hello all .
I have a captha in my site . Simply i produce a random code on an image and store that code in the session . then i would check the code stored in the session and the code that user posted to the page .
the script worked for 6 months very well until last night . after a server upgrade or something like that i realized that when a user enters every thing as a capcha he/she can bypass the captha very well !!!!
I traced the code , and find out the "IF ($_SESSION['CODE']==$_POST['CODE']) " will always return true !! i checked the code value in the session and saw that the $_SESSION['CODE'] changes to WHAT EVER USER POSTS , and because of this that IF always returns TRUE !
before you help me with this , please remember that I don't have any piece of code in my script that changes the session value to what ever user posts and , my captcha works very well on my local machine , but on the server i have this problem
any helps appreciated
Session Value Changes Automaticly ... plz Helpppp !!
Moderator: General Moderators
-
jmaster1985
- Forum Newbie
- Posts: 3
- Joined: Thu Sep 10, 2009 3:08 pm
- Christopher
- Site Administrator
- Posts: 13596
- Joined: Wed Aug 25, 2004 7:54 pm
- Location: New York, NY, US
Re: Session Value Changes Automaticly ... plz Helpppp !!
Check you code and make sure you are not doing:
That is a common error and would assign rather than test -- and return true if there was a post value.
Code: Select all
if ($_SESSION['CODE'] = $_POST['CODE'])(#10850)
-
jmaster1985
- Forum Newbie
- Posts: 3
- Joined: Thu Sep 10, 2009 3:08 pm
Re: Session Value Changes Automaticly ... plz Helpppp !!
no , i checked its ==
session changes before i make the comparison
could it be from server config or something like that ?
session changes before i make the comparison
could it be from server config or something like that ?
Re: Session Value Changes Automaticly ... plz Helpppp !!
How $_SESSION['code'] is initialized? Maybe there is register_globals on, which leads to overwriting the value?
-
jmaster1985
- Forum Newbie
- Posts: 3
- Joined: Thu Sep 10, 2009 3:08 pm
Re: Session Value Changes Automaticly ... plz Helpppp !!
yes...
I found that the register_globals_is on
now the problem solved . thanks

I found that the register_globals_is on
now the problem solved . thanks