Help with CAPTCHA

Hello, I recently downloaded and uploadee Secuimage CAPTCHA Class Version 0.3 PHP4 from http://www.neoprogrammers.com/ and Im having some problems.

1) It always says that the code entered is wrong, even in the example forms. I tried it with my altered code and without and it still never says it is correct

2) Sometimes the image doesnt load and the page needs to be refreshed before it does load, is there a way to fix this?

Thanks for your help

Hi,

I looked through the captcha class briefly.

Normally a captcha class would use the built in session functions for PHP but this particular one just writes the results of each captcha to a file. By default it is:

var $data_directory = "./image_data";
  //path of directory to store code data in.  make sure this is either outside of the webroot or unreadable

See the code:

function saveData()
  {
    $filename = md5($this->hash_salt . $_SERVER['REMOTE_ADDR']);
    $fp = fopen($this->data_directory . "/" . $filename, "w+");
    fwrite($fp, md5( $this->hash_salt . strtolower($this->code) )  );
    fclose($fp);
  }

  function validate()
  {
    $filename = md5($this->hash_salt . $_SERVER['REMOTE_ADDR']);

    $enced_code = trim(@file_get_contents($this->data_directory . "/" . $filename));
    
    $check = md5($this->hash_salt . strtolower($this->code_entered));

    if($check == $enced_code) {
      $this->correct_code = TRUE;
      @unlink($this->data_directory . "/" . $filename);
    } else {
      $this->correct_code = FALSE;
    }
  }

  function checkCode()
  {
    return $this->correct_code;
  }

  function pruneOld()
  {
    if ($handle = @opendir($this->data_directory)) {
      while (($filename = readdir($handle)) !== false) {
        if(time() - filemtime($this->data_directory . "/" . $filename) > $this->prune_minimum_age * 60) {
          @unlink($this->data_directory . "/" . $filename);
        } 
      }
      closedir($handle);
    }
  }

It may be that the script cannot write to the folder specified by:

var $data_directory

You may have to chmod it to 755, either via ftp or modify the PHP to do that automatically.

Since the captcha only outputs an image, it would be a bit hard to debug, but you could probably change the output temporarily so you can debug.

function output()
  {
    header("Expires: Sun, 1 Jan 2000 12:00:00 GMT");
    header("Last-Modified: " . gmdate("D, d M Y H:i:s") . "GMT");
    header("Cache-Control: no-store, no-cache, must-revalidate");
    header("Cache-Control: post-check=0, pre-check=0", false);
    header("Pragma: no-cache");
    header("Content-Type: image/jpeg");
    imagejpeg($this->im);
    imagedestroy($this->im);
  }

to

function output()
  {

return; // add a return so we dont send image headers, but output the default Content-Type of text/html so we can see errors

    header("Expires: Sun, 1 Jan 2000 12:00:00 GMT");
    header("Last-Modified: " . gmdate("D, d M Y H:i:s") . "GMT");
    header("Cache-Control: no-store, no-cache, must-revalidate");
    header("Cache-Control: post-check=0, pre-check=0", false);
    header("Pragma: no-cache");
    header("Content-Type: image/jpeg");
    imagejpeg($this->im);
    imagedestroy($this->im);
  }

I believe the use of custom disk writing functions instead of the regular PHP session functions is to not interfere with the larger php app that would be using the captch class, but it would probably be easier if you just used the Session Functions if you already have a session going on your site...

Hope that helps abit.

You can use "Captcha ZDR". Please review and leave your comment about that new captcha class writen in PHP.

Captcha ZDR anti spamm protection

Best regards
zdrsoft