I’m having trouble inserting a reCAPTCHA within a log in system, it seems the user can enter the correct username and password without even inserting anything within the reCAPTCHA. An example log in user is – username = steven password = steven
Below is the link to the site and the code for the log in page and then the staff area page code.
http://newmedia.leeds.ac.uk/ug10/cs10dw/workspace1/login.php
Anyone help would be greatly appreciated.
<?php require_once("includes/connection.php"); ?>
<?php require_once("includes/functions.php"); ?>
<?php
include_once("includes/form_functions.php");
// START FORM PROCESSING
if (isset($_POST['submit'])) { // Form has been submitted.
$errors = array();
// perform validations on the form data
$required_fields = array('username', 'password');
$errors = array_merge($errors, check_required_fields($required_fields, $_POST));
$fields_with_lengths = array('username' => 30, 'password' => 30);
$errors = array_merge($errors, check_max_field_lengths($fields_with_lengths, $_POST));
$username = trim(mysql_prep($_POST['username']));
$password = trim(mysql_prep($_POST['password']));
$hashed_password = sha1($password);
if ($_POST) {
require_once($_SERVER['DOCUMENT_ROOT'] . '/recaptcha/recaptchalib.php');
$privatekey ="6LcHbc0SAAAAAOs2d7VnzV7RtedMkLs306ekQPUP";
$resp = recaptcha_check_answer ($privatekey,
$_SERVER['REMOTE_ADDR'],
$_POST['recaptcha_challenge_field'],
$_POST['recaptcha_response_field']);
$str_result = "";
if (!$resp->is_valid) {
// What happens when the CAPTCHA was entered incorrectly
$message = "The reCAPTCHA wasn't entered correctly. Go back and try it again. (reCAPTCHA said: " . $resp->error . ")";
// Add a redirect to an error page or just put an exit(); here
}
}
if ( empty($errors) ) {
// Check database to see if username and the hashed password exist there.
$query = "SELECT * ";
$query .= "FROM users ";
$query .= "WHERE username = '{$username}' ";
$query .= "AND hashed_password = '{$hashed_password}' ";
$result_set = mysql_query($query);
confirm_query($result_set);
if (mysql_num_rows($result_set) == 1) {
// username/password authenticated
// and only 1 match
$found_user = mysql_fetch_array($result_set);
redirect_to("staff.php");
} else {
// username/password combo was not found in the database
$message = "<h1> Username or password is incorrect. </h1><br />
";
}
}
}
?>
<?php include("includes/header.php"); ?>
<table id="structure">
<tr>
<td id="navigation">
<a href="index.php">Return to public site</a>
</td>
<td id="page">
<h2>Staff Login</h2>
<?php if (!empty($message)) {echo "<p class=\"message\">" . $message . "</p>";} ?>
<?php if (!empty($errors)) { display_errors($errors); } ?>
<form action="login.php" method="post">
<table>
<tr>
<td>Username:</td>
<td><input type="text" name="username" maxlength="30" value="<?php echo htmlentities($username); ?>" /></td>
</tr>
<tr>
<td>Password:</td>
<td><input type="password" name="password" maxlength="30" value="<?php echo htmlentities($password); ?>" /></td>
</tr>
<tr>
<?php
require_once($_SERVER['DOCUMENT_ROOT'] . '/recaptcha/recaptchalib.php');
$publickey = "6LcHbc0SAAAAABQAnCHSHGhSuSXkZ2d1MoBa4xw2";
echo recaptcha_get_html($publickey);
?>
<td colspan="2"><input type="submit" name="submit" value="Login" /></td>
</tr>
</table>
</form>
</td>
</tr>
</table>
<?php include("includes/footer.php"); ?>
* STAFF PAGE *
<?php require_once("includes/functions.php"); ?>
<?php include("includes/header.php"); ?>
<table id="structure">
<tr>
<td id="navigation">
</td>
<td id="page">
<h2>Staff Menu</h2>
<ul>
<li><a href="content.php">Manage Website Content</a></li>
<li><a href="new_user.php">Add Staff User</a></li>
<li><a href="logout.php">Logout</a></li>
</ul>
</td>
</tr>
</table>
<?php include("includes/footer.php"); ?>
Try this: