PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!
Hi all, I need a little help. I have a little form with a captcha image to prevent abuse. It's not working properly. The password is generated just fine, and the captcha image is displayed just fine, but when I go to check the password against the response there is nothing in the $_SESSION["passwd"] value that I set. For readability I'll do some pseudo-code so you can see if I'm doing something obviously wrong.
// captcha.php - make a password, store it as a session variable, create and show the the captcha image
session_start();
$passwd = generate_a_password();
$_SESSION["passwd"] = $passwd;
header("Content-Type: image/jpeg");
$image = generate_captcha_image($passwd);
imagejpeg($image);
exit();
// form.php - show the captcha image and accept user input
echo "<form action=\"process.php\" method=\"post\"><img src=\"captcha.php\"><br><input type=\"text\" name=\"response\"><input type=\"button\" value=\"submit\"></form>";
// process.php - check if the response is the same as the password we generated
session_start();
if ($_GET["response"] != $_SESSION["passwd"])
{
echo "incorrect response.";
}
else
{
echo "correct response!";
}
Number 1, you need a session_start() in your form page. Number 2, your form method="post" but you are trying to access it with $_GET.
mysql_function(): WARNING: This extension is deprecated as of PHP 5.5.0, and will be removed in the future. Instead, the MySQLi or PDO_MySQLextension should be used. See also MySQL: choosing an API guide and related FAQ for more information.
St8ic wrote:Thanks! The session was fine, it was just the silly little slip-up of using GET instead of POST to retrieve the input.
Glad you got it working. I skipped over the captcha.php in the img sr that set the session var.
mysql_function(): WARNING: This extension is deprecated as of PHP 5.5.0, and will be removed in the future. Instead, the MySQLi or PDO_MySQLextension should be used. See also MySQL: choosing an API guide and related FAQ for more information.