Session Value Changes Automaticly ... plz Helpppp !!
Posted: Thu Sep 10, 2009 3:20 pm
hello all .
I have a captha in my site . Simply i produce a random code on an image and store that code in the session . then i would check the code stored in the session and the code that user posted to the page .
the script worked for 6 months very well until last night . after a server upgrade or something like that i realized that when a user enters every thing as a capcha he/she can bypass the captha very well !!!!
I traced the code , and find out the "IF ($_SESSION['CODE']==$_POST['CODE']) " will always return true !! i checked the code value in the session and saw that the $_SESSION['CODE'] changes to WHAT EVER USER POSTS , and because of this that IF always returns TRUE !
before you help me with this , please remember that I don't have any piece of code in my script that changes the session value to what ever user posts and , my captcha works very well on my local machine , but on the server i have this problem
any helps appreciated
I have a captha in my site . Simply i produce a random code on an image and store that code in the session . then i would check the code stored in the session and the code that user posted to the page .
the script worked for 6 months very well until last night . after a server upgrade or something like that i realized that when a user enters every thing as a capcha he/she can bypass the captha very well !!!!
I traced the code , and find out the "IF ($_SESSION['CODE']==$_POST['CODE']) " will always return true !! i checked the code value in the session and saw that the $_SESSION['CODE'] changes to WHAT EVER USER POSTS , and because of this that IF always returns TRUE !
before you help me with this , please remember that I don't have any piece of code in my script that changes the session value to what ever user posts and , my captcha works very well on my local machine , but on the server i have this problem
any helps appreciated