Session Value Changes Automaticly ... PLZ HELLLLLP !!!

[jmaster1985]

hello all .

I have a captha in my site . Simply i produce a random code on an image and store that code in the session . then i would check the code stored in the session and the code that user posted to the page .

 

the script worked for 6 months very well until last night . after a server upgrade or something like that i realized that when a user enters every thing as a capcha he/she can bypass the captha very well !!!!

 

I traced the code , and find out the "IF ($_SESSION['CODE']==$_POST['CODE']) " will always return true !! i checked the code value in the session and saw that the $_SESSION['CODE'] changes to WHAT EVER USER POSTS , and because of this that IF always returns TRUE !

 

before you help me with this , please remember that I don't have any piece of code in my script that changes the session value to what ever user posts and , my captcha works very well on my local machine , but on the server i have this problem

 

any helps appreciated

 

ps . it is == not = in my if !

[mikesta707]

don't set the session to the value of what the user posts?

[jmaster1985]

Absolutely no ! the code works on local machine fine . but on the server have this problem

[mikesta707]

then lets see this code? what version of php do you have on your various machines

[jmaster1985]

The Local Version : PHP 5.2.3

The Server Version : PHP 5.2.6

 

DEAR MIKESTA THANKS FOR ASKING ME THE VERSIONS ! I GOOGLED PHP5.2.6 SESSION AND I FOUND THIS !!!

 

 

Offline Offline

 

Posts: 6086

 

 

 

WWW

 

 

Re: [Random] Php 5.2.6 session behavior notice.

« Reply #2 on: October 23, 2008, 08:01:03 AM »

 

Correct. You have register globals turned on on your machine.

 

All:

$_SESSION['x'], $_GET['y'], $_POST['z'], $_REQUEST['r'], $_COOKIE['c']

are also accessible with:

$x, $y, $z, $r, $c

 

 

AGAIN THANKS !!!!!!!!!!!!