quasiman Posted August 10, 2006 Share Posted August 10, 2006 I'm working in DaDaBIK, and I need to increase the security a bit for this project. So one of my changes I'm adding on CAPTCHA authentication to the login. My problem is the number $_POST doesn't seem to be passing through the session correctly, and won't validate with the the image.This modification uses two of the DaDaBIK files and a captcha.php:include/forms/login.php (the displayed login form)[code=php:0]<table summary="login" class="table_login_form" align="center"><tr class="tr_header_login_form"><td valign=top><b><?php echo $login_messages_ar['please_authenticate']; ?></b></td></tr><tr><td valign="top" align="center"><br><form method="post" action="<?php echo $dadabik_login_file; ?>?function=check_login"><table><tr><td><?php echo $login_messages_ar['username']; ?></td><td><input type="text" name="username_user" class="input_login_form"></td></tr><tr><td><?php echo $login_messages_ar['password']; ?></td><td><input type="password" name="password_user" class="input_login_form"></td></tr><tr><td> </td><td><img src="captcha.php"></td></tr><tr><td><?php echo $login_messages_ar['captcha']; ?></td><td><input type="text" name="number" class="input_login_form"></td></tr><tr><td colspan="2" align="center"><input type="submit" value="<?php echo $login_messages_ar['login']; ?>"></td></tr></table></form></tr></td></table>[/code]login.php[code=php:0]$key = $_SESSION['key'];$_SESSION['number'] = $_POST['number'];$number = $_SESSION['number'];$show_record_numbers_change_table = 0;switch($function){ case 'check_login': if ( $_POST['username_user'] === '' || $_POST['password_user'] === '' || $_POST['number'] === '') { txt_out('<p align="center">'.$login_messages_ar['username_password_are_required'].'</p>', 'error_messages_form'); include './include/forms/login.php'; } // end if elseif ($number!=$key) { //CHECK CAPTCHA txt_out('<p align="center">'.$login_messages_ar['captcha_auth'].'</p>', 'error_messages_form'); include './include/forms/login.php'; } // end if else{ $_SESSION['logged_user_infos_ar'] = get_user_infos_ar_from_username_password($_POST['username_user'], $_POST['password_user']); //var_dump ($_SESSION['logged_user_infos_ar']); //exit; if ( $_SESSION['logged_user_infos_ar'] !== false){ //header ('Location: '.$site_url.'index.php'); header ('Location: '.$site_url.$dadabik_main_file); die(); } // end if else{ unset($_SESSION['logged_user_infos_ar']); txt_out('<p align="center">'.$login_messages_ar['incorrect_login'].'</p>', 'error_messages_form'); include './include/forms/login.php'; } // end else } // end else break; // case 'check_login' case 'logout': unset($_SESSION['logged_user_infos_ar']); header ('Location: '.$site_url.$dadabik_login_file); die(); break; // case 'logout' case 'show_login_form': include './include/forms/login.php'; break; // case 'show_login_form'} // end swtich ($function)// include footerinclude ("./include/footer.php");[/code]And finally - captcha.php[code=php:0]session_start();$RandomStr = md5(microtime());// md5 to generate the random string$ResultStr = substr($RandomStr,0,5);//trim 5 digit $NewImage =imagecreatefromjpeg("img.jpg");//image create by existing image and as back ground $LineColor = imagecolorallocate($NewImage,233,239,239);//line color $TextColor = imagecolorallocate($NewImage, 255, 255, 255);//text color-whiteimageline($NewImage,1,1,40,40,$LineColor);//create line 1 on image imageline($NewImage,1,100,60,0,$LineColor);//create line 2 on image imagestring($NewImage, 5, 20, 10, $ResultStr, $TextColor);// Draw a random string horizontally $_SESSION['key'] = $ResultStr;// carry the data through sessionheader("Content-type: image/jpeg");// out out the image imagejpeg($NewImage);//Output image to browser [/code] Quote Link to comment Share on other sites More sharing options...
quasiman Posted August 10, 2006 Author Share Posted August 10, 2006 oh, and 'captcha_auth' above just points to the language file as "Text from image incorrect" Quote Link to comment Share on other sites More sharing options...
xAtlas Posted August 11, 2006 Share Posted August 11, 2006 What happens if you try this:[code]//removed a third = in the IF contruct if ( $_POST['username_user'] == '' || $_POST['password_user'] == '' || $_POST['number'] == '') { txt_out('<p align="center">'.$login_messages_ar['username_password_are_required'].'</p>', 'error_messages_form'); include './include/forms/login.php'; } // end if elseif ($number != $key) { //CHECK CAPTCHA txt_out('<p align="center">'.$login_messages_ar['captcha_auth'].'</p>', 'error_messages_form'); include './include/forms/login.php'; } // end if else{ $_SESSION['logged_user_infos_ar'] = get_user_infos_ar_from_username_password($_POST['username_user'], $_POST['password_user']); //var_dump ($_SESSION['logged_user_infos_ar']); //exit;//changed the !==false to != false if ( $_SESSION['logged_user_infos_ar'] != false){ //header ('Location: '.$site_url.'index.php'); header ('Location: '.$site_url.$dadabik_main_file); die();[/code] Quote Link to comment Share on other sites More sharing options...
quasiman Posted August 11, 2006 Author Share Posted August 11, 2006 Thank you for the suggestion, but it doesn't change anything... Quote Link to comment Share on other sites More sharing options...
xAtlas Posted August 11, 2006 Share Posted August 11, 2006 can you post any errors you're getting? Quote Link to comment Share on other sites More sharing options...
quasiman Posted August 11, 2006 Author Share Posted August 11, 2006 The only error I'm getting is "Text from image incorrect" coming out of my language file for the elseif statement.If I echo $_SESSION['key'] it does show the correct number, but echoing $_SESSION['number'] returns blank.Sorry I can't give more info...maybe there's something else I need to test for? Quote Link to comment Share on other sites More sharing options...
quasiman Posted August 17, 2006 Author Share Posted August 17, 2006 **bump** Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.