Page 1 of 1

Session variables not working for CAPTCHA function?

Posted: Thu Feb 25, 2010 11:13 am
by St8ic
Hi all, I need a little help. I have a little form with a captcha image to prevent abuse. It's not working properly. The password is generated just fine, and the captcha image is displayed just fine, but when I go to check the password against the response there is nothing in the $_SESSION["passwd"] value that I set. For readability I'll do some pseudo-code so you can see if I'm doing something obviously wrong.

Code: Select all

 
// captcha.php - make a password, store it as a session variable, create and show the the captcha image
 
session_start();
$passwd = generate_a_password();
$_SESSION["passwd"] = $passwd;
 
header("Content-Type: image/jpeg");
$image = generate_captcha_image($passwd);
imagejpeg($image);
exit();
 

Code: Select all

 
// form.php - show the captcha image and accept user input
 
echo "<form action=\"process.php\" method=\"post\"><img src=\"captcha.php\"><br><input type=\"text\" name=\"response\"><input type=\"button\" value=\"submit\"></form>";
 

Code: Select all

 
// process.php - check if the response is the same as the password we generated
 
session_start();
 
if ($_GET["response"] != $_SESSION["passwd"])
{
echo "incorrect response.";
}
else
{
echo "correct response!";
}
 

Re: Session variables not working for CAPTCHA function?

Posted: Thu Feb 25, 2010 11:43 am
by AbraCadaver
Number 1, you need a session_start() in your form page. Number 2, your form method="post" but you are trying to access it with $_GET.

Re: Session variables not working for CAPTCHA function?

Posted: Thu Feb 25, 2010 12:05 pm
by St8ic
Thanks! The session was fine, it was just the silly little slip-up of using GET instead of POST to retrieve the input.

Re: Session variables not working for CAPTCHA function?

Posted: Thu Feb 25, 2010 12:21 pm
by AbraCadaver
St8ic wrote:Thanks! The session was fine, it was just the silly little slip-up of using GET instead of POST to retrieve the input.
Glad you got it working. I skipped over the captcha.php in the img sr that set the session var.