Home/ Questions/Q 8037263
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-05T02:52:39+00:00

I’m using an old random() function for creating a validation code for an AJAX

  • 0

I’m using an old random() function for creating a validation code for an AJAX commenting system I found on the web (source code at LINK ).

The idea behind is pretty simple: 

 function Random()
{
$chars = "ABCDEFGHJKLMNPQRSTUVWZYZ23456789";
srand((double)microtime()*1000000);
$i = 0;
$pass = '' ;
while ($i <= 4)
{
$num = rand() % 32;
$tmp = substr($chars, $num, 1);
$pass = $pass . $tmp;
$i++;
}
return $pass;
}
$random_code = Random();

and then in the form, just before the SUBMIT button: 

<label for="security_code">Enter this captcha code: <b><? echo $random_code; ?></b></label>
<input type="text" name="security_code" id="security_code" />

<input name="randomness" type="hidden" id="randomness" value="<?php $random_code; ?>">

My AJAX commenting system uses something like this for checking if a field is blank (ie. if there are any errors): 

$errors = array();
$data= array();
[...]

if(!($data['name'] = filter_input(INPUT_POST,'name',FILTER_CALLBACK,array('options'=>'Comment::validate_text'))))
{
$errors['name'] = 'Please enter a name.';
}

if(!empty($errors)){
[...]
}

so I wrote this: 

if(!($data['security_code'] = filter_input(INPUT_POST,'security_code',FILTER_CALLBACK,array('options'=>'Comment::validate_text'))))
{
$errors['security_code'] = 'You did not enter the validation code.';
}
elseif(!($data['security_code'] = $randomness))
{
$errors['security_code'] = 'You entered the validation code incorrectly. Please note that it is case sensitive.';
}

However when I click on the SUBMIT button after having inserted a random text in the validation code textfield ( test it by yourself at LINK ) I always get the “You entered the validation code incorrectly.” message.

print_r($_POST) gives an empty array and then the script hangs after I click on submit:
Array
(
)

What am I missing? The original captcha code gets lost at some point in the validation process (the 3rd and 4th blocks of code).
Thanks in advance

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    After seeing your code here, I see that the static function validate doesn’t know the variable $randomness! From your submit.php, you are making the following call:

    $arr = array();
    $validates = Comment::validate($arr);

    The function validate doesn’t know anything about the variable $randomness unless you pass such a thing to it – it is in a different scope.

    Try modifying the above mentioned code as such: 

        $arr = array(); // no change here  

    $randomness = isset($_POST['randomness']) ? $_POST['randomness'] : '';   
    // Check for empty randomness before you validate it in Comment::validate
    // so that you donot verify for '' == '' there. 

    $validates = Comment::validate($arr, $randomness);

    And alter the validate function as follows: 

        public static function validate(&$arr, $randomness)
    {

    I know its not the elegant solution – that would require few more things that you’d learn well for yourself, this is just to show you the way…
    Let me know how it goes.

    • 0