I have created a admin page that allows the admins to check a database and make some changes to it if needed. I have put in a captcha function and am having trouble figuring out why it will not validate. I know I am entereing in the 6 character string correctly but it doesnt see it that way. Could someone look this code over and see if you cant figure out where I am going wrong, because I have been looking for 3 days and cant figure it out. Any help here is greatly appreciated.
Code: Select all
<?
$action=(isset($_GET['action']) ? $_GET['action'] : 'start');
if($action == 'admin' || isset($_GET['captcha'])){
session_name("tlssutlsa");
session_set_cookie_params(900);
} else {
session_name("tlssutls");
session_set_cookie_params(604800);
}
session_start();
function makeRandomString($length){
$chars="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvqwxyz0123456789";
$ret = "";
for($i=0; $i<$length; $i++) {
$r = rand(0,(strlen($chars)-1));
$ret .= $chars[$r];
}
return $ret;
}
if(isset($_GET['captcha'])){
$_SESSION['captcha']='';
$textstr=makeRandomString(6);
$_SESSION['captcha']=md5('tls'.strtolower($textstr).'cpt');
for($i=0; $i < 6; $i++)
$str[$i]=substr($textstr, $i, 1);
$textstr="";
$font = "STENCIL.TTF";
$im = ImageCreateTrueColor(200,50);
for($i=0; $i < 6; $i++){
$size[$i] = rand(20, 27);
$angle[$i] = rand(-45, 45);
$color[$i] = ImageColorAllocate($im, rand(20, 45), rand(20, 45), rand(20, 45));
}
$color[6] = ImageColorAllocateAlpha($im, rand(0, 255), rand(0, 255), rand(0, 255), 87);
$color[7] = ImageColorAllocateAlpha($im, rand(0, 255), rand(0, 255), rand(0, 255), 87);
$color[8] = ImageColorAllocateAlpha($im, rand(0, 255), rand(0, 255), rand(0, 255), 87);
$color[9] = ImageColorAllocateAlpha($im, rand(0, 255), rand(0, 255), rand(0, 255), 87);
$color[10] = ImageColorAllocateAlpha($im, rand(0, 255), rand(0, 255), rand(0, 255), 87);
$color[11] = ImageColorAllocateAlpha($im, rand(0, 255), rand(0, 255), rand(0, 255), 87);
$color[12] = ImageColorAllocateAlpha($im, rand(0, 255), rand(0, 255), rand(0, 255), 30);
$color[13] = ImageColorAllocateAlpha($im, rand(0, 255), rand(0, 255), rand(0, 255), 30);
$color[14] = ImageColorAllocateAlpha($im, rand(0, 255), rand(0, 255), rand(0, 255), 87);
$color[15] = ImageColorAllocateAlpha($im, rand(0, 255), rand(0, 255), rand(0, 255), 87);
$color[16] = ImageColorAllocateAlpha($im, rand(0, 255), rand(0, 255), rand(0, 255), 87);
$bg = ImageColorAllocate($im, 255, 255, 255);
$textsize = imagettfbbox($size[0], $angle[0], $font, $str[0]);
$twidth = abs($textsize[2]-$textsize[0]);
$theight = abs($textsize[5]-$textsize[3]);
$x = (imagesx($im)/2)-($twidth/2)+(rand(-20, 20))-52;
$y = (imagesy($im))-($theight/2);
ImageFilledRectangle($im, 0, 0, 200, 50, $bg);
ImageFilledEllipse($im, rand(20,80), rand(20,40), rand(40, 80), rand(40, 80), $color[14]);
ImageFilledEllipse($im, rand(85,125), rand(20,40), rand(40, 80), rand(40, 80), $color[15]);
ImageFilledEllipse($im, rand(130,190), rand(20,40), rand(40, 80), rand(40, 80), $color[16]);
for($i=0; $i < 6; $i++)
ImageTTFText($im, $size[$i], $angle[$i], $x+($i*25), $y, $color[$i], $font, $str[$i]);
ImageFilledEllipse($im, rand(20,50), rand(20,40), rand(40, 80), rand(40, 80), $color[6]);
ImageFilledEllipse($im, rand(55,85), rand(20,40), rand(40, 80), rand(40, 80), $color[7]);
ImageFilledEllipse($im, rand(90,120), rand(20,40), rand(40, 80), rand(40, 80), $color[8]);
