Daniel0

It seems to work for other keys. Maybe it has to do with this (from mcrypt_encrypt):

You must somewhere be calling htmlentities(). Seeing as you strip all HTML, that is redundant.

You'll have to show us some code before we can answer that.

Is there any reason you couldn't profile it and debug it on your local computer? The only PHP debugger/profiler I've ever used was the one in Zend Studio, but you can obviously find other free ones as well.

Run it through a profiler/debugger.

If you can do that, I think NSA has a job for you. A computer is a deterministic device. Otherwise I'm afraid we'll have to do with pseudo random instead of really random.

Use strtotime to make it a UNIX timestamp. Then do what Q said.

From the way you ask the question, it doesn't sound like you've got a very good grasp of OOP yet, so you might want to focus on that first. You could start with some of the OOP tutorials we have on PHP Freaks.

Maybe try this? $str = preg_replace('#\s{2,}#', '', $str);

I disagree. Hardware is cheaper than developers, so if you can reduce development time at a slight cost of performance that would often be a good idea. Otherwise, why don't we write all programs in machine code?

Hmm... That is weird. Sphinx is running. I'll have to take a look at that later today.

That is what I got as well.

Neither. They're just formatted differently.

It was moved because it's a CSS issue, not a PHP issue. And it is now locked because you continue to disrespect other members regardless of being warned about it.

That is not what I meant with IP spoofing. Say that you have the IP address 1.2.3.4, but my IP address is 4.3.2.1. I want to pretend to the system that I am you. For this purpose, being you constitutes having the IP address 1.2.3.4. I cannot obtain that IP address because you're already using it. I cannot just say I am that IP address because then I won't get the response back. However, if the system regards HTTP_X_FORWARDED_FOR as the IP address of the user then I can just give it any IP address I want. It doesn't really matter what I tell it because that is not the header the response will go back to anyway. How does this apply to the real world? Say SMF uses that to determine the user's IP address. Say I am a regular member and I for some reason do not like you, so I want to get you banned. I'll create a fake account using the above spoofing method and start posting all sorts of crap and spam. Staff will likely check the IP address and see it matches yours, so you will end up getting banned with the fake account I created. Then I go back to my normal identity.

Do note that if you rely on things like HTTP_X_FORWARDED_FOR then you make IP spoofing very easy.

Try to replace the or die() with or trigger_error(pg_last_error(), E_USER_ERROR); And then read the link in my signature regarding this.

Use strtotime to make it a UNIX timestamp. Then use date to format that.

You have this statement: $referer = (isset($_SERVER['HTTP_REFERER'])) $_SERVER['HTTP_REFERER'] : "noreferer"; That should be: $referer = (isset($_SERVER['HTTP_REFERER'])) ? $_SERVER['HTTP_REFERER'] : "noreferer"; Note that statements are only terminated by ; or ?>. Going to a new line doesn't mean it's a new statement. I would recommend reading Language Reference in the manual.

Well, as you see, in the CAPTCHA script you stored $_SESSION['string'] = $string;, so you can simply match that value with the one the user entered when you are processing the form input.

You're missing the ? between the third ternary operator's conditional statement and "true" statement.

Personally, I use Zend Framework, and it's also the framework I used when developing the main site.

Ok so what you'll want to do is to place an image like this: <img src="path/to/captcha.php"> Where the src is the path to the script that generates a CAPTCHA image of course.

Yeah same for all of them. By the way, you shouldn't use short tags. Use these instead: <?php

Place the file within document root, then call it sort of like this: wget http://something/script.php --save-cookies cookies.txt --load-cookies cookies.txt -O /dev/null