jmaster1985 Posted September 10, 2009 Share Posted September 10, 2009 hello all . I have a captha in my site . Simply i produce a random code on an image and store that code in the session . then i would check the code stored in the session and the code that user posted to the page . the script worked for 6 months very well until last night . after a server upgrade or something like that i realized that when a user enters every thing as a capcha he/she can bypass the captha very well !!!! I traced the code , and find out the "IF ($_SESSION['CODE']==$_POST['CODE']) " will always return true !! i checked the code value in the session and saw that the $_SESSION['CODE'] changes to WHAT EVER USER POSTS , and because of this that IF always returns TRUE ! before you help me with this , please remember that I don't have any piece of code in my script that changes the session value to what ever user posts and , my captcha works very well on my local machine , but on the server i have this problem any helps appreciated ps . it is == not = in my if ! Quote Link to comment https://forums.phpfreaks.com/topic/173840-session-value-changes-automaticly-plz-helllllp/ Share on other sites More sharing options...
mikesta707 Posted September 10, 2009 Share Posted September 10, 2009 don't set the session to the value of what the user posts? Quote Link to comment https://forums.phpfreaks.com/topic/173840-session-value-changes-automaticly-plz-helllllp/#findComment-916358 Share on other sites More sharing options...
jmaster1985 Posted September 10, 2009 Author Share Posted September 10, 2009 Absolutely no ! the code works on local machine fine . but on the server have this problem Quote Link to comment https://forums.phpfreaks.com/topic/173840-session-value-changes-automaticly-plz-helllllp/#findComment-916365 Share on other sites More sharing options...
mikesta707 Posted September 10, 2009 Share Posted September 10, 2009 then lets see this code? what version of php do you have on your various machines Quote Link to comment https://forums.phpfreaks.com/topic/173840-session-value-changes-automaticly-plz-helllllp/#findComment-916367 Share on other sites More sharing options...
jmaster1985 Posted September 10, 2009 Author Share Posted September 10, 2009 The Local Version : PHP 5.2.3 The Server Version : PHP 5.2.6 DEAR MIKESTA THANKS FOR ASKING ME THE VERSIONS ! I GOOGLED PHP5.2.6 SESSION AND I FOUND THIS !!! Offline Offline Posts: 6086 WWW Re: [Random] Php 5.2.6 session behavior notice. « Reply #2 on: October 23, 2008, 08:01:03 AM » Correct. You have register globals turned on on your machine. All: $_SESSION['x'], $_GET['y'], $_POST['z'], $_REQUEST['r'], $_COOKIE['c'] are also accessible with: $x, $y, $z, $r, $c AGAIN THANKS !!!!!!!!!!!! Quote Link to comment https://forums.phpfreaks.com/topic/173840-session-value-changes-automaticly-plz-helllllp/#findComment-916373 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.