|
|
Posted by purcaholic on 06/09/07 08:38
On 8 Jun., 23:57, "Jon Slaughter" <Jon_Slaugh...@Hotmail.com> wrote:
> I have a captcha system going and for some reason when I use
>
> <?php
>
> $s = "";
> for($i = 0; $i < 10; $i++) { $s = $s.rand(0,9); }
> $_SESSION['CaptchaValue'] = $s;
> $fn = '/Login/Register/Captcha.php';
> echo '<img src="'.$fn.'" alt="Captcha" />';
> ?>
>
> and Captcha.php uses require_once or include to include some classes that I
> use to generate the captcha then it fails(usually get alt showed). But when
> I include the classes directly inside the file it works ;/
Needed classes or other files must be included inside Catpcha.php.
First, the client will get an output including 10 html image tags.
After then, the client sends new requests, to get and display the
images. Therefore you must include them inside Captcha.php
> This is very strange behavior? It really shouldn't matter if I do that,
> right? And it is also a security issue because then if they can read the php
> I they can get how I generate them.
Normally it's not possible to "read" PHP files. PHP code will
outputted by the Webserver if you use show_code() or if the Webserver
doesn't know what to to with files having .php format.
An approved way is to source out included files like classes, helper,
etc. outside the web directory. Then, nobody can require these files
directy by using a request.
> What I can I do?
>
> captcha.php
>
> <?php
>
> // Captcha classes inserted here but removed for brevity
>
> header("Content-type: image/png");
> session_start();
>
> $f = $_SERVER['DOCUMENT_ROOT'].'/Login/Register/';
> //require_once($f.'Captcha.php');
>
> $c = new Captcha();
>
> $c->Fonts->Add($f."1.TTF", 0.23, 15, 2, 5, 0, 10, 20);
> $c->Fonts->Add($f."2.TTF", 0.5, 15, 2, 5, 0, 10, 20);
> $c->Fonts->Add($f."3.TTF", 0.27, 18, 2, 5, 0, 10, 20);
> $c->Fonts->Add($f."4.TTF", 0.27, 18, 2, 5, 0, 10, 20);
>
> $s = $_SESSION['CaptchaValue'];
> $img = $c->Create($s);
>
> imagepng($img);
> imagedestroy($img);
>
> ?>
>
> Now I know the require is working or atleast when I debug I can step through
> the classes so I'm sure its including it but it acts almost as if I'm not
> including it(except I don't get any errors about it).
>
> What ends up happening is either I get the alt showed or I get something
> where its like the image is missing(but you get the border for with the X
> icon).
>
> Any ideas?
>
> Thanks,
> Jon
purcaholic
Navigation:
[Reply to this message]
|