Page 1 of 1

help understanding captcha mechanism here please!

Posted: Fri Jul 25, 2008 6:49 am
by php77
Hi,
I have obtained a captcha from http://www.captcha.ru/en/, which is very simple to use, but as I am a beginer in php, I can not understand some mechanisms there. I explaine this captcha system and ask my questions:

[img = image, system = this captcha generator system]

it has 3 main files:
kcaptcha_config.php
kcaptcha.php //containing the captcha class, to instantiate and obtain the captcha img from
index.php //a)captcha class is instantiated here,
//b) serves as the system boundary: the img is obtain from the captcha object, and is passed to the request, via a session variable.

Suppose we want to obtain an img in one form on our site. We simply add this line to our code:

Code: Select all

<img src="./?<?php echo session_name()?>=<?php echo session_id()?>">
Which is an obvious call to the index.php of the system, and passing the session name and id. So far so good. Here it is the actual code of the
index.php:

Code: Select all

 
//include and other things here
 
if(isset($_REQUEST[session_name()]))
{
    session_start();
}
 
$captcha = new KCAPTCHA();
 
if($_REQUEST[session_name()])
{
    $_SESSION['captcha_keystring'] = $captcha->getKeyString();      
}
 
And finally, my questions:
1) Why the check for $_REQUEST[session_name()] is there and what does it mean?
2) Whell, if isset=False, then what? session is not started, then why not die the execution?
3) Againg, before setting the session variable 'captcha_keystring', the same check, BUT, without isset, i.e. supposing isset=True! why?
4) Where the session id we passed is going to be used? (may be I simply don't understand the concept of sessions).

If you know the answers, please share them with me too ;)

thank you!

Re: help understanding captcha mechanism here please!

Posted: Fri Jul 25, 2008 12:16 pm
by ghurtado
Dont feel too bad not understanding that piece of code, I have a few years of PHP under my belt and I don't understand it all that well either. Part of the problem is surely that it looks like a pretty mediocre piece of code.

Without knowing the rest of the library, the only insight I can really give you is that, in this case, more than likely

Code: Select all

 
 if(isset($var)) == if($var)
 
Meaning the two ways of comparing it are about the same for the purposes of extracting values off a query string.

Other than that, what it is probably doing is storing the string representation of the image it shows the user so that it may compare both in the next page (when the captcha is submitted)