R
E
S
O
U
R
C
E
S
       Home      Products & Services      Contact Us      Links


WebHatchers will design & develop your site for you.
_______________________

Website Menu Heaven: menus, buttons, etc.
_______________________

Send us your questions.
_______________________

site search by freefind
_______________________

HOME
SEO, Google, Privacy
   and Anonymity
Browser Insanity
JavaScript
Popups and Tooltips
Free Website Search
HTML Form Creator
Animation
Buttons and Menus
Counters
Captchas
Image Uploading
CSS and HTML
PHP
AJAX
XPATH
Website Poll
IM and Texting
Databases—MySQL
   or Not MySQL
Personal Status Boards
Content Management
   Systems
Article Content
   Management Systems
Website Directory
   CMS Systems
Photo Gallery CMS
Forum CMS
Blog CMS
Customer Records
   Management CMS
Address Book CMS
Private Messaging CMS
Chat Room CMS
JavaScript Charts
   and Graphs




Free Personal Status Boards (PSB™)

Free Standard Free PSB

Free PSB Pro Version

Free Social PSB

Free Social PSB Plus (with Email)

Free Business PSB

Free Business PSB Plus (with Email)

PSB demo

Social PSB demo

Business PSB demo

So what's all this PSB stuff about?

Chart comparing business status boards

PSB hosting diagram

PSB Licence Agreement



Copyright © 2002 -
MCS Investments, Inc. sitemap

PSBs, social networking, social evolution, microcommunities, personal status boards
PSBs, social networking, business personal status boards
website design, ecommerce solutions
website menus, buttons, image rotators
Ez-Architect, home design software
the magic carpet and the cement wall, children's adventure book
the squirrel valley railroad, model railroad videos, model train dvds
the deep rock railroad, model railroad videos, model train dvds

Security Levels from Captchas and PHP Input Filtering

Also see:

Adding any kind of captcha to an HTML form will increase your security a lot. Here are some of the best:


PHP Captcha Scripts and Tutorial with Google reCAPTCHA

Above is the funniest looking captcha yet: the Google reCAPTCHA, which has no words or puzzles or anything else except a box to click asserting you're not a robot but a real live person. Once robots are able to think and browse the internet and type on computer keyboards, what will the poor robots do when confronted with such a box?!

Robot confused by a Google reCAPTCHA
Robot confused by a Google reCAPTCHA

We've tried these Google reCAPTCHAS and so far they seem fine. We hope no hacker finds a workaround and the spambots get through in spite of the captcha! Incidentally, they only work if JavaScript is turned on. If it's turned off, the captchas don't appear on the page, but in your PHP form validation script, some code that Google gives everyone that signs up for their captchas will always find that their response is invalid because they did not click the captcha. This is as it should be, since one shouldn't need to have scripting turned on in order to have their captcha code protect us. After all, those who are trying to spam us usually do so from computers with JavaScript turned off.

The Google reCAPTCHA system page has lots of information about how to use the captcha code that Google supplies effectively. Make sure to read it as well as the info below to best understand how this captcha will protect you.

Note that in validating the captcha response script, below, we did not use any JavaScript—just in case the visitor or spammer has JavaScript turned off. That way the response "Please check the captcha form. Press Back Button." will be seen whether or not JavaScript is turned on. All other form input checker script blocks below use JavaScript to deliver the response and then they are followed by the PHP exit() function to make sure the script goes no further (which it can, due to fact that JavaScript is browser based and client side while PHP is server only). It is not possible for visitors or spambots to get past the captcha-related code block if they have scripting turned off or have failed to click the captcha, so using JavaScript in these code blocks is warranted.

<?php

$captcha=$_POST['g-recaptcha-response'];
if(!$captcha){exit("Please check the captcha form. Press Back button.");}
$response=file_get_contents("https://www.google.com/recaptcha/api/siteverify?secret='yoursecretcaptchakey'&response=".$captcha."&remoteip=".$_SERVER['REMOTE_ADDR']);
if($response.success==false)
{exit("Fill fields, please. Press Back button.");}

function cleanit($T){
global $T;
$pattern1 = '/[^a-zA-Z0-9\\s\\.\\,\\!\\-\\_\\?\\:\\/\\=\\&]/i';
$T=preg_replace($pattern1, '', $T);}

$agree=$_POST['agree'];
if ($agree != "agree") {$agree="no!";echo '<script language="javascript">alert("You must agree with MODEL/ACTRESS AND VIDEOGRAPHER RELEASE AND ASSIGNMENT for your submission to be taken seriously.");window.location = "index.html#input";</script>';exit();}

$Name=$_POST['Name'];$T=$Name;cleanit($T);$Name=$T;
if (strlen($Name)<5){
echo '<script language="javascript">alert("Please enter your full real name. It will be kept private.");window.location = "index.html#input";</script>';exit();}

