On 3/26/07, Jake McHenry <linux@xxxxxxxxxxxxxxxxx> wrote:
Like I said... Even if they have sound turned on.. Which all my sets do...
Most of them don't have speakers... That was put into effect over a year ago
due to some people listening to those damn screaming prank things at full
volume... Anyways... I was searching the php site, and it said there used to
be a bug that looks somewhat similar to my problem, but it said it was fixed
long ago... Not sure if this is even close to it or not, but this is the
first time I've run into a sessions problem.....
Just to simplify...
I have this on index.php
<?php
session_start();
$before = $_SESSION['code'];
echo '<img src=image.php>';
$after = $_SESSION['code'];
echo $before .' ' . $after;
?>
Then in image.php is my captcha... And where the session variable 'code' is
being created and updated...
In image.php is this:
<?php
session_start();
..........captcha code......
$_SESSION['code'] = rand(blahblahblah) to get the random code
?>
When I view index.php, the image displays, with a new code each time...
Working as it should, but the session variable echos out the previously
generated value, instead of the current value to match whats in the
picture... I'm not sure what I've done... But you can see from
http://nittanytravel.com:8080/ $before and $after have the same value...
In that bug report I was reading it said that this happened until
session_start was called again.. But it said it was fixed back in php4...
Not sure what I missed :(
Thanks,
Jake
Did you read my previous post?
I explained why this occurs, as it is normal that a script behaves like this.
I believe the way this script behaves is quite normal. Look at the way
the scripts are called. First index.php, then rnum1.php and then
rnum2.php.
First index.php is called and all session variables are posted with
that action. Then rnum1.php is called, and the session variables are
edited. Then rnum2.php is called, session variables are edited again,
but index.php is never called again, and so the session variables are
never send to the script. Until you load the script again.
So if you're implementing this in a POST form, the browser should
submit both POST and the right session variables to your parse script.
Above is what you missed i think ;)
Example code which works :)
index.php:
<?php
echo "<img src='rnum1.php'>";
echo "<form action='parse.php' method='post'><input name='code'><input
type='submit' value='confirm'></form>";
?>
parse.php:
<?php
session_start();
if($_SESSION['security_code'] == $_POST['code']) {
echo "Right code entered.";
} else {
echo "Wrong code entered.";
}
?>
Did you test above code? You could use it like that.
This is btw not a very useful CAPTCHA, because it should stop
computers from submitting data, but a little bit smart programmer
knows that he has to get session information from the image, and
submit that to the form. Or what i saw used lately by a cracker, he
was just using his own values in session and post, and so they matched
:)
So you should never send the same code as the code that has to be
entered. Even encrypting with MD5 only won't stop hackers to defeat
your script. Maybe you could use a database with this, so that you
pass a reference to the real number shown. So that you have an ID and
a CODE column. in rnum1.php you store the code into the database, and
get the ID of the last one inserted (A discussion about this was
around this list lately) Then you show the code in an image, and you
store the ID in the session. Then you get ID from the session, then
get the code from the database using the ID and compare it to the one
entered in the form.
This might be of interest, because cracking should be avoided as
CAPTCHA is meant to stop from autosubmitting by computers.
Tijnema
> -----Original Message-----
> From: tedd [mailto:tedd@xxxxxxxxxxxx]
> Sent: Sunday, March 25, 2007 7:54 PM
> To: Jake McHenry; 'tedd'; php-general@xxxxxxxxxxxxx
> Subject: RE: My own "captcha" from 2 years ago......
>
> At 10:49 AM -0400 3/25/07, Jake McHenry wrote:
> >Do I call the image creation file in an html <img tag? I've
> tried a bunch of
> >things, and this is the only way I've been able to display
> the image inline
> >so far, without the image headers blocking the rest of my output....
> >
> >I've been reading and somewhat interested in the audio and
> pic captchas..
> >But audio won't work for my intranet... Hardly any of the sets have
> >speakers... Productivity solution I guess...
> >
> Jake
>
> The audio is for visually impaired and unless their also deaf, they
> have sound turned on.
>
> tedd
> --
> -------
> http://sperling.com http://ancientstones.com http://earthstones.com
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
> --
> No virus found in this incoming message.
> Checked by AVG Free Edition.
> Version: 7.5.446 / Virus Database: 268.18.18/733 - Release
> Date: 3/25/2007 11:07 AM
>
>
--
No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.5.446 / Virus Database: 268.18.18/733 - Release Date: 3/25/2007
11:07 AM
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
