Jump to content

Still trying to unset my $_SESSION['key'] not working people still submitting.

Gayner

By Gayner
in PHP Coding Help

Recommended Posts

Gayner Advanced Member

Gayner

Posted
Posted

People are still submitting the form and spamming because my captcha key doesn't unset or clear:

 

here is my captcha code:

 

 

session_start();

$RandomStr = md5(microtime());// md5 to generate the random string
$text = rand(10000,99999);
$_SESSION["key"] = $text;
$height = 25;
$width = 35;

$image_p = imagecreate($width, $height);
$black = imagecolorallocate($image_p, 100, 5, 5);
$white = imagecolorallocate($image_p, 155, 155, 025);
$font_size = 16;
$text=substr($_SESSION['key'],0,3);
imagestring($image_p, $font_size, 5, 5, $text, $white);
imagejpeg($image_p, null, 80); 
unset($_SESSION["key");

 

I added the 

unset(#_SESSION["key");

but people can still refresh and submit form.. help?

 

Here is my html:

 

 

td align="right">Your unique security code<input type="hidden" name="secId" value="76c2b0e6f20ed0f1b209bcf39dee8e06"></td>
		<td>
			<img src="php_captcha.php">

 

Why ?

Goldeneye Regular Member

Goldeneye

Posted
Posted

unset($_SESSION["key");

 

should be

unset($_SESSION["key"]);

 

Your snippet was missing the closing "]"

 

Also, use single quotes around your strings if that string does not contain a variable -- it's slightly faster.

Gayner Advanced Member

Gayner

Posted
  • Author
Posted

unset($_SESSION["key");

 

should be

unset($_SESSION["key"]);

 

Your snippet was missing the closing "]"

 

Also, use single quotes around your strings if that string does not contain a variable -- it's slightly faster.

 

Its still messed up.. still let's me submit, screw it thx tho

Gayner Advanced Member

Gayner

Posted
  • Author
Posted

Can you show the code in which you check the user input against the session?

 

I FIXED IT

  $key=substr($_SESSION['key'],0,3);
      $number = $_REQUEST['number'];
      if($number!=$key){
          echo '<center><font face="Verdana, Arial, Helvetica, sans-serif" color="#FF0000">
	   Validation string not valid! Please try again!</font></center>';

	   exit;
	   }
	   
      else
  {
       unset($_SESSION['key']);

 

thx

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.