How to get the “really simple captcha” to work in a simple contact form?

I tried to create a simple contact form according to this tutorial

To avoid spam attacks I tried to combine that contact form with the really simple captcha plugin.

Read More

With the following code I’m able to use the shortcode [contact] in any of my pages and the form is displaying BUT there is a problem when checking the captcha.

This is the plugin’s code:

function wptuts_get_the_ip() {
    if (isset($_SERVER["HTTP_X_FORWARDED_FOR"])) {
        return $_SERVER["HTTP_X_FORWARDED_FOR"];
    }
    elseif (isset($_SERVER["HTTP_CLIENT_IP"])) {
        return $_SERVER["HTTP_CLIENT_IP"];
    }
    else {
        return $_SERVER["REMOTE_ADDR"];
    }
}
// short code function 
function wptuts_contact_form_sc( $atts ) {     
add_shortcode( 'contact', 'contact_form_shortcode' );

   extract(shortcode_atts(array(
        "email" => get_bloginfo('admin_email'),
        "subject" => '',
        "label_name" => 'Your Name',
        "label_email" => 'Your E-mail Address',
        "label_subject" => 'Your Answer',
        "label_captcha" => 'Captcha',
        "label_submit" => 'Submit',
        "error_empty" => 'Please fill in all the required fields.',
        "error_noemail" => 'Please enter a valid e-mail address.',
        "success" => 'Thanks for your e-mail! We'll get back to you as soon as we can.'
    ), $atts));

    $captcha_instance = new ReallySimpleCaptcha(); //imports really simple captcha plugin
    $word = $captcha_instance->generate_random_word();
    $prefix = mt_rand();
    $image= $captcha_instance->generate_image( $prefix, $word );

    if ($_SERVER['REQUEST_METHOD'] == 'POST') {

        $error = false;
        $required_fields = array("your_name", "email", "captcha", "subject");

        foreach ($_POST as $field => $value) {
            if (get_magic_quotes_gpc()) {
                $value = stripslashes($value);
            }
            $form_data[$field] = strip_tags($value);
        }

        foreach ($required_fields as $required_field) {
            $value = trim($form_data[$required_field]);
            if(empty($value)) {
                $error = true;
                $result = $error_empty;
            }
        }

        if(!is_email($form_data['email'])) {
            $error = true;
            $result = $error_noemail;
        }

        if ($error == false) {

            $captcha_text=$form_data['captcha'];                
            $correct = $captcha_instance->check( $prefix, $captcha_text );

            if($correct==TRUE){

                $email_subject = "[" . get_bloginfo('name') . "] " . $form_data['subject'];
                $email_message = $form_data['captcha'] . "nnIP: " . wptuts_get_the_ip();
                $headers  = "From: ".$form_data['your_name']." <".$form_data['email'].">n";
                $headers .= "Content-Type: text/plain; charset=UTF-8n";
                $headers .= "Content-Transfer-Encoding: 8bitn";
                wp_mail($email, $email_subject, $email_message, $headers);
                $result = $success;
                $sent = true;
            }
        }
    }

    if($result != "") {
        $info = '<div class="info">'.$result.'</div>';        
    }

    $email_form = '<form class="contact-form" method="post" action="'.get_permalink().'">
        <div>
            <label for="cf_name">'.$label_name.':</label>
            <input type="text" name="your_name" id="cf_name" size="50" maxlength="50" value="'.$form_data['your_name'].'" />
        </div>
        <div>
            <label for="cf_email">'.$label_email.':</label>
            <input type="text" name="email" id="cf_email" size="50" maxlength="50" value="'.$form_data['email'].'" />
        </div>
        <div>
            <label for="cf_subject">'.$label_subject.':</label>
            <input type="text" name="subject" id="cf_subject" size="50" maxlength="50" value="'.$subject.$form_data['subject'].'" />
        </div>
        <div>
            <label for="cf_message">'.$label_captcha.':</label>
            <input type="text" name="captcha" id="cf_message" size="50" maxlength="50" value=""/>
        </div>
        <div id="captcha"><span id="captcha_text">Captcha:</span><img id="captcha_image" src="'.plugins_url("really-simple-captcha/tmp/" . $image) . '" alt="" /></div>
        <div>
            <input type="submit" value="'.$label_submit.'" name="send" id="cf_send" />
        </div>

    </form>';

    if($sent == true) {
        return $info;
    } else {
        return $info.$email_form;
    }
} 
add_shortcode('contact', 'wptuts_contact_form_sc');

// add plugins style to frontend
function prize_game_contact_form() {
wp_register_style('prize_game_contact_form', plugins_url('css/style.css',__FILE__));
wp_enqueue_style('prize_game_contact_form');
}
add_action('wp_enqueue_scripts', 'prize_game_contact_form');

I didn’t add $captcha_instance->remove( $prefix ); so far because it works not as it should. It seems that every time I click on the submit button a new word is created and the function $captcha_instance->check() checks if the new word equals the captcha text in the input field but those words doesn’t match of course because it’s already a new word. I don’t understand why a new word is created when clicking on the submit button. Where is the error?

Related posts

Leave a Reply

4 comments

  1. I believe the problem is that you are generating a new $prefix each time the function runs. So there is no way to run the check() or the remove() because the $prefix used on the form is then a new value.

    In your form, create a hidden input field with the value of the $prefix being used. So that value is posted with the form. When the function is run the 2nd time after the form post, use the posted $prefix value to do the check() and remove(). That should do it.

