Jump to content

Recommended Posts

Here is my situation: I have created a form with a captcha on my local WAMP server (2.0 with PHP 5). It's your everyday <img src="captcha.php">. The creation of the captcha image is handled by a PHP script that operates as follows:

 

A 5-character string is generated. This string is stored in $_SESSION[ 'captcha' ], and drawn into an image variable. Proper headers are set up and the image is echoed using imagepng(). In summary, the code for the generator goes like this:

 

$code = generateCode( 5 ); //Generates a sequence of 5 characters
session_start();
$_SESSION[ 'captcha' ] = $code;
...
/* The image is created */
...
header( 'Cache-Control: no-cache, must-revalidate' );
header( 'Pragma: no-cache' );
header( 'Content-Type: image/png' );
imagepng( $image );

 

And there is, of course, a session_start() at the beginning of the form page as well.

 

Back in the form, the user is shown the image and asked to input the 5-character string into a box. When the form is submitted, the user's input is checked against $_SESSION[ 'captcha' ]. If the check returns a success, $_SESSION[ 'captcha' ] is unset to prevent form re-submission.

 

Everything works just fine locally, but for some reason as soon as I upload to my web server, the boolean expression that determines correct user input for the captcha, as shown below, always returns false:

 

isset( $_SESSION[ 'captcha' ] ) && $_POST[ 'captcha' ] == $_SESSION[ 'captcha' ]

 

As part of my debugging effort, I added the following line to the checker function:

 

if ( isset( $_SESSION[ 'captcha' ] ) ) echo $_SESSION[ 'captcha' ]; else echo 'No Captcha!';

 

And now after submitting the form I am met with the following error:

 

Catchable fatal error: Object of class __PHP_Incomplete_Class could not be converted to string in <path to script> on line <line number>.

 

I don't understand why $_SESSION[ 'captcha' ] would be of class __PHP_Incomplete_Class. I know $_SESSION[ 'captcha' ] exists, because otherwise I would be getting an error about an undefined variable. Then I conclude that what is within $_SESSION[ 'captcha' ] is not a string, though I'm fairly sure I had put one there when I said $_SESSION[ 'captcha' ] = $code in my captcha generator script near the top of this post.

 

Any insight would be greatly appreciated.

Link to comment
https://forums.phpfreaks.com/topic/141962-trouble-with-_session/
Share on other sites

I, myself, prefer to use ReCaptcha instead of Captchas, The only thing, however, in this code that I can see going wrong, which may just be your preference is you space out everyone from [ [ in the array. I doubt this is the reason why, it is just weird to do imo.

 

Anyhow if you would rather look into ReCaptcha here is an example of how it would work:

 

<?php
if (isset($_POST['submit']) && (!isset($_POST['extra']) || !empty($_POST['extra']))) {
     // execute code

}else {
?>
<script type="text/javascript">
<!--
function hide(id) {
    document.getElementById(id).style.display = "none";
}
// -->
</script>

<form method="post">
<input type="text" name="fname" id="fname" />
<input type="text" name="extra" id="extra" />
<input type="submit" name="submit" Value="Submit!" id="submit" />
</form>
<script type="text/javascript">
<!--
hide('extra');
// -->
</script>
<?php
}
?>

 

This way the user would never see extra (unless jscript is turned off) and they would not fill it in, since spam bots do not have jscript turned on usually they will almost always fill out that box cause they do not know any better.

 

I know this does not solve the problem, just another idea instead of using captchas =)

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.