最新消息:雨落星辰是一个专注网站SEO优化、网站SEO诊断、搜索引擎研究、网络营销推广、网站策划运营及站长类的自媒体原创博客

javascript - jQuery Real Person - always fails - Stack Overflow

programmeradmin2浏览0评论

No matter what I type in (even the correct captcha), I always get missmatched output. I've tried echoing the values (they are supposed to match if you type in the right code). and I always get something like this:

6952304285049
-1247767175

  • I am using jquery-1.10.2.min.js (and have this linked in my header along with the realperson.js file) /SignUp.php

Here's my code (im doing some other validating as well):

<?php
include 'Header.php';
include 'Database.php';
?>
<script type="text/javascript">
    $(function() {
        $('#defaultReal').realperson();
    });
</script>

<h1>Sign Up</h1>

<?php

if ($_POST){

    $username = $_POST['username'];
    $password = $_POST['password'];
    $check = '';

    //validate CAPTCHA
    function rpHash($value) { 
        $hash = 5381; 
        $value = strtoupper($value); 
        for($i = 0; $i < strlen($value); $i++) { 
        $hash = (($hash << 5) + $hash) + ord(substr($value, $i)); 
        } 
        return $hash; 
    } 
      if (rpHash($_POST['defaultReal']) == $_POST['defaultRealHash']) { ?>
        <p class="accepted">You have entered the "real person" value correctly and the form has been processed.</p>
<?php 

    //if username is not blank
    if($username != ''){

        //check if username exists already
        $query = "SELECT username FROM tbl_user;";
        $result = mysql_query($query) or die(mysql_error());
        while ($record = mysql_fetch_row($result))
        {
            foreach($record as $field)
            {
                if($field == $username){
                    //if user exists, dont let them add same user
                    $error_message_username = 'username already used; choose a unique name';
                }
                else{
                    $check = 'pass';
                }
            }
        }   
    }else{
        $error_message_username = 'username cannot be blank';
    }

    //if password is not blank
    if($password != ''){    
        $error_message_password = '';

        // encrypt password
        $encrypted_password = md5($password);   

        if($check == 'pass'){
            //set username and password into database
            $query = "INSERT INTO tbl_user VALUES('','".$username."','".$encrypted_password."');";
            $result = mysql_query($query) or die(mysql_error());
        }
    }else{
        $error_message_password = 'password cannot be blank';
    }



    } else { ?>
            <p class="rejected">You have NOT entered the CAPTCHA value correctly and the form has been rejected.</p>
    <?php 
echo rpHash($_POST['defaultReal']) . '<br/>';
echo $_POST['defaultRealHash'];

}

}    

?>

<form method="post" action="SignUp.php">
  <p>
    E-Mail:
    <input type="text" class="required email" id="username" name="username">
    <?php 
    if ( $error_message_username != '' ) {
        print "$error_message_username";
    }
    ?>
  </p>
  <p>
    Password:
    <input type="text" name="password">
            <?php 
    if ( $error_message_password != '' ) {
        print "$error_message_password";
    }
    ?>
  </p>
  <p>
    CAPTCHA:
    <input type="text" id="defaultReal" name="defaultReal">
  </p>
  <p>
    <button class="mybutton" type="submit" value="Sign Up">Sign Up</button>
  </p>
</form>

No matter what I type in (even the correct captcha), I always get missmatched output. I've tried echoing the values (they are supposed to match if you type in the right code). and I always get something like this:

6952304285049
-1247767175

  • I am using jquery-1.10.2.min.js (and have this linked in my header along with the realperson.js file) http://gfishdesigns./COMP2920/_COMPLETED/Assignment%202/SignUp.php

Here's my code (im doing some other validating as well):

<?php
include 'Header.php';
include 'Database.php';
?>
<script type="text/javascript">
    $(function() {
        $('#defaultReal').realperson();
    });
</script>

<h1>Sign Up</h1>

<?php

if ($_POST){

    $username = $_POST['username'];
    $password = $_POST['password'];
    $check = '';

    //validate CAPTCHA
    function rpHash($value) { 
        $hash = 5381; 
        $value = strtoupper($value); 
        for($i = 0; $i < strlen($value); $i++) { 
        $hash = (($hash << 5) + $hash) + ord(substr($value, $i)); 
        } 
        return $hash; 
    } 
      if (rpHash($_POST['defaultReal']) == $_POST['defaultRealHash']) { ?>
        <p class="accepted">You have entered the "real person" value correctly and the form has been processed.</p>
<?php 

    //if username is not blank
    if($username != ''){

        //check if username exists already
        $query = "SELECT username FROM tbl_user;";
        $result = mysql_query($query) or die(mysql_error());
        while ($record = mysql_fetch_row($result))
        {
            foreach($record as $field)
            {
                if($field == $username){
                    //if user exists, dont let them add same user
                    $error_message_username = 'username already used; choose a unique name';
                }
                else{
                    $check = 'pass';
                }
            }
        }   
    }else{
        $error_message_username = 'username cannot be blank';
    }