    Here is a detailed article on how to integrate Really Simple Captcha plugin into your plugin or theme together with the hidden prefix field I just mentioned: http://www.lost-in-code.com/platforms/wordpress/wordpress-plugins/wordpress-using-really-simple-captcha/

    Feel free to let me know if you need any assistance.

  2. Are you using WordPress? Do not try to reinvent the wheel.

    Download a free plugin like Contact Form 7 which includes an Ajax powered (doesn’t require page refresh) Askimet Spam Filter, plus CAPTCHA system.

    • CAPTCHA works only half as well as it did 3-5 years back.

    My advise to you is this:

    • Do not look for simple, but look for what works.
  3. if you’re not using WordPress then you might check this simple form & captcha idea – if you can grab out the captcha part that is, captcha has become incredibly complex and over engineered when all it needs to do is differentiate simply between a human and non-human for most purposes.

  4. You must create the variables $word, $prefix and $image only after you check the correctness of the user answer, and you must pass the $prefix value through a hidden input field. I haven’t checked it, but this code should work now:

    function wptuts_get_the_ip() {
        if (isset($_SERVER["HTTP_X_FORWARDED_FOR"])) {
            return $_SERVER["HTTP_X_FORWARDED_FOR"];
        }
        elseif (isset($_SERVER["HTTP_CLIENT_IP"])) {
            return $_SERVER["HTTP_CLIENT_IP"];
        }
        else {
            return $_SERVER["REMOTE_ADDR"];
        }
    }
    // short code function 
    function wptuts_contact_form_sc( $atts ) {     
    add_shortcode( 'contact', 'contact_form_shortcode' );
    
       extract(shortcode_atts(array(
            "email" => get_bloginfo('admin_email'),
            "subject" => '',
            "label_name" => 'Your Name',
            "label_email" => 'Your E-mail Address',
            "label_subject" => 'Your Answer',
            "label_captcha" => 'Captcha',
            "label_submit" => 'Submit',
            "error_empty" => 'Please fill in all the required fields.',
            "error_noemail" => 'Please enter a valid e-mail address.',
            "success" => 'Thanks for your e-mail! We'll get back to you as soon as we can.'
        ), $atts));
    
        $captcha_instance = new ReallySimpleCaptcha(); //imports really simple captcha plugin
    
        if ($_SERVER['REQUEST_METHOD'] == 'POST') {
    
            $error = false;
            $required_fields = array("your_name", "email", "captcha", "subject");
    
            foreach ($_POST as $field => $value) {
                if (get_magic_quotes_gpc()) {
                    $value = stripslashes($value);
                }
                $form_data[$field] = strip_tags($value);
            }
    
            foreach ($required_fields as $required_field) {
                $value = trim($form_data[$required_field]);
                if(empty($value)) {
                    $error = true;
                    $result = $error_empty;
                }
            }
    
            if(!is_email($form_data['email'])) {
                $error = true;
                $result = $error_noemail;
            }
    
            if ($error == false) {
    
                $captcha_text=$form_data['captcha'];
                $captcha_prefix=$form_data['prefix'];
                $correct = $captcha_instance->check( $captcha_prefix, $captcha_text );
    
                if($correct==TRUE){
    
                    $email_subject = "[" . get_bloginfo('name') . "] " . $form_data['subject'];
                    $email_message = $form_data['captcha'] . "nnIP: " . wptuts_get_the_ip();
                    $headers  = "From: ".$form_data['your_name']." <".$form_data['email'].">n";
                    $headers .= "Content-Type: text/plain; charset=UTF-8n";
                    $headers .= "Content-Transfer-Encoding: 8bitn";
                    wp_mail($email, $email_subject, $email_message, $headers);
                    $result = $success;
                    $sent = true;
                }
            }
        }
    
        $word = $captcha_instance->generate_random_word();        
        $prefix = mt_rand();
        $image= $captcha_instance->generate_image( $prefix, $word );
    
        if($result != "") {
            $info = '<div class="info">'.$result.'</div>';        
        }
    
        $email_form = '<form class="contact-form" method="post" action="'.get_permalink().'">
            <div>
                <label for="cf_name">'.$label_name.':</label>
                <input type="text" name="your_name" id="cf_name" size="50" maxlength="50" value="'.$form_data['your_name'].'" />
            </div>
            <div>
                <label for="cf_email">'.$label_email.':</label>
                <input type="text" name="email" id="cf_email" size="50" maxlength="50" value="'.$form_data['email'].'" />
            </div>
            <div>
                <label for="cf_subject">'.$label_subject.':</label>
                <input type="text" name="subject" id="cf_subject" size="50" maxlength="50" value="'.$subject.$form_data['subject'].'" />
            </div>
            <div>
                <label for="cf_message">'.$label_captcha.':</label>
                <input type="text" name="captcha" id="cf_message" size="50" maxlength="50" value=""/>
                <input type="hidden" name="prefix" id="prefix" value="'.$prefix.'"/>
            </div>
            <div id="captcha"><span id="captcha_text">Captcha:</span><img id="captcha_image" src="'.plugins_url("really-simple-captcha/tmp/" . $image) . '" alt="" /></div>
            <div>
                <input type="submit" value="'.$label_submit.'" name="send" id="cf_send" />
            </div>
    
        </form>';
    
        if($sent == true) {
            return $info;
        } else {
            return $info.$email_form;
        }
    } 
    add_shortcode('contact', 'wptuts_contact_form_sc');
    
    // add plugins style to frontend
    function prize_game_contact_form() {
    wp_register_style('prize_game_contact_form', plugins_url('css/style.css',__FILE__));
    wp_enqueue_style('prize_game_contact_form');
    }
    add_action('wp_enqueue_scripts', 'prize_game_contact_form');