Trying to implement a captcha system. the cgi is on different server than my dev one.
The cgi alone spits out an md5() hash, which gets plugged into an image string.
captcha.php
[code=php]
<?php
$curl_handle=curl_init();
curl_setopt($curl_handle,CURLOPT_URL,’http://www.cygnusinteractive.com/path/hidden/cgi-bin/captcha.cgi’);
curl_setopt($curl_handle,CURLOPT_RETURNTRANSFER,1);
$buffer = curl_exec($curl_handle);
?>
<p><img src=”http://www.cygnusinteractive.com/path/hidden/captcha/<?php echo $buffer; ?>.png” alt=”captcha image” /></p>
<p><?php echo $buffer; ?></p>
<form name=”captcha” action=”captcha-check.php” method=”post”>
<input type=”hidden” name=”hash” value=”<?php echo $buffer; ?>” />
<input name=”captcha-value” type=”text” size=”35″ />
<input type=”submit” name=”submit” />
</form>
<?php curl_close($curl_handle); ?>
captcha-check.php
($_POST and md5() exposed for testing; logic is rather dumb atm)
[code=php]
<pre>
<?php print_r($_POST); ?>
</pre>
<?php
echo md5($_POST[‘captcha-value’]);
if ($_POST[‘hash’] == md5($_POST[‘captcha-value’])) {
echo “<p>Captcha Matches</p>”;
} else {
echo “<p>No Match!</p>”;
}
?>
It works. The string that gets submitted matches up to the captcha hash. Am I doing this right? Did I unknowingly leave any loopholes? ?