[SOLVED] Basic Image Captcha

[MasterACE14]

hello,

 

I made a basic image captcha, and the image generates fine, but I am using a Session variable to hold the 3 digits in the image, which are then checked in my login.php page against a text box for the 3 digits. And if I put in the wrong digits, it displays my error, so that works fine. But if I put in the correct digits, it still displays my error... and I cant figure out why.

 

here's my image_verification.php file:

<?php
//error_reporting(E_ALL);

// variables
$number_1 = rand(1,9);
$number_2 = rand(1,9);
$number_3 = rand(1,9);

$code = $number_1 . $number_2 . $number_3;

$_SESSION['SECURITY_CODE'] = $code;

$image = "http://www.crikeygames.com.au/conflictingforces/images/image_captcha.PNG";  
$im = imagecreatefrompng($image); 
$wc = ImageColorAllocate ($im, 255, 255, 255);  
ImageString($im, 5, 12, 2, $code, $wc);  
header("Content-Type: image/png");  
Imagepng($im);  
ImageDestroy ($im); 

?>

 

and here's login.php(just whats necessary)

Note: $_POST['imagecaptcha'] is the text input on the homepage where you insert the 3 digits:

<?php

// Check to see if security codes match.
if ($_POST['imagecaptcha'] !== $_SESSION['SECURITY_CODE'])
{

	echo "<center>The Security Code was incorrect!</center><br>";
	echo "<center><input type=button value=\"Back\" onClick=\"history.go(-1)\"></center>";
	die();

} else {

// check username against database etc etc...

?>

 

Regards ACE

[MasterACE14]

I forgot one thing. Should I remove the $_SESSION['SECURITY_CODE'] variable after login??

[tinker]

Consider this:

$x = 6;
$y = 7;
$z = 8;
$a = $x.$y.$z;
print ":".$a.":<br>";
if($a !== 678)
{
print "one<br>";
}
else
{
print "two<br>";
}
// AND
if($a !== '678')
{
print "one<br>";
}
else
{
print "two<br>";
}

 

Be sure of what variables your using, if they are both strings i'd advise using:

if(strcmp($a, $b)!=0)

[cooldude832]

yes your issue is your using a !== which only is false (meaning its true) if they are the exact same variable type and value  i.e

 

<?php
$var1 = "1";
$var2 = 1;

if($var1  !== $var2){
echo "This is true.<br />";
}
if($var1 != $var2){
echo "This is false.<br />";
}i
if($var1  == $var2){
echo "this is true.<Br />";
}
if($var1 === $var2){
echo "this is false.<br />";
}
?>

 

See what I am saying

 

$_POST is all string variables (unless they are files)

[MasterACE14]

ok, that makes sense, but I've changed it just to != , and I still get my own error message:

The Security Code was incorrect!

 

I don't understand why?? am I possibly setting the Session variable in the wrong place??

[cooldude832]

you do have session_start(); on that page? 

 

Also just a rule of thumb if you try and compare a session value that is set after headers are sent it will be on the value pre headers sent

i.e

 

<?php
session_start();
$_SESSION['test'] = "Bob";
#Send some output
echo "The Session is: ";
$_SESSION['test'] = "Joe";
echo $_SESSION['test'];
#Output The Session is: Bob
?>

 

Make sense

[MasterACE14]

sought of...

[MasterACE14]

I've removed the session variable in image_verification

 

and have added this to login.php

 

		echo "<font color=\"red\">" . $_POST['imagecaptcha'] . "</font>";
	echo "<br>";
	echo "<font color=\"blue\">".$code."</font>";

 

it displays the POST but not $code

[cooldude832]

why not just do

$code = rand(1,999);

 

instead of connotation 3 integers?

[MasterACE14]

didn't know I could do that lol, I'll do that now. That still doesn't explain why the $code variable is showing nothing in login.php  :-\

 

is there a trick to somehow submit the 3 digits to login.php from image_verification.php ??

[MasterACE14]

bump

[MasterACE14]

got it working now, thanks everyone for your help and advice 

 

Regards ACE