Page 1 of 1

Session Value Changes Automaticly ... plz Helpppp !!

Posted: Thu Sep 10, 2009 3:20 pm
by jmaster1985
hello all .
I have a captha in my site . Simply i produce a random code on an image and store that code in the session . then i would check the code stored in the session and the code that user posted to the page .

the script worked for 6 months very well until last night . after a server upgrade or something like that i realized that when a user enters every thing as a capcha he/she can bypass the captha very well !!!!

I traced the code , and find out the "IF ($_SESSION['CODE']==$_POST['CODE']) " will always return true !! i checked the code value in the session and saw that the $_SESSION['CODE'] changes to WHAT EVER USER POSTS , and because of this that IF always returns TRUE !

before you help me with this , please remember that I don't have any piece of code in my script that changes the session value to what ever user posts and , my captcha works very well on my local machine , but on the server i have this problem

any helps appreciated

Re: Session Value Changes Automaticly ... plz Helpppp !!

Posted: Thu Sep 10, 2009 3:54 pm
by Christopher
Check you code and make sure you are not doing:

Code: Select all

if ($_SESSION['CODE'] = $_POST['CODE'])
That is a common error and would assign rather than test -- and return true if there was a post value.

Re: Session Value Changes Automaticly ... plz Helpppp !!

Posted: Thu Sep 10, 2009 4:01 pm
by jmaster1985
no , i checked its ==
session changes before i make the comparison

could it be from server config or something like that ?

Re: Session Value Changes Automaticly ... plz Helpppp !!

Posted: Thu Sep 10, 2009 5:35 pm
by Darhazer
How $_SESSION['code'] is initialized? Maybe there is register_globals on, which leads to overwriting the value?

Re: Session Value Changes Automaticly ... plz Helpppp !!

Posted: Fri Sep 11, 2009 5:58 am
by jmaster1985
yes...

I found that the register_globals_is on

now the problem solved . thanks :) :)