Implementation of Recaptcha (help?!)

[dragansk]

Hello avryone.
I have a problem with my site, I need your help.
The problem is: constantly anoyne spam on my web site, constantly anyone
create ads on my webpage. My page is for create facebook like phrases.
I need your help to install Recaptcha. I followed these steps

http://code.google.com/apis/recaptcha/intro.html
But I encountered a problem
when you write something and click Send to create phrase, if you enter

wrong Recaptcha key says: "The reCAPTCHA wasn't entered correctly. Go

back and try it again" its ok, but when you insert corectrly key says: "Could

not open socket".
The code is follow:

//beginning of index.php
<?
include ("config.php");
if ($_POST["fb"]) {
    $fb=$_POST["fb"];
    mysql_query("INSERT INTO fblike VALUES(NULL, '$fb', '1')");
    $x=mysql_query("SELECT * FROM fblike ORDER BY id DESC 

LIMIT 1");
    while ($y=mysql_fetch_assoc($x)){
$id=$y['id'];
}



require_once('recaptchalib.php');
  $privatekey = "private key here ";
  $resp = recaptcha_check_answer ($privatekey,
                                $_SERVER["REMOTE_ADDR"],
                                $_POST["recaptcha_challenge_field"],
                                $_POST["recaptcha_response_field"]);

  if (!$resp->is_valid) {
    // What happens when the CAPTCHA was entered incorrectly
    die ("The reCAPTCHA wasn't entered correctly. Go back and try it 

again." .
         "(reCAPTCHA said: " . $resp->error . ")");
  } else {
    // Your code here to handle a successful verification
  }
  ?>



 <script type="text/javascript"> window.location.href="<?=$url_site?

>like.php?id=<?=$id?>";</script>
    <?
}
?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" 

"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head></head>
..
...
....
<body>

<div class="form">
 <?php
          require_once('recaptchalib.php');
          $publickey = "Public key"; // you got this from the signup page
   ?>
                         <form method="POST" action="index.php">


 


                               <div><textarea cols="" rows="" class="input-textarea 

autoclear" name="fb" id="message">Your message</textarea></div>
                                <div><input type="submit" value="Send"  

class="button button-blue float-right" /></form>


 <?php
echo recaptcha_get_html($publickey);

 ?>

</div>

this is my page url: http://lajkovi.x10.mx/
Can anoyne help me?
thank you

 

[misson]

What version of the reCAPTCHA lib are you using?

Connections to port 80 on most servers is blocked due to abuse. You could petition an admin to open port 80 for the reCAPTCHA server, which is www.google.com. There are two potential issues with this: a social and a technical one. The former is that it will open up the Google servers for other uses, including potential abuse. The technical issue is that the domain resolves to any one of a number of IP addresses on many different subnets. Firewall rules are generally based on IP addresses rather than domain names since they are enforced at a lower level (the link layer, while domain names are a part of the application layer). Mitigating the technical issue is that typically the domain will only resolve to a single subnet for DNS requests from client IPs in a given subnet (basically, a subnet of clients is generally assigned to a single subnet of Google servers). Also, an internal X10 DNS server could be used to further limit the addresses used by the X10 web servers themselves.

Code indentation should be consistent, for the sake of readability.

<?
include ("config.php");
if ($_POST["fb"]) {

Use isset() or empty to test whether a variable or array item is defined, so that your code will work when notices are enabled.

if (! empty($_POST["fb"])) {

    $fb=$_POST["fb"];
    mysql_query("INSERT INTO fblike VALUES(NULL, '$fb', '1')");

The sample code is vulnerable to SQL injection, which is a very serious security risk. To fix this hole, switch from the outdated mysql extension to PDO and use prepared statements. If you need a PDO tutorial, try "Writing MySQL Scripts with PHP and PDO". The site you save may just be your own.

    $x=mysql_query("SELECT * FROM fblike ORDER BY id DESC LIMIT 1");
    while ($y=mysql_fetch_assoc($x)) {
        $id=$y['id'];
    }

Don't use SELECT *; select only the columns you need.

You only need a loop if you're fetching more than one value. Drop the while and use just a fetch. To simplify things even more, use PDOStatement::fetchColumn.

To get the generated ID from the INSERT statement, use LAST_INSERT_ID(). For one thing, the current implementation will sometimes fail when the server is handling multiple page requests, when the INSERT from one request comes between the INSERT and SELECT for another request.

