Doug Posted November 7, 2012 Share Posted November 7, 2012 I have created a Captcha image to use on various forms. It works fine in one are creating a row of letters that when entered correctly send the information to the correct email. However when I cut and paste the exact same code the image creates numbers that cannot be read and therefore the form cannot be sent. I cannot for the life of me see why this would be? Or at least prevent numbers form appearing? Thanks very much in advance for any help Code below: <?php session_start(); // Set some important CAPTCHA constants define('CAPTCHA_NUMCHARS', 6); define('CAPTCHA_WIDTH', 100); define('CAPTCHA_HEIGHT', 25); // Generate the random pass-phrase $pass_phrase = ""; for ($i = 0; $i < CAPTCHA_NUMCHARS; $i++) { $pass_phrase .= chr(rand(97, 122)); } // Store the encrypted pass-phrase in a session variable $_SESSION['pass_phrase'] = SHA1($pass_phrase); // Create the image $img = imagecreatetruecolor(CAPTCHA_WIDTH, CAPTCHA_HEIGHT); // Set a white background with black text and gray graphics $bg_color = imagecolorallocate($img, 255, 255, 255); // white $text_color = imagecolorallocate($img, 0, 0, 0); // black $graphic_color = imagecolorallocate($img, 64, 64, 64); // dark gray // Fill the background imagefilledrectangle($img, 0, 0, CAPTCHA_WIDTH, CAPTCHA_HEIGHT, $bg_color); // Draw some random lines for ($i = 0; $i < 5; $i++) { imageline($img, 0, rand() % CAPTCHA_HEIGHT, CAPTCHA_WIDTH, rand() % CAPTCHA_HEIGHT, $graphic_color); } // Sprinkle in some random dots for ($i = 0; $i < 50; $i++) { imagesetpixel($img, rand() % CAPTCHA_WIDTH, rand() % CAPTCHA_HEIGHT, $graphic_color); } // Draw the pass-phrase string imagettftext($img, 18, 0, 5, CAPTCHA_HEIGHT - 5, $text_color, 'Courier New Bold.ttf', $pass_phrase); // Output the image as a PNG using a header header("Content-type: image/png"); imagepng($img); // Clean up imagedestroy($img); ?> The above works wioth this code below: <?php $from = ""; $subject = ""; $onesevenoaksmail = ""; if (isset($_POST['submit'])) { $from = $_POST ['from']; $subject = $_POST ['subject']; $onesevenoaksmail = $_POST ['onesevenoaksmail']; $email = "support@onesevenoaks.co.uk"; $output_form = 'no'; if (empty($subject)) { //$subject is blank echo '<p class="error">You forgot to enter a subject.</p>'; $output_form = 'yes'; } if (empty($onesevenoaksmail)) { // $onesevenoaksmail is blank echo '<p class="error">You forgot to enter your message.</p>'; $output_form = 'yes'; } //Check the CAPTCHA pass-phrase for verification $user_pass_phrase = sha1($_POST['verify']); if ($_SESSION['pass_phrase'] != $user_pass_phrase) { echo '<p class="error">Please enter the verification pass phrase exactly as shown.</p>'; $output_form = 'yes'; } if (!preg_match('/^[a-zA-Z0-9][a-zA-Z0-9\._\-&!?=#]*@/', $from)) { //$email is invlaid beacsue local name is bad echo '<p class="error">Your email address is incorrect.</p>'; $output_form = 'yes'; } else { //strip out everything but the domain from the email $domain = preg_replace('/^[a-zA-Z0-9][a-zA-Z0-9\._\-&!?=#]*@/', '', $from); //Now check if $domain is registered function win_checkdnsrr($domain,$recType='') { if (!empty($domain)) { if ($recType=='') $recType="MX"; exec("nslookup -type=$recType $domain",$output); foreach($output as $line) { if (preg_match("/^$domain/", $line)) { return true; } return false; } return false; } } } } else { $output_form = 'yes'; } if ($output_form == 'yes') { ?> <table> <tr> <td> <form enctype="multipart/form-data" method="POST" action="<?php echo $_SERVER['PHP_SELF']; ?>"> <label for="from">Email:</label></td> <td><input id="from" name="from" type="text" size="60" value="<?php echo $from; ?>"/></td></tr> <tr> <td> <label for="subject">Subject of email: </label></td> <td><input type="text" id="subject" name="subject" size="60" value="<?php echo $subject; ?>" /> </td> </tr> <tr> <td> <label for="onesevenoaksmail">Body of email: </label></td> <td><textarea id="onesevenoaksmail" name="onesevenoaksmail" rows="8" cols="60"><?php echo $onesevenoaksmail; ?></textarea> </td> </tr> <tr> <td>Verification:</td> <td> <input type = "text" id="verify" name="verify" size="30" /> <img src="captcha.php" alt="Verification pass-phrase" /> </td> </tr> <tr> <td> <input type="submit" name="submit" value="Submit" /> </td> </tr> </table> <hr> </form> <?php } else if ($output_form == 'no') { $msg = "Dear Doug\n Subject: $subject\n Message: $onesevenoaksmail\n From: $from"; $headers = "doug_pitchers@hotmail.com"; mail($headers, $subject, $msg, 'from:' . 'dougpitchers@yahoo.co.uk'); echo '<p> Thank you for the message! We will respond within 48 hours</p>'; } ?> but not this code below: <?php session_start(); ?> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"> <html lang="en"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8"> <title>Web development kent - Contact DP Web Development </title> <link rel="stylesheet" href="dpwebdevelopment1.css" type="text/css" /> </head> <body id="contact"> <div id="wrap4"> <div id="header"> DP WEB DEVELOPMENT </div> <?php require_once('navmenu.php'); ?> <img alt='contactus image' src='webdevelopmentimages/reflowers.jpg' border='0'/> <H1>Contact DP Web Development</h1>  <div id="phone"> <img src="webdevelopmentimages/phoneicon.gif" alt="phone DP Web Development">07939014511 </div> <p>Whatever your situation we would love to hear from you</p> <?php $firstname = ""; $lastname = ""; $from = ""; $subject = ""; $dpwebdevelopmentmail = ""; $number = ""; $webmail = ""; if (isset($_POST['submit'])) { $firstname = $_POST ['firstname']; $lastname = $_POST ['lastname']; $from = $_POST ['from']; $subject = $_POST ['subject']; $dpwebdevelopmentmail = $_POST ['dpwebdevelopmentmail']; $email = "doug_pitchers@hotmail.com"; $number = $_POST ['number']; $webmail = $_POST['webmail']; $output_form = 'no'; if (empty($firstname)) { //$firtsname is blank echo '<p class="error">You forgot to enter your first name.</p>'; $output_form = 'yes'; } if (empty($lastname)) { //$lastname is blank echo '<p class="error">You forgot to enter your last name.</p>'; $output_form = 'yes'; } if (empty($subject)) { //$subject is blank echo '<p class="error">You forgot to enter a subject.</p>'; $output_form = 'yes'; } if (empty($dpwebdevelopmentmail)) { // $dpwebdevelopmentmail is blank echo '<p class="error">You forgot to enter your message.</p>'; $output_form = 'yes'; } //Check the CAPTCHA pass-phrase for verification $user_pass_phrase = sha1($_POST['verify']); if ($_SESSION['pass_phrase'] != $user_pass_phrase) { echo '<p class="error">Please enter the verification pass phrase exactly as it is shown.</p>'; $output_form = 'yes'; } if (!preg_match('/^[a-zA-Z0-9][a-zA-Z0-9\._\-&!?=#]*@/', $from)) { //$email is invlaid beacsue local name is bad echo '<p class="error">Your email address was not recognised. Please enter it again..</p>'; $output_form = 'yes'; } else { //strip out everything but the domain from the email $domain = preg_replace('/^[a-zA-Z0-9][a-zA-Z0-9\._\-&!?=#]*@/', '', $from); //Now check if $domain is registered function win_checkdnsrr($domain,$recType='') { if (!empty($domain)) { if ($recType=='') $recType="MX"; exec("nslookup -type=$recType $domain",$output); foreach($output as $line) { if (preg_match("/^$domain/", $line)) { return true; } return false; } return false; } } } } else { $output_form = 'yes'; } if ($output_form == 'yes') { ?> <table> <tr> <td> <form enctype="multipart/form-data" method="POST" action="<?php echo $_SERVER['PHP_SELF']; ?>"> <tr> <td> <label for="firstname">First Name: </label></td> <td><input type="text" id="firstname" name="firstname" size="60" value="<?php echo $firstname; ?>" /> </td> </tr> <tr> <td> <label for="lastname">Last Name: </label></td> <td><input type="text" id="lastname" name="lastname" size="60" value="<?php echo $lastname; ?>" /> </td> </tr> <tr> <td> <label for="subject">Subject of email: </label></td> <td><input type="text" id="subject" name="subject" size="60" value="<?php echo $subject; ?>" /> </td> </tr> <tr> <td> <label for="dpwebdevelopmentmail">Message </label></td> <td><textarea id="dpwebdevelopmentmail" name="dpwebdevelopmentmail" rows="8" cols="60"><?php echo $dpwebdevelopmentmail; ?></textarea> </td> </tr> <tr> <td> <label for="from">Your Email address:</label></td> <td><input id="from" name="from" type="text" size="60" value="<?php echo $from; ?>"/></td></tr> <tr> <td> <label for="from">Your contact phone number:</label></td> <td><input id="number" name="number" type="text" size="60" value="<?php echo $number ?>"/> </td> </tr> <tr> <td> <label for="contact">How would you prefer to be contacted?:</label></td> <td>Email <input id="webmail" name="webmail" type="radio" value="webmail" checked /> Phone<input id="webmail" name="webmail" type="radio" value="phone" /> </td> </tr> <tr> <td>Verification:</td> <td> <input type = "text" id="verify" name="verify" size="30" /> <img src="captcha.php" alt="Verification pass-phrase" /> </td> </tr> <tr> <td> <input type="submit" name="submit" value="Submit" /> </td> </tr> </table> <hr> </form> <?php } else if ($output_form == 'no') { $msg = "Dear Doug\n FirstName: $firstname\n Lastname: $lastname\n Subject: $subject\n Message: $dpwebdevelopmentmail\n Phone: $number\n Contact: $webmail\n From: $from"; $headers = "doug_pitchers@hotmail.com"; mail($headers, $subject, $msg, 'from:' . 'dougpitchers@yahoo.co.uk'); echo '<p> Thank you for the message! We will respond within 24 hours</p>'; } ?> </body> </html> Quote Link to comment https://forums.phpfreaks.com/topic/270412-same-code-different-outcome-why/ Share on other sites More sharing options...