ImageFilledEllipse($im, rand(125,155), rand(20,40), rand(40, 80), rand(40, 80), $color[9]);
ImageFilledEllipse($im, rand(160,190), rand(20,40), rand(40, 80), rand(40, 80), $color[10]);
ImageFilledEllipse($im, rand(0,20), rand(20,40), rand(40, 80), rand(40, 80), $color[11]);
ImageLine($im, rand(0,90) , rand(0,40) , rand(110,200) , rand(-40,90) , $color[12] );
ImageLine($im, rand(0,90) , rand(-40,90) , rand(110,200) , rand(0,40) , $color[13] );
for($i=0; $i < 6; $i++)
$str[$i]="";
header("Content-Type: image/png");
ImagePNG($im);
imagedestroy($im);
die('<a href="signup.php?action=admin&'.htmlspecialchars(SID).'">Admin</a>');
}
case 'admin':
if(isset($_GET['sa']) && $_GET['sa'] == 'dologin')
$_SESSION['ecaptcha']=md5('tls'.$_POST['tlscaptcha'].'cpt');
if(!isset($_GET['sa']) || ((!isset($_SESSION['time']) || !isset($_SESSION['captcha']) || !isset($_SESSION['ecaptcha']) || !isset($_SESSION['hash']) || $_SESSION['hash'] != md5($_SESSION['time'].'laststand123'.SID) || $_SESSION['time']+1800 < time() || $_SESSION['captcha'] != $_SESSION['ecaptcha']) && $_GET['sa'] != 'dologin') || $_GET['sa'] == 'login'){
$_SESSION['hash']='';
$_SESSION['time']='';
$_SESSION['captcha']='';
$_SESSION['ecaptcha']='';
$sa='login';
} else
$sa=$_GET['sa'];
switch ($sa){
case 'login':
echo 'Your session has expired or you have not logged in yet<br>Please enter the admin password and captcha below<br><br>
<form action="signup.php?action=admin&sa=dologin&'.htmlspecialchars(SID).'" method="post"><input type="password" name="tlspwd"><br>
<img src="signup.php?captcha"><br><input type="text" name="tlscaptcha"><br>
<input type="submit" value="Login"></form>';
break;
case 'dologin':
echo '<script>
function showSp(num){
document.getElementById(\'sp\'+num).style.display="inline";
}
</script>
Starting session...';
$_SESSION['ecaptcha']=md5('tls'.strtolower($_POST['tlscaptcha']).'cpt');
$_SESSION['time']=time();
echo '<span style="display:none" id="sp1">done<br>Validating password...</span><script>setTimeout(\'showSp(1)\',500);</script>';
if($_POST['tlspwd'] != '***********){
echo '<span style="display:none" id="sp2">failed<br><a href="signup.php?action=admin&'.htmlspecialchars(SID).'">Please try again</a></span><script>setTimeout(\'showSp(2)\',1000);</script>';
die('<br><br><a href="signup.php?action=admin&'.htmlspecialchars(SID).'">Admin</a>');
} else
echo '<span style="display:none" id="sp2">done<br>Validating captcha...</span><script>setTimeout(\'showSp(2)\',1000);</script>';
if($_SESSION['captcha'] != $_SESSION['ecaptcha']){
echo '<span style="display:none" id="sp3">failed<br><a href="signup.php?action=admin&'.htmlspecialchars(SID).'">Please try again</a></span><script>setTimeout(\'showSp(3)\',1500);</script>';
die('<br><br><a href="signup.php?action=admin&'.htmlspecialchars(SID).'">Admin</a>');
} else
echo '<span style="display:none" id="sp3">done<br>Generating auth string...</span><script>setTimeout(\'showSp(3)\',1500);</script>';
$_SESSION['hash']=md5($_SESSION['time'].'laststand123'.SID);
echo '<span style="display:none" id="sp4">done<br>Login successful<br>
<a href="signup.php?action=admin&sa=menu&'.htmlspecialchars(SID).'">Click here to continue</a></span><script>setTimeout(\'showSp(4)\',2000);</script>';
break;
~pickle | Please use [ code=html ], [ code=php ], etc tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read: