开发者

captcha works locally, but not on server!

I have a very annoying problem. I have a captcha system that work on my local network setup with xammp, but it does not work on my remote linux box. I have a teori that the captcha.php file reloads somehow, but I tried removing my google analytic javascript, but it still didn't work.

Here is my html:

<div class="box">
                    <h2>Captcha</h2>
                    <div class="block">
                        <p>Are you human? Type in the text bellow to prove it.</p>  
                        <table><form action="homepage.php" method="post">

                        <tr>
                            <td><img src="captcha.php?width=120&height=40&characters=5" /></td>
                            <td>
                                <label for="security_code">Security Code:</label><input id="security_code" name="security_code" type="text" />
                            </td>
                        </tr>
                        <tr>
                            <td>&nbsp;</td>

                            <td><input type="submit" name="human" value="Submit" /></td>
                        </tr>
                        </form></table>

                    </div>
                </div

captcha.php

<?php
session_start();

/*
* File: CaptchaSecurityImages.php
* Author: Simon Jarvis
* Copyright: 2006 Simon Jarvis
* Date: 03/08/06
* Updated: 07/02/07
* Requirements: PHP 4/5 with GD and FreeType libraries
* Link: http://www.white-hat-web-design.co.uk/articles/php-captcha.php
* 
* This program is free software; you can redistribute it and/or 
* modify it under the terms of the GNU General Public License 
* as published by the Free Software Foundation; either version 2 
* of the License, or (at your option) any later version.
* 
* This program is distributed in the hope that it will be useful, 
* but WITHOUT ANY WARRANTY; without even the implied warranty of 
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 
* GNU General Public License for more details: 
* http://www.gnu.org/licenses/gpl.html
*
*/

class CaptchaSecurityImages {

    var $font = 'fonts/monofont.ttf';

    function generateCode($characters) {
        /* list all possible characters, similar looking characters and vowels have been removed */
        $possible = '23456789bc开发者_JS百科dfghjkmnpqrstvwxyz';
        $code = '';
        $i = 0;
        while ($i < $characters) { 
            $code .= substr($possible, mt_rand(0, strlen($possible)-1), 1);
            $i++;
        }
        return $code;
    }

    function CaptchaSecurityImages($width='120',$height='40',$characters='6') {
        $code = $this->generateCode($characters);
        /* font size will be 75% of the image height */
        $font_size = $height * 0.75;
        $image = @imagecreate($width, $height) or die('Cannot initialize new GD image stream');
        /* set the colours */
        $background_color = imagecolorallocate($image, 255, 255, 255);
        $text_color = imagecolorallocate($image, 20, 40, 100);
        $noise_color = imagecolorallocate($image, 100, 120, 180);
        /* generate random dots in background */
        for( $i=0; $i<($width*$height)/3; $i++ ) {
            imagefilledellipse($image, mt_rand(0,$width), mt_rand(0,$height), 1, 1, $noise_color);
        }
        /* generate random lines in background */
        for( $i=0; $i<($width*$height)/150; $i++ ) {
            imageline($image, mt_rand(0,$width), mt_rand(0,$height), mt_rand(0,$width), mt_rand(0,$height), $noise_color);
        }
        /* create textbox and add text */
        $textbox = imagettfbbox($font_size, 0, $this->font, $code) or die('Error in imagettfbbox function');
        $x = ($width - $textbox[4])/2;
        $y = ($height - $textbox[5])/2;
        imagettftext($image, $font_size, 0, $x, $y, $text_color, $this->font , $code) or die('Error in imagettftext function');
        /* output captcha image to browser */
        header('Content-Type: image/jpeg');
        imagejpeg($image);
        imagedestroy($image);
        $_SESSION['security_code'] = $code;
    }

}

$width = isset($_GET['width']) ? $_GET['width'] : '120';
$height = isset($_GET['height']) ? $_GET['height'] : '40';
$characters = isset($_GET['characters']) && $_GET['characters'] > 1 ? $_GET['characters'] : '6';

$captcha = new CaptchaSecurityImages($width,$height,$characters);

?>

part of the check function :

if( $_SESSION['security_code'] != $code_input ){

    unset($_SESSION['security_code']);
    return 1; 
}

EDIT:

ok, I added this to the html:

<input type="submit" name="test" value="test" />

and this to the php:

if( isset($_POST["test"]) ){

    echo $_SESSION['security_code']; 

}

Locally when I click test i shows the code in the image, generated by captcha.php. On the server however, it shows a random number.. How can this be? I will update the my post if I find out anything more


Check if GD is installed on your host.

<?php
phpinfo();
?>

A phpinfo() will tell you.

Check for a section titled 'GD', if it's not there you can't create images.


I fixed it: Never understood the bug, but realized that the captcha.php file was loaded and changed the session variable somehow. So I added this to the captcha

    if( isset($_SESSION['security_code']) ){
        return $_SESSION['security_code']; 
    }

and I removed all the

unset($_SESSION['security_code'])

Now the image code and the session code stays the same if the session code is set. This might be a security risk as users can bruteforce the captcha, but I don't think users would go that far to break the security.


Hey I have same issue but I have solve my problem. My code was different but have same problem. I have placed my captcha code generation code in captcha folder at that time captcha code does not match. But when I remove my whole code from that folder and place all code in root folder it works fine.May be this will help you...


This problem really sucks, fortunately a solution is easy. Go to:

/wp-config.php

And find a line (39 or so) and comment out this function call:

// Turn register_globals off.
//wp_unregister_GLOBALS();

Worpress will no longer kill your $_SESSION vars. Btw. if you have register_globals off on your server, Worpress will let your $_SESSION live too.. strange :)

Credits to WP support forum http://wordpress.org/support/topic/wp-blog-headerphp-killing-sessions

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