Image verification code problem

Hey all, I've added an image verification code to my contact form. It successfully displays the image but it tells me that the image verification code is wrong even if i type it in right. I believe it's a problem in my contactform.php

Here is my HTML form:

<form id="ajax-contact-form" action="javascript:alert('success!');">
<label>Name:*</label><INPUT class="textbox" type="text" name="name" value=""><br />

<label>E-Mail:*</label><INPUT class="textbox" type="text" name="email" value=""><br />

<label>Telephone:</label><INPUT class="textbox" type="text" name="Telephone" value=""      /><br />

<INPUT class="textbox" type="hidden" name="subject" value="Contact Form" >

<label>Message:*</label><TEXTAREA class="textbox" NAME="message" ROWS="5" COLS="25">    </TEXTAREA><br />
<tr>
<label>Image  Verification:*</label>
        <input type="text"  name="verify" style="width:200px;" /><img  src="verification.php?<?php echo rand(0,9999);?>" alt="Help us  avoid spam! Please type the image text in the box" width="50"  height="24" align="absbottom" />


<label>&nbsp;</label><INPUT class="button" type="submit" name="submit" value="Send Message">
</form>

Here is the contactform.php that it sends to:

<?php
/*
Credits: Bit Repository
URL: http://www.bitrepository.com/
*/

include 'config.php';

error_reporting (E_ALL ^ E_N开发者_如何转开发OTICE);

$post = (!empty($_POST)) ? true : false;

if($post)
{
include 'functions.php';

$name = stripslashes($_POST['name']);
$email = trim($_POST['email']);
$telephone = stripslashes($_POST['telephone']);
$subject = stripslashes($_POST['subject']);
$message = stripslashes($_POST['message']);
$verify = stripslashes($_POST['verify']);


$error = '';

// Check name

if(!$name)
{
$error .= 'Please enter your name.<br />';
}

// Check email

if(!$email)
{
$error .= 'Please enter an e-mail address.<br />';
}

if($email && !ValidateEmail($email))
{
$error .= 'Please enter a valid e-mail address.<br />';
}

// Check message (length)

if(!$message || strlen($message) < 15)
{
$error .= "Please enter your message. It should have at least 15 characters.<br />";
}

// Check Verification code
if(md5($verify).'098f6bcd4621d373cade4e832627b4f6' !=  $_cookie['contact_verify'])
{
$error .= "Image Verification failed.<br />";
}





//Send the Name, Email, Telephone, and Message in a formated version.
$email_message = "The following message was sent to you in your contact form on domain.com\n\n";

function clean_string($string) {
  $bad = array("content-type","bcc:","to:","cc:","href");
  return str_replace($bad,"",$string);
}
$email_message .= "Name: ".clean_string($name)."\n";
$email_message .= "Email: ".clean_string($email)."\n";
$email_message .= "Telephone: ".clean_string($telephone)."\n";
$email_message .= "Message: ".clean_string($message)."\n";

if(!$error)
{
$mail = mail(WEBMASTER_EMAIL, $subject, $email_message,
 "From: ".$name." <".$email.">\r\n"
."Reply-To: ".$email."\r\n"
."X-Mailer: PHP/" . phpversion());


if($mail)
{
echo 'OK';
}

}
else
{
echo '<div class="notification_error">'.$error.'</div>';
}

}
?>

And finally.. here is verification.php that generates the verification image:

<?php

//Declare in the header what kind of file this is
header('Content-type: image/jpeg');

//A nice small image that's to the point 
$width = 50;
$height = 24;

//Here we create the image with the sizes declared above and save it to a  variable my_image
$my_image = imagecreatetruecolor($width, $height);

//Let's give our image a background color.  White sound ok to everyone?
imagefill($my_image, 0, 0, 0xFFFFFF);

//Now we're going to add some noise to the image by placing pixels  randomly all over the image
for ($c = 0; $c < 40; $c++){
$x = rand(0,$width-1);
$y = rand(0,$height-1);
imagesetpixel($my_image, $x, $y, 0x000000);
}

$x = rand(1,10);
$y = rand(1,10);

$rand_string = rand(1000,9999);
imagestring($my_image, 5, $x, $y, $rand_string, 0x000000);

/*
We're going to store a ****** in the user's browser so we can call to it
later and confirm they entered the correct verification. The
"md5 rand string" can be anything you want.  It's just our personal
code to be added to the end of the captcha value stored in the ******
as an encrypted string
*/
setcookie('contact_verify',(md5($rand_string).'098f6bcd4621d373cade4e832627b4f6'));

imagejpeg($my_image);
imagedestroy($my_image);
?>

Any ideas?

PHP doesn't transmit cookies until the page refreshes. So when you submit your form through AJAX, it's not getting the cookie. A better way to do this would be to store the image verification code in a $_SESSION variable, rather than in a cookie:

$_SESSION['contact_verify'] = (md5($rand_string).'098f6bcd4621d373cade4e832627b4f6');