PHP Security Script

[Kristy]

Hi All I am trying to add the security script to my website. Where the numbers come up to have to be put in.


I am using a PHPForms that I thought would take care of my spam/robot issues but it hasn't...


Here is the script..   http://www.urgentclick.com/scripts/php-form-security.html


Here is the page I am trying to make it work on...


http://mothersworkathome.com/gateway.php


You can see the warning at the top.. and the form doesnt care if you add the number image or not.


Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at /home/mothers/public_html/gateway.php:1) in /home/mothers/public_html/gateway.php on line 2



I was wondering if the PHPForms could be messing with the numbers script?


Anyone have a clue why it may not be working??

I just installed it made the two pages.. as far as I know I entered the script in the right places..

Help???

TIA!

[Kristy]

I took out the whole pfpform script to see if it would work.. it still wont work..

Am I to do something in MySQL?

Maybe I am missing a step..

[SensoVision]

Hi Kristi and welcome to forums!
I'm not familiar with this script but looking on the code from which it's starting "<?php
session_start();" I may assume that this part was inserted not in the beginning of the page but somewhere later which could be the source of the problem.
From what I know: session_start(); should be placed on the top of the page( right after <?php tag). If something is placed above this code different header information could be sent to browser and it would cause such a problem.

Please take a look onto your page and see if anything is placed above this part of code?

[SensoVision]

Am I to do something in MySQL?

now I doubt it's anything mySQL related.
I would try to upload gateway.php without customizing it to your page and see if it would work like this.

[Andy]

This is a script I wrote. 

The message:

headers already sent

means that the code to start the session is after the start of any HTML. It must be before any HTML that is sent to the browser. I always place the code:

Code:

<?php
session_start();
?>

right at the start, in say a header.php file, like in my example code. I think most complicated scripts have a header.php file that is used before any HTML is sent to the Browser, so you could insert it there.

[Kristy Woodby]

Hi Kristi and welcome to forums!
I'm not familiar with this script but looking on the code from which it's starting "<?php
session_start();" I may assume that this part was inserted not in the beginning of the page but somewhere later which could be the source of the problem.
From what I know: session_start(); should be placed on the top of the page( right after <?php tag). If something is placed above this code different header information could be sent to browser and it would cause such a problem.

Please take a look onto your page and see if anything is placed above this part of code?

Hi thanks for the welcome and thanks for answering

I did have it below the html code then realized it was to go before anything. Since you have seen the page the code is the very first thing you see.
If you view source you might could see where it is.  I am still learning all of this. I have over 10 years experience in html but the scripts of PHP and MySQL is new to me. Just installed my first duplicating team site about 3 months ago. (I'm all self taught so not to bad I guess lol)

[Kristy Woodby]

now I doubt it's anything mySQL related.
I would try to upload gateway.php without customizing it to your page and see if it would work like this.

I took EVERYTHING off the page just to see what it would do. I still got the Warning.. maybe a fresh outlook today I can try again..

[Kristy Woodby]

This is a script I wrote. 

The message:
means that the code to start the session is after the start of any HTML. It must be before any HTML that is sent to the browser. I always place the code:

Code:

<?php
session_start();
?>

right at the start, in say a header.php file, like in my example code. I think most complicated scripts have a header.php file that is used before any HTML is sent to the Browser, so you could insert it there.

Am I to make a header.php page?   I have the code before <html>

[SensoVision]

Hi Kristy, would you mind to post code of the page you're trying to implement or if you don't wish to put it public please send it to my mail so I can tell proper way to put code.

[kristy w]

 <?php
session_start();
?>
<html>
<head><?php include('/home/mothers/public_html/phpforms/phpforms.php');?>
<style type="text/css" media="screen">
<!--
a:link { color: #060; background: #fff; text-decoration: none; }
a:visited { color: #909; background: #fff; text-decoration: underline; }
a:hover { color: #f00; background: #fff; }
a:active { color: #f00; background: #fff; }
-->
</style>
<title>Home Business Match-Up!</title>



Thats the top...




here's where it is in the form



      <tr><td>
 Please enter the value you see below:<br />
<img src="gateway-image.php" />
<form action="" method="post">
<input type="text" name="number" value="" /><br />
</form>
<?php
if (isset($_POST['number']))
  if ($_SESSION['number'] == $_POST['number'])
      echo "Correct";
  else
      echo "Wrong value entered!";
?>
<!-- Buttons -->
          <td colspan="2" align="center" class="phpForms_main">
            <p style="margin-top: 0; margin-bottom: 0">
            <input type="button" value="Submit" onClick='CheckPagec589016937();' style="width:30%; background-color : #a2a2a2" class="phpForms_btn">


          </td>
    </tr>

     </table>
     </div>
     <!-- /Page -->
</form>

<!-- /phpForms.net form END -->



I eneded up with 2 submit buttons.. so I think I took one out..


Im going to make a whole new folder and see if it works..


Was that what you wanted??

[Kristy]

ok hmmm... it works when I made a new folder...



http://www.mothersworkathome.com/secureforms/gateway.php

Going to see if it will work the way I had it now.. wish me luck!

[Kristy]

here is the page at    http://mothersworkathome.com/secureforms/gateway.php

I have the code of the number script near the bottom.. when I try to fit it in the form script it quits working?

Where would I put in it???