    //if password is not blank
    if($password != ''){    
        $error_message_password = '';

        // encrypt password
        $encrypted_password = md5($password);   

        if($check == 'pass'){
            //set username and password into database
            $query = "INSERT INTO tbl_user VALUES('','".$username."','".$encrypted_password."');";
            $result = mysql_query($query) or die(mysql_error());
        }
    }else{
        $error_message_password = 'password cannot be blank';
    }



    } else { ?>
            <p class="rejected">You have NOT entered the CAPTCHA value correctly and the form has been rejected.</p>
    <?php 
echo rpHash($_POST['defaultReal']) . '<br/>';
echo $_POST['defaultRealHash'];

}

}    

?>

<form method="post" action="SignUp.php">
  <p>
    E-Mail:
    <input type="text" class="required email" id="username" name="username">
    <?php 
    if ( $error_message_username != '' ) {
        print "$error_message_username";
    }
    ?>
  </p>
  <p>
    Password:
    <input type="text" name="password">
            <?php 
    if ( $error_message_password != '' ) {
        print "$error_message_password";
    }
    ?>
  </p>
  <p>
    CAPTCHA:
    <input type="text" id="defaultReal" name="defaultReal">
  </p>
  <p>
    <button class="mybutton" type="submit" value="Sign Up">Sign Up</button>
  </p>
</form>
Share Improve this question edited Nov 18, 2013 at 19:03 KVDD asked Nov 16, 2013 at 8:28 KVDDKVDD 6522 gold badges9 silver badges22 bronze badges 9
  • mysql_ is deprecated. Better use mysqli_ or PDO. Also, you are susceptible to trivial SQL injection attacks. Pray someone's username isn't '); DROP database --. Using prepared statements (not supported by mysql_) will solve that. Also, detecting if an entry in a database exists by fetching all and looping through them is kinda stupid (slow) (and susceptible to race conditions). Better let the database do it via unique constraints (prechecks are fine but not sufficient) – John Dvorak Commented Nov 16, 2013 at 8:36
  • where do you get the captcha value from the user needs to re-type? AFAIK this has to be stored in to the session first to be validated - that's how the most captcha libs work? – Axel Amthor Commented Nov 16, 2013 at 9:29
  • I'm sure the way I'm doing it is stupid/slow, as this is for a homework assignment in a PHP class, so I'm still learning how to do this stuff. As far as I can see from the working example in the .html file I downloaded for realperson.js, there is no session involved. Does it not grab the person's captcha entry via this? $_POST['defaultRealHash'] – KVDD Commented Nov 18, 2013 at 18:06
  • I might actually have the defaultReal, and defaultRealHash backwards. Let me switch and let you know if that fixes it... – KVDD Commented Nov 18, 2013 at 18:44
  • 1 AH! The rpHash function (php) uses the >> bitwise operator which apparently responds differently on 32-bit and 64-bit machines. So, use the other php functions provided on the site under 64-bit php. I haven't investigated this thoroughly, but it worked on my demo server (Mac) and production server (Cent-OS) PHP 5.4.x x86_64 – Craig Jacobs Commented Apr 17, 2014 at 21:30
 |  Show 4 more ments

2 Answers 2

Reset to default 4

Well said Craig Jacobs, it is the same problem which you pointed out. I also faced the same thing and solved by making changes shown below:

function rpHash($value) {
    $hash = 5381;
    $value = strtoupper($value);
    for($i = 0; $i < strlen($value); $i++) {
        $hash = (leftShift32($hash, 5) + $hash) + ord(substr($value, $i));
    }
    return $hash; }

function leftShift32($number, $steps) {
    $binary = decbin($number);
    $binary = str_pad($binary, 32, "0", STR_PAD_LEFT);
    $binary = $binary.str_repeat("0", $steps);
    $binary = substr($binary, strlen($binary) - 32);
    return ($binary{0} == "0" ? bindec($binary) :
        -(pow(2, 31) - bindec(substr($binary, 1)))); 
}

if (isset($_POST['submit'])) {

    .....
    if (rpHash($_POST['defaultReal']) != $_POST['defaultRealHash']) {
        echo "Invalid contact request, please try again with correct verification code...";
        exit;
    }
    .....
    .....
}

Hope it will help someone else too.

There are two versions of the php rpHash function provided, one for 32-bit and one for 64-bit PHP. Run phpinfo and make sure you are using the correct version of the function as provided on this page http://keith-wood.name/realPerson.html. The bitwise functions as used here will return different values on 32 and 64 bit machines. See this page: http://www.php/manual/en/language.operators.bitwise.php

发布评论

评论列表(0)

  1. 暂无评论