Running into an issue with CAPTCHA and session Variable

rgf207 · April 19, 2011, 5:08pm

I have a form that generates a CAPTCHA image. The code will generate the captcha string fine and it will store it in the $_SESSION array. I have confirmed that by doing a var_dump($_SESSION).

The problem that I’m running into is that the $_SESSION[‘captcha’] variable is somehow lost in captcha.php

I can’t for the life of me figure that out. All my other session variables are intact except for $_SESSION[‘captcha’]


// Generate the Image
				$md5_hash = md5(rand(0,999));
				$security_code = substr($md5_hash, rand(1,15), $this->settings['captcha_length']);
				$_SESSION['captcha'] = $security_code;
								
				return "<img style='margin: 0 0 5px 3px; border: 1px solid #000;' id='img_captcha' src='includes/captcha.php'><br />
				<input type='text' name='captcha_verify' size='5'><br />
				<label>" . $this->fetch_phrase('captcha_verify_description') . "</label><br />";

my captcha.php file looks like this


<?php
session_start();
$security_code = $_SESSION['captcha'];
define('IN_CMS', TRUE);
$root = './../';

#################### Include Files #####################
include($root . 'includes/core.php');
include($root . 'includes/global.php');
include($root . 'includes/globalfunctions.php');
include($root . 'includes/drivers/mysql.php');
#################### Initialize CMS ####################
$cms = new cms(); 

#################### Connect to Database ####################
$cms->db = new DB($dbserver, $dbuser, $dbpass, $dbname);
$cms->db->connect_db();

#################### Get Site Settings ####################
$cms->settings = $cms->get_settings();

$randcolR = rand(100,230);
$randcolG = rand(100,230);
$randcolB = rand(100,230);

$captcha = imagecreate(200,50);

$font = $root . "includes/fonts/arial.ttf";

$backcolor = imagecolorallocate($captcha, $randcolR, $randcolG, $randcolB);

$txtcolor = imagecolorallocate($captcha, ($randcolR - 50), ($randcolG - 50), ($randcolB - 50));

for($i=1 ;$i <= strlen($security_code); $i++)
{
	$clockorcounter = rand(1,2);
	
	if ($clockorcounter == 1)
	{
		$rotangle = $cms->settings['captcha_rotate'] ? $rotangle = rand(0,45) : 0;
	}
	
	if ($clockorcounter == 2)
	{
		$rotangle = $cms->settings['captcha_roate'] ? $rotangle = rand(315,360) : 0;
	}

	imagettftext($captcha,rand(14,20),$rotangle,($i*25),30,$txtcolor,$font,substr($security_code,($i-1),1));
}


if($cms->settings['captcha_circles'])
{

	for($i=1; $i <= 4; $i++)
	{
		imageellipse($captcha,rand(1,200),rand(1,50),rand(50,100),rand(12,25),$txtcolor);
	}
	
}

// Date in the past
header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
header("Cache-Control: no-store, no-cache, must-revalidate");
header("Cache-Control: post-check=0, pre-check=0", false);
header("Pragma: no-cache");
header('Content-type: image/png');
imagepng($captcha);
imagedestroy($captcha);

StarLion · April 19, 2011, 6:55pm

well first thought is to make sure nothing in the includes or class constructor for CMS is destroying the session variable.

rgf207 · April 19, 2011, 7:09pm

That’s what I was thinking too but that’s not the case. I remove those includes and the constructor and still get the same results.