Hi, I had the same problem, but when I checked the logic in the "if (tep_validate_email($email_address)) {" I found that as long as the e-mal address was ok the form was sent before the security cod was checked. So I moved the e-mail function and the redirect. Here is the hole "if (isset($HTTP_GET_VARS['action']) && ($HTTP_GET_VARS['action'] == 'send')) {" statement:
if (isset($HTTP_GET_VARS['action']) && ($HTTP_GET_VARS['action'] == 'send')) {
$name = tep_db_prepare_input($HTTP_POST_VARS['name']);
$email_address = tep_db_prepare_input($HTTP_POST_VARS['email']);
$enquiry = tep_db_prepare_input($HTTP_POST_VARS['enquiry']);
if (tep_validate_email($email_address)) {
} else {
$error = true;
$messageStack->add('contact', ENTRY_EMAIL_ADDRESS_CHECK_ERROR);
}
//VISUAL VERIFY CODE start
require(DIR_WS_FUNCTIONS . 'visual_verify_code.php');
$code_query = tep_db_query("select code from visual_verify_code where oscsid = '" . tep_session_id($HTTP_GET_VARS[tep_session_name()]) . "'");
$code_array = tep_db_fetch_array($code_query);
$code = $code_array['code'];
tep_db_query("DELETE FROM " . TABLE_VISUAL_VERIFY_CODE . " WHERE oscsid='" . $vvcode_oscsid . "'"); //remove the visual verify code associated with this session to clean database and ensure new results
$user_entered_code = $HTTP_POST_VARS['visual_verify_code'];
if (!(strcasecmp($user_entered_code, $code) == 0)) { //make the check case insensitive
$error = true;
$messageStack->add('contact', VISUAL_VERIFY_CODE_ENTRY_ERROR);
}
//VISUAL VERIFY CODE stop
if (!$error){
tep_mail(STORE_OWNER, STORE_OWNER_EMAIL_ADDRESS, EMAIL_SUBJECT, $enquiry, $name, $email_address);
tep_redirect(tep_href_link(FILENAME_CONTACT_US, 'action=success'));
}
}
I hope this is the solution fore you to!
Regards
Ivan