Introduction: PHP Password Box for Comment Form

By CitT
About: Just your average idiot who likes electricity, programming, and doing things the hardest way possible.

On my website, I have a small form where users could post comments about the site. But I ran into a problem a few times. It seemed like some web bots invaded the form and posted random stuff. My form would send me an email telling me about the comment being left and what was typed in a UID box I have. The UID box is for me to reply to people, though the typed UID will not be stored anywhere.

Because of these seemingly randomly generated comments, I felt the need to take things a step further and find a way to prevent auto submission of forms. So I created a password box.

In this tutorial, I will show how to do such a task and a few ways to use it. Sure there are better ways to go about making a password box, but for small websites, this way should do.

Step 1: Requirements

The requirements here are few. You will need a text editor of any kind. You will also need either web-hosting, your own web server, of a program called "easyPHP" or equivalent. Outside of these, everything else is optional; ie, food/drink, popcorn, a movie, music, portals, gold.

Step 2: The Password Box

Password boxes are very simple. They look just like text boxes, and are pure HTML. But for this type of password box, you may want to use a normal text box. That way, visitors can see if they mistyped the not-so-secret password. I will be using the password type box. There is a process here: start a session, choose a password from a list, show that password, the password box with a submit button. All of this is page one. This page has to be in PHP. So type (or copy/paste) the following:

<?php
session_start();
?>
<head><!-- header stuff here --></head>
<?php
$passwords = array("password 1","password 2","other passwords here","1234","Trebad0r"); //our password list
$options = count($passwords)-1; //this allows us to add to the list because it counts how many options there are
$choice = rand(0,$options); //this picks a random number from the count above
$_SESSION['password'] = $passwords[$choice]; //this actually sets the password
?>
<body> <!-- we will pretend you already have a spot for the box -->
<form action="./index2.php" method="post">
The chosen password is: <?php echo $_SESSION['password']; //this prints the password ?> <!-- tell the password --><br />
<input type="password" name="password" /><br />
<input type="submit" /></form>
</body>

Attachments

Step 3: Is the Entered Password Correct?

Well, this is why we used sessions. We need to pass information along to the form processor. Using conditional statements, we will test the entered password by echoing one of two statements. So here is the index2.php

<?php
session_start();
?>
<head><!-- header stuff here --></head>
<body>
<?php
if(isset($_POST)){ //test that the submit button was pressed
if($_POST['password'] == $_SESSION['password']){ //and if the password was correct
echo "Correct"; //say correct
}
else { //if the password was incorrect
echo "Wrong"; //say wrong
}
}
?>
<br />
<a href="./">Back</a>
</body>

Step 4: Test the Page

On page one, you will be given a password to enter. Enter this password and press submit. You will be taken to a different page telling you correct. Follow the link to the first page. Repeat a few times. Now do it again, but with the wrong passwords. You should also note that the password changes every time the page refreshes. Also, with some editing, you can use images rather than text.