Session Value Changes Automaticly ... plz Helpppp !!

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
jmaster1985
Forum Newbie
Posts: 3
Joined: Thu Sep 10, 2009 3:08 pm

Session Value Changes Automaticly ... plz Helpppp !!

Post by jmaster1985 »

hello all .
I have a captha in my site . Simply i produce a random code on an image and store that code in the session . then i would check the code stored in the session and the code that user posted to the page .

the script worked for 6 months very well until last night . after a server upgrade or something like that i realized that when a user enters every thing as a capcha he/she can bypass the captha very well !!!!

I traced the code , and find out the "IF ($_SESSION['CODE']==$_POST['CODE']) " will always return true !! i checked the code value in the session and saw that the $_SESSION['CODE'] changes to WHAT EVER USER POSTS , and because of this that IF always returns TRUE !

before you help me with this , please remember that I don't have any piece of code in my script that changes the session value to what ever user posts and , my captcha works very well on my local machine , but on the server i have this problem

any helps appreciated
User avatar
Christopher
Site Administrator
Posts: 13596
Joined: Wed Aug 25, 2004 7:54 pm
Location: New York, NY, US

Re: Session Value Changes Automaticly ... plz Helpppp !!

Post by Christopher »

Check you code and make sure you are not doing:

Code: Select all

if ($_SESSION['CODE'] = $_POST['CODE'])
That is a common error and would assign rather than test -- and return true if there was a post value.
(#10850)
jmaster1985
Forum Newbie
Posts: 3
Joined: Thu Sep 10, 2009 3:08 pm

Re: Session Value Changes Automaticly ... plz Helpppp !!

Post by jmaster1985 »

no , i checked its ==
session changes before i make the comparison

could it be from server config or something like that ?
User avatar
Darhazer
DevNet Resident
Posts: 1011
Joined: Thu May 14, 2009 3:00 pm
Location: HellCity, Bulgaria

Re: Session Value Changes Automaticly ... plz Helpppp !!

Post by Darhazer »

How $_SESSION['code'] is initialized? Maybe there is register_globals on, which leads to overwriting the value?
jmaster1985
Forum Newbie
Posts: 3
Joined: Thu Sep 10, 2009 3:08 pm

Re: Session Value Changes Automaticly ... plz Helpppp !!

Post by jmaster1985 »

yes...

I found that the register_globals_is on

now the problem solved . thanks :) :)
Post Reply