PFMaBiSmAd Posted November 7, 2012 Share Posted November 7, 2012 What exact output are you getting and what exactly is wrong with it? What's the expected output? Quote Link to comment https://forums.phpfreaks.com/topic/270412-same-code-different-outcome-why/#findComment-1390871 Share on other sites More sharing options...
Doug Posted November 8, 2012 Author Share Posted November 8, 2012 I expect the Captcha.php to out put a string of six characters (letters). Which it does with the first program. With the second, for some reason it outputs a string of 40 characters (letters and numbers) Quote Link to comment https://forums.phpfreaks.com/topic/270412-same-code-different-outcome-why/#findComment-1391008 Share on other sites More sharing options...
Doug Posted November 8, 2012 Author Share Posted November 8, 2012 UPDATE: It works the first time the page is entered. Refresh and the 40 characters appear Quote Link to comment https://forums.phpfreaks.com/topic/270412-same-code-different-outcome-why/#findComment-1391019 Share on other sites More sharing options...
Muddy_Funster Posted November 8, 2012 Share Posted November 8, 2012 hmmm....smells like a session issue then Quote Link to comment https://forums.phpfreaks.com/topic/270412-same-code-different-outcome-why/#findComment-1391031 Share on other sites More sharing options...
Doug Posted November 8, 2012 Author Share Posted November 8, 2012 Sorry, but I can't see where. Quote Link to comment https://forums.phpfreaks.com/topic/270412-same-code-different-outcome-why/#findComment-1391042 Share on other sites More sharing options...
PFMaBiSmAd Posted November 8, 2012 Share Posted November 8, 2012 The problem is most likely due to register_globals being turned on. When you store the hashed value to $_SESSION['pass_phrase'] (or it already has a value in it), php sets $pass_phrase to that same value. What does a phpinfo statement show for the register globals setting on both systems? Quote Link to comment https://forums.phpfreaks.com/topic/270412-same-code-different-outcome-why/#findComment-1391043 Share on other sites More sharing options...
Doug Posted November 8, 2012 Author Share Posted November 8, 2012 um...think both are the same: On. How would I turn them off? Is this advisable? Quote Link to comment https://forums.phpfreaks.com/topic/270412-same-code-different-outcome-why/#findComment-1391053 Share on other sites More sharing options...
PFMaBiSmAd Posted November 8, 2012 Share Posted November 8, 2012 Register_globals were turned off by default over 10 years ago (unfortunately web hosts and 'php coders' didn't get and follow the loose recommendation.) If you have access to the master php.ini, that's where you should turn them off at. If you are on shared web hosting, you can turn it off in a local php.ini (when php is running as a CGI application) or in a .htaccess file (when php is running as an Apache Module.) The syntax for a php.ini would be register_globals off The syntax for a .htaccess file would be php_flag register_globals off As a test, you can change the name of your session variable to something else. Quote Link to comment https://forums.phpfreaks.com/topic/270412-same-code-different-outcome-why/#findComment-1391057 Share on other sites More sharing options...
Doug Posted November 8, 2012 Author Share Posted November 8, 2012 ok..i must have read th wrong thing. This file is only a few weeks old! The programs work on my local host. They work in the all other programs I have used. It is only this one that it does not work as expected, giving out 40 characters rather than 6 Thnaks for your continued help! Quote Link to comment https://forums.phpfreaks.com/topic/270412-same-code-different-outcome-why/#findComment-1391067 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.