((isset($_POST["Security_Code_1"]))?strtolower($_POST["Security_Code_1"]):"") . "",((isset($_SESSION["captcha_Security_Code_1"]))?strtolower($_SESSION["captcha_Security_Code_1"]):"") . "",true,35);

5/27/2014 9:32 am | #4 Steve

Thanks Jason,

I'm seeing some wacky behaviour from the Validations extension/plugin.

Manually insert your line of code:
$WAFV_Errors .= WAValidateLE(((isset($_POST["Security_Code_1"]))?strtolower($_POST["Security_Code_1"]):"") . "",((isset($_SESSION["captcha_Security_Code_1"]))?strtolower($_SESSION["captcha_Security_Code_1"]):"") . "",true,35);

WORKS!

Then reopen WA Server Validations and Check the settings which now show an ignore case sensitivity condition. Close and accept that and the extension re-renders the line of code as:
$WAFV_Errors .= WAValidateLE(((isset($_POST["Security_Code_1"]))?$_POST["Security_Code_1"]):"" . "",((isset($_SESSION["captcha_Security_Code_1"]))?$_SESSION["captcha_Security_Code_1"]):"" . "",true,35);

Fails - no longer using the String to Lower function and the parenthesis are out of place.

Manually fixing the issue as shown makes the page work:
$WAFV_Errors .= WAValidateLE(((isset($_POST["Security_Code_1"]))?$_POST["Security_Code_1"]:"") . "",((isset($_SESSION["captcha_Security_Code_1"]))?$_SESSION["captcha_Security_Code_1"]:"") . "",true,35);

WORKS!

So it looks as though there are two conditions; one checking case sensitivity and one not. Both can work but the rewrite in the extension fails to rewrite accurately.

Let's do another test removing the validation and resetting it fresh testing both case sensitivity options:
After removing the validation on the captcha and reentering it NOT case sensitive renders this code:
$WAFV_Errors .= WAValidateLE(strtolower($_SESSION['captcha_Security_Code_1']) . "",strtolower(((isset($_POST["Security_Code_1"]))?$_POST["Security_Code_1"]:"")) . "",true,35);
WORKS! - Not case sensitive

Next let's try removing and then adding back but as case sensitive:
$WAFV_Errors .= WAValidateLE(((isset($_POST["Security_Code_1"]))?$_POST["Security_Code_1"]:"") . "",((isset($_POST["Security_Code_1"]))?$_POST["Security_Code_1"]:"") . "",true,35);
WORKS! - BUT NOT case sensitive

Let's now try changing between the two:
Code renders properly but there is NO case sensitive condition. Maybe I am assuming that the opposite of Not Case Sensitive is actually being case sensitive?

The other issues seem related to proper refresh which has been an issue for years and more likely Adobe or Apples fault ( I do not know).

Screen shots attached showing the rendered code and also the view showing Not Case Sensitive being deselected and still allowing the showed string to pass as a successful validation.

5/27/2014 9:42 am | #5 Jason ByrnesWebAssist

When the NOT Case sensitive option is selected, the strtolower() funciton is used to convert both strings to lower case so that the user will not need to enter the cpatcha string using the same case thatthe captcha image is displaying it as.

if you do not check the Not Case sensitive option, strtolower() will not be used and you will need to type the captcha string using the seams case as in the captcha image.

I'm a little confused by your descriptions (a bit jumbled and difficult to follow), but it seams to sound like that is what is happening for you.

5/27/2014 10:04 am | #8 Steve

I've got the case sensitive to work. The code above references a post rather than session following this text :
"Next let's try removing and then adding back but as case sensitive:"

Spent the last couple hours testing and caught the wrong binding on the initial selection.

The main issue was the initial bad code that had issues with it's parentheses:
$WAFV_Errors .= WAValidateLE(((isset($_POST["Security_Code_1"]))?$_POST["Security_Code_1"]):"" . "",((isset($_SESSION["captcha_Security_Code_1"]))?$_SESSION["captcha_Security_Code_1"]):"" . "",true,35);

But I can not recreate this condition so will have to dismiss the case and watch for it next time.

Thanks for your help.

Technical Support Forums

Free, outstanding support from WebAssist and your colleagues

Server Side validtion and captcha

5/27/2014 6:37 am | #1 Steve