<?php
session_start();
?>
<html>
<head>
<title>Gateway</title>
</head>
<body>
<!-- phpForms.net form BEGIN -->
<style>
<!--
.phpForms_pgtitle
{
    font-family : Arial;
    font-size   : 18px;
    color       : #1200d9;
    font-weight : bold;
}
.phpForms_btn
{
    border-top-width    : 1px;
    border-left-width   : 1px;
    border-bottom-width : 1px;
    border-right-width  : 1px;
    border-top-color    : #e4e4e4;
    border-left-color   : #e4e4e4;
    border-right-color  : #c1c1c1;
    border-bottom-color : #c1c1c1;
    font                : Verdana, Arial, Helvetica, sans-serif;
    color               : #000000;
}
-->
</style>

<script language="JavaScript">
<!--
var aIds = Array( 'pg_c589016937' );
function ChangePage( to_hide, to_show )
{
   var tbl_hide = document.getElementById( aIds[to_hide] );
   var tbl_show = document.getElementById( aIds[to_show] );

   if ( typeof(tbl_hide)=='object' && tbl_hide!=null )
    if ( typeof(tbl_show)=='object' && tbl_show!=null )
    {
       tbl_hide.style.display = 'none';
       tbl_show.style.display = '';
    }
}
function Email( old_res, id, field_title )
{
   if ( old_res==0 )
   {
      var el = document.getElementById( id );
      if ( typeof(el)=='object' && el!=null )
      {
         var re = /^[a-zA-Z0-9_\.\-]+@([a-zA-Z0-9][a-zA-Z0-9-]+\.)+[a-zA-Z]{2,6}$/;

         if (el.value.search(re) != -1 )  return 0;
         else
         {
            alert( '"'+field_title+'" must be email' );
            return 1;
         }
      }
   }
   return 0;
}
function NumbersOnly( old_res, id, field_title )
{
   if ( old_res==0 )
   {
      var el = document.getElementById( id );
      if ( typeof(el)=='object' && el!=null )
      {
         var re = /^[0-9]+$/;
         if (el.value.search(re) == -1 )
         {
            alert( '"' + field_title + '" must be a number' );
            return 1;
         }
      }
   }
   return 0;
}

-->
</script>

<form name="frm_a7ea385127" id="frm_a7ea385127" method="POST" enctype="multipart/form-data" action="http://mothersworkathome.com/phpforms/index.php" onSubmit="return false;">
<input type="hidden" name="act" value="idx">
<input type="hidden" name="code" value="01">
<input type="hidden" name="fid" value="a7ea385127">

<script language="JavaScript">
<!--
function CheckPagec589016937()
{
   var nResult = 0;
   nResult += Email( nResult, 'fld_f95854d995','Email' );
   nResult += NumbersOnly( nResult, 'fld_e9a30c12be','Daytime Phone' );
   nResult += NumbersOnly( nResult, 'fld_994ed6b8bf','Evening Phone' );

   if ( nResult == 0 )
   {
      if (1)
      {
         var el = document.getElementById( 'frm_a7ea385127' );
         if ( typeof(el)=='object' && el != null ) el.submit();
      }
      else ChangePage( 0, 1 );
   }
}
-->
</script>

     <!-- Page -->
     <table id="pg_c589016937" border="0" cellpadding="2" cellspacing="1" width="600" bgcolor="#F5F5F5" class="phpForms_main" style="display:;border: solid 1px #777777;">


    (INSERT FORM HERE MESSAGE WAS TO LONG WITH IT ALL)

      <tr>
          <!-- Buttons -->
          <td colspan="2" align="center" class="phpForms_main">
            <input type="button" value="Submit" onClick='CheckPagec589016937();' style="width:30%; background-color : #a2a2a2" class="phpForms_btn">

          </td>
      </tr>

     </table>
     <!-- /Page -->

</form>

<!-- /phpForms.net form END -->

Please enter the value you see below:<br />
<img src="gateway-image.php" />
<form action="" method="post">
<input type="text" name="number" value="" /><br />
<button type="submit">Submit</button>
</form>
<?php
if (isset($_POST['number']))
  if ($_SESSION['number'] == $_POST['number'])
      echo "Correct";
  else
      echo "Wrong value entered!";
?>
</body>
</html>

[Andy]

You have the session start in the right place. The problem now is likely to be Javascript related since you have some extra Javascript thrown into the mix.

I always recommend people to study the tutorials at www.w3schools.com to understand what is going on with scripts.

Hopefully Denis (Tech support) can get it de-bugged though

[Kristy]

I hope... I need to learn more about it but the time on my hands to work is limited. I am a Mom to 6 kids who works from home so I guess you can just imagine    

 Looks like I might have to make a form own my own.. I did for years anyway. I am just using the PHPForms because I was told it would keep the spam and bots down to a min. It's NOT working.. lol

I have been working on this for 3 days now.  I need to get it finished so my Moms Leads subscribers are not just buying junk emails for leads.

Thank you all for your help!!

[Andy]

I guess you can just imagine

No, I can't imagine, it sounds like a nightmare!

But, I know what's it's like to deal with lots of spam subscribers.

I don't have a problem any more due to the completely different way I handle subscribers:

I produced a product based on it here: http://www.adscube.com/products/lead-capture-system - you may be interested in this time-saver solution.

To save all the hassles you have with spam to subscriber lists and dealing with filtering in code, you could try this out. You can instantly generate a subscribe form and try it out to free up hours of time instantly.