$lastIdQuery = $db->query('SELECT LAST_INSERT_ID()');
$id = $lastIdQuery->fetchColumn();

  $resp = recaptcha_check_answer ($privatekey,

You should post complete, concise sample code. For common libraries, post a link to the relevant library or (if the source is available on the web) to the source itself. For example: recaptcha_check_answer

    die ("The reCAPTCHA wasn't entered correctly. Go back and try it again." .
         "(reCAPTCHA said: " . $resp->error . ")");

Don't use die when outputting HTML. You'll get invalid HTML.

 <script type="text/javascript"> window.location.href="<?=$url_site?>like.php?id=<?=$id?>";</script>

<script> elements must be placed within the <head> or <body> of the document.

Moreover, you should be using an HTTP redirect rather than JS, which you can do with header(). For one thing, not everyone has JS enabled or is using a JS-enabled browser; you should always consider accessibility.

On the topic of accessibility, the textarea in the form could use a corresponding <label>.

 

[dragansk]

I don`t know very good Php programing language,
can I send you index.php and like.php files and can you tidied code with any reCAPTCHA lib. thank you

 

[Dead-i]

Just to point out that although reCaptcha is a good way of preventing spam bots, new spam bots have been created that can get past reCaptcha filters.

One of the best, up to date methods is actually a simple random question and answer system, except with harder questions that isn't like '1 + 1' or 'What colour is the sky'.

 

[dragansk]

What version of the reCAPTCHA lib are you using?

Connections to port 80 on most servers is blocked due to abuse. You could petition an admin to open port 80 for the reCAPTCHA server, which is www.google.com. There are two potential issues with this: a social and a technical one. The former is that it will open up the Google servers for other uses, including potential abuse. The technical issue is that the domain resolves to any one of a number of IP addresses on many different subnets. Firewall rules are generally based on IP addresses rather than domain names since they are enforced at a lower level (the link layer, while domain names are a part of the application layer). Mitigating the technical issue is that typically the domain will only resolve to a single subnet for DNS requests from client IPs in a given subnet (basically, a subnet of clients is generally assigned to a single subnet of Google servers). Also, an internal X10 DNS server could be used to further limit the addresses used by the X10 web servers themselves.

Code indentation should be consistent, for the sake of readability.


Use isset() or empty to test whether a variable or array item is defined, so that your code will work when notices are enabled.

if (! empty($_POST["fb"])) {

The sample code is vulnerable to SQL injection, which is a very serious security risk. To fix this hole, switch from the outdated mysql extension to PDO and use prepared statements. If you need a PDO tutorial, try "Writing MySQL Scripts with PHP and PDO". The site you save may just be your own.



Don't use SELECT *; select only the columns you need.

You only need a loop if you're fetching more than one value. Drop the while and use just a fetch. To simplify things even more, use PDOStatement::fetchColumn.

To get the generated ID from the INSERT statement, use LAST_INSERT_ID(). For one thing, the current implementation will sometimes fail when the server is handling multiple page requests, when the INSERT from one request comes between the INSERT and SELECT for another request.

$lastIdQuery = $db->query('SELECT LAST_INSERT_ID()');
$id = $lastIdQuery->fetchColumn();

You should post complete, concise sample code. For common libraries, post a link to the relevant library or (if the source is available on the web) to the source itself. For example: recaptcha_check_answer


Don't use die when outputting HTML. You'll get invalid HTML.



<script> elements must be placed within the <head> or <body> of the document.

Moreover, you should be using an HTTP redirect rather than JS, which you can do with header(). For one thing, not everyone has JS enabled or is using a JS-enabled browser; you should always consider accessibility.

On the topic of accessibility, the textarea in the form could use a corresponding <label>.

this is all code of my script, http://www.text-upload.com/read.php?id=139144&c=3607101
can you repair this code with Recaptcha
thank you )

 

[misson]

I don`t know very good Php programing language,
can I send you index.php and like.php files and can you tidied code with any reCAPTCHA lib. thank you

No. If you want someone else to do your work, hire them. Otherwise be prepared to learn. Make an effort. Your site is your responsibility.

There's no need to quote any part of a post, let alone the entirety, if you're not responding directly to it. Doing so lowers the signal-to-noise ratio.

 

[morbid_leathal92]

great ..thanks