I am creating a very simple Captcha verification process.
(When a user tries to log into my website 3 times, without success, he is re-directed to the Captcha Page (captcha.php), to verify that he is not a spam-bot)
The Captcha value itself is randomly generated from a string of letters and numbers. 6 digits in all.
And then, I compare this value with the value entered by the user into a text-box. if the values match, the user may proceed. If not, the page reloads, an error message is displayed, and a new captcha is generated.
Very simple. No javascript, no ajax.
Except for one thing : the Captcha is NOT re-directing if the user provides the correct value.
Instead, it gives the error message every time.
<?php session_start();
include 'database_connect.php';
function getRandomString($length) {
$validCharacters =
"ABCDEFGHIJKLMNPQRSTUVWXYZ123456789";
$validCharNumber = strlen($validCharacters);
$result = "";
for ($i = 0; $i < $length; $i++) {
$index = mt_rand(0, $validCharNumber - 1);
$result .= $validCharacters[$index];
}
return $result; }
$captcha_value = getRandomString(6);
?>
<!DOCTYPE html>
<html>
<head>
<META HTTP-EQUIV="Cache-Control" CONTENT="no-cache">
<META HTTP-EQUIV="Cache-Control" CONTENT="no-store">
<META HTTP-EQUIV="Pragma" CONTENT="no-cache">
<META HTTP-EQUIV="Expires" CONTENT="0">
<META CHARSET="UTF-8">
<title>Captcha Test</title>
</head>
<body>
<fieldset><legend>CAPTCHA :</legend>
<?php
if (isset($_POST['submit'])) {
$post_captcha = $_POST['captcha'];
if ($post_captcha == $captcha_value) {
$clear_failed_logins = mysqli_query($conn,("Delete FROM
login_attempts where login =
'$_POST[login]'"))
or die(mysqli_error($conn));
header ("Location: /example.com/login.php");
exit();
}
else {
echo "<p style='color:red; font-weight:bold;'>The value you
entered is not correct! Please try again.</p>";
}
}
?>
<p>Please input the characters you see into the text-box below :</p>
<p> <?= $captcha_value ?> </p>
<form method="POST" action="captcha.php">
<input type="text" name="captcha" id="captcha" size=10
autocomplete="off" required><br><br><br>
<input type="submit" name="submit" id="submit" value="SUBMIT">
</form>
</fieldset>