$fakename=$_POST['fakename'];$T=$fakename;cleanit($T);$fakename=$T;

$email = htmlspecialchars($_POST['email'], ENT_QUOTES);
if (!preg_match("/([\w\-]+\@[\w\-]+\.[\w\-]+)/",$email)) {echo '<script language="javascript">alert("Please enter valid email address.");window.location = "index.html#input";</script>';exit();}

$whereclips=$_POST['whereclips'];

$findclips=$_POST['findclips'];$T=$findclips;cleanit($T);$findclips=$T;
if (strlen($findclips)<4){echo '<script language="javascript">alert("We need a URL, the word MAIL, or something else useful here.");window.location = "index.html#input";</script>';exit();}

if ($agree == "agree") {
$to = "congo@pogos.info";
$subject="Pogos site contact re: video clips";
$message = "Agree?: ".$agree." on ".date("l dS \of F Y h:i:s A")."\n\nName: ".$Name."\n\nEmail: ".$email."\n\nFakename: ".$fakename."\n\nWhere?: ".$whereclips."\n\nFind em here: ".$findclips;
$headers = "From: congo@pogos.info\r\nReply-To: congo@pogos.info";

if(mail($to, $subject, $message, $headers)){echo '<script language="javascript">alert("Checking your info. If your submission seems OK, we will get back to you.");window.location = "index.html";</script>';exit();}

else{echo "<center><font face='Verdana' size='2' color=red>There is some system problem in sending us your info. <br><br><input type='button' value='Retry' onClick='history.go(-1)'></center></font>";}
}
?>



Note that in three of the scripts above you'll find a sequence that sends a posted variable through the cleanit() function which dumps unacceptable characters from the variable and uses a regular expression and the PHP function preg_replace() to do it. For example: $findclips=$_POST['findclips'];$T=$findclips;cleanit($T);$findclips=$T; It is normally better to avoid one-size-fits-all functions like cleanit() as this can lead to allowing more characters than necessary, thereby making the script less secure. It is best to have a different regular expression pattern for each posted form input variable to maintain the tightest controls—like the script below.

The cleanit () function uses the preg_replace() function and the strip_tags() function and could have been improved by use of the trim() function as well, to maintain the tightest controls of inputted posted variable characters. Note the Google reCAPTCHA code which indicates that we are using their captcha in this PHP validator as well.




<?php
//email.php

$pattern1 = '/[^A-Za-z0-9\\-\\.\\@\\_]/';
$pattern2 = '/[^A-Za-z \\-]/';
$pattern3 = '/[^0-9 \\-]/';
$pattern4 = '/[^A-Za-z0-9 \\,]/';
$pattern5 = '/[^A-Za-z0-9 \\.\\;\\:\\-\\,]/';
$replacement = '';
$N=$_POST['Name'];
$E=$_POST['email'];
$H=$_POST['Phone'];
$F=$_POST['Fax'];
$A=$_POST['message'];
$N=strip_tags($N);
$N=preg_replace($pattern2, $replacement, $N);
$E=strip_tags($E);
$E=preg_replace($pattern1, $replacement, $E);
$H=strip_tags($H);
$H=preg_replace($pattern3, $replacement, $H);
$F=strip_tags($F);
$F=preg_replace($pattern3, $replacement, $F);
$A=strip_tags($A);
$A=preg_replace($pattern5, $replacement, $A);
if(strlen($N)<6||strlen($E)<6){echo '<SCRIPT LANGUAGE="JavaScript">alert("Fill fields, please.");window.location = "contact.php";</script>';exit();}

else{

$captcha=$_POST['g-recaptcha-response'];
if(!$captcha){echo '<SCRIPT LANGUAGE="JavaScript">alert("Please check the captcha form.");window.location = "contact.php";</script>';exit();}
$response=file_get_contents("https://www.google.com/recaptcha/api/siteverify?secret='secretgooglerecaptchacode'&response=".$captcha."&remoteip=".$_SERVER['REMOTE_ADDR']);
if($response.success==false)
{echo '<SCRIPT LANGUAGE="JavaScript">alert("Fill fields, please.");window.location = "contact.php";</script>';exit();}



$to = "ourwebsite@site.info";
$subject = "ourwebsite email";
$message = $N."\nPHONE: ".$H."\nFAX: ".$F."\nEMAIL: ".$E."\nMESSAGE: ".$A;
$headers = "From: ".$E;
$mail_sent = mail($to, $subject, $message, $headers);

if($mail_sent){echo '<SCRIPT LANGUAGE="JavaScript">alert("Message sent!");</script>';}
echo '<SCRIPT LANGUAGE="JavaScript">window.location = "index.html";</script>';exit();}
?>