Gayner Posted November 29, 2009 Share Posted November 29, 2009 People are still submitting the form and spamming because my captcha key doesn't unset or clear: here is my captcha code: session_start(); $RandomStr = md5(microtime());// md5 to generate the random string $text = rand(10000,99999); $_SESSION["key"] = $text; $height = 25; $width = 35; $image_p = imagecreate($width, $height); $black = imagecolorallocate($image_p, 100, 5, 5); $white = imagecolorallocate($image_p, 155, 155, 025); $font_size = 16; $text=substr($_SESSION['key'],0,3); imagestring($image_p, $font_size, 5, 5, $text, $white); imagejpeg($image_p, null, 80); unset($_SESSION["key"); I added the unset(#_SESSION["key"); but people can still refresh and submit form.. help? Here is my html: td align="right">Your unique security code<input type="hidden" name="secId" value="76c2b0e6f20ed0f1b209bcf39dee8e06"></td> <td> <img src="php_captcha.php"> Why ? Quote Link to comment Share on other sites More sharing options...
Goldeneye Posted November 29, 2009 Share Posted November 29, 2009 unset($_SESSION["key"); should be unset($_SESSION["key"]); Your snippet was missing the closing "]" Also, use single quotes around your strings if that string does not contain a variable -- it's slightly faster. Quote Link to comment Share on other sites More sharing options...
Gayner Posted November 29, 2009 Author Share Posted November 29, 2009 unset($_SESSION["key"); should be unset($_SESSION["key"]); Your snippet was missing the closing "]" Also, use single quotes around your strings if that string does not contain a variable -- it's slightly faster. Its still messed up.. still let's me submit, screw it thx tho Quote Link to comment Share on other sites More sharing options...
Andy-H Posted November 29, 2009 Share Posted November 29, 2009 Can you show the code in which you check the user input against the session? Quote Link to comment Share on other sites More sharing options...
Gayner Posted November 29, 2009 Author Share Posted November 29, 2009 Can you show the code in which you check the user input against the session? I FIXED IT $key=substr($_SESSION['key'],0,3); $number = $_REQUEST['number']; if($number!=$key){ echo '<center><font face="Verdana, Arial, Helvetica, sans-serif" color="#FF0000"> Validation string not valid! Please try again!</font></center>'; exit; } else { unset($_SESSION['key']); thx Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.