Trouble with $_SESSION

[Milosz]

Here is my situation: I have created a form with a captcha on my local WAMP server (2.0 with PHP 5). It's your everyday <img src="captcha.php">. The creation of the captcha image is handled by a PHP script that operates as follows:

 

A 5-character string is generated. This string is stored in $_SESSION[ 'captcha' ], and drawn into an image variable. Proper headers are set up and the image is echoed using imagepng(). In summary, the code for the generator goes like this:

 

$code = generateCode( 5 ); //Generates a sequence of 5 characters
session_start();
$_SESSION[ 'captcha' ] = $code;
...
/* The image is created */
...
header( 'Cache-Control: no-cache, must-revalidate' );
header( 'Pragma: no-cache' );
header( 'Content-Type: image/png' );
imagepng( $image );

 

And there is, of course, a session_start() at the beginning of the form page as well.

 

Back in the form, the user is shown the image and asked to input the 5-character string into a box. When the form is submitted, the user's input is checked against $_SESSION[ 'captcha' ]. If the check returns a success, $_SESSION[ 'captcha' ] is unset to prevent form re-submission.

 

Everything works just fine locally, but for some reason as soon as I upload to my web server, the boolean expression that determines correct user input for the captcha, as shown below, always returns false:

 

isset( $_SESSION[ 'captcha' ] ) && $_POST[ 'captcha' ] == $_SESSION[ 'captcha' ]

 

As part of my debugging effort, I added the following line to the checker function:

 

if ( isset( $_SESSION[ 'captcha' ] ) ) echo $_SESSION[ 'captcha' ]; else echo 'No Captcha!';

 

And now after submitting the form I am met with the following error:

 

Catchable fatal error: Object of class __PHP_Incomplete_Class could not be converted to string in <path to script> on line <line number>.

 

I don't understand why $_SESSION[ 'captcha' ] would be of class __PHP_Incomplete_Class. I know $_SESSION[ 'captcha' ] exists, because otherwise I would be getting an error about an undefined variable. Then I conclude that what is within $_SESSION[ 'captcha' ] is not a string, though I'm fairly sure I had put one there when I said $_SESSION[ 'captcha' ] = $code in my captcha generator script near the top of this post.

 

Any insight would be greatly appreciated.

[trq]

Can we see generateCode() ?

[premiso]

I, myself, prefer to use ReCaptcha instead of Captchas, The only thing, however, in this code that I can see going wrong, which may just be your preference is you space out everyone from [ [ in the array. I doubt this is the reason why, it is just weird to do imo.

 

Anyhow if you would rather look into ReCaptcha here is an example of how it would work:

 

<?php
if (isset($_POST['submit']) && (!isset($_POST['extra']) || !empty($_POST['extra']))) {
     // execute code

}else {
?>
<script type="text/javascript">
<!--
function hide(id) {
    document.getElementById(id).style.display = "none";
}
// -->
</script>

<form method="post">
<input type="text" name="fname" id="fname" />
<input type="text" name="extra" id="extra" />
<input type="submit" name="submit" Value="Submit!" id="submit" />
</form>
<script type="text/javascript">
<!--
hide('extra');
// -->
</script>
<?php
}
?>

 

This way the user would never see extra (unless jscript is turned off) and they would not fill it in, since spam bots do not have jscript turned on usually they will almost always fill out that box cause they do not know any better.

 

I know this does not solve the problem, just another idea instead of using captchas =)