|
|
Posted by Jon Slaughter on 06/09/07 12:12
"purcaholic" <purcaholic@googlemail.com> wrote in message
news:1181378316.216673.314310@p77g2000hsh.googlegroups.com...
> On 8 Jun., 23:57, "Jon Slaughter" <Jon_Slaugh...@Hotmail.com> wrote:
>> I have a captcha system going and for some reason when I use
>>
>> <?php
>>
>> $s = "";
>> for($i = 0; $i < 10; $i++) { $s = $s.rand(0,9); }
>> $_SESSION['CaptchaValue'] = $s;
>> $fn = '/Login/Register/Captcha.php';
>> echo '<img src="'.$fn.'" alt="Captcha" />';
>> ?>
>>
>> and Captcha.php uses require_once or include to include some classes that
>> I
>> use to generate the captcha then it fails(usually get alt showed). But
>> when
>> I include the classes directly inside the file it works ;/
> Needed classes or other files must be included inside Catpcha.php.
> First, the client will get an output including 10 html image tags.
> After then, the client sends new requests, to get and display the
> images. Therefore you must include them inside Captcha.php
>
huh? But require/include should do this? I shouldn't have to manually copy
the classes into the php directly but should be able to use require/include
in any php to include data? The client has nothing to do with this as it
doesn't see php.
>> This is very strange behavior? It really shouldn't matter if I do that,
>> right? And it is also a security issue because then if they can read the
>> php
>> I they can get how I generate them.
> Normally it's not possible to "read" PHP files. PHP code will
> outputted by the Webserver if you use show_code() or if the Webserver
> doesn't know what to to with files having .php format.
> An approved way is to source out included files like classes, helper,
> etc. outside the web directory. Then, nobody can require these files
> directy by using a request.
>
Yes, but what I'm worrieda bout is security. Same reason not to include
password in php files. But as you said... an "approved way" is to source out
include files... yet I cannot do this because when I use require_once it
then doesn't work..
I don't think you fully understand the issue.
Say I have the captcha.php used for the image
//------------------- CASE 1
// class.php
<?php
class CaptchaMods()
{
function modifyimage($img)
{
//.........
}
}
?>
// some php file
<?php
header("content-type: image/png");
//*****************
require_once('class.php);
$c = new CaptchaMods();
$img = imagecreate(100,100);
$img = $c->modifyimage($img);
imagepng($img);
imagedestroy($img);
?>php
The above doesn't work, but this does
//------------------- CASE 2
// some php file
<?php
header("content-type: image/png");
//*****************
class CaptchaMods()
{
function modifyimage($img)
{
//.........
}
}
$c = new CaptchaMods();
$img = imagecreate(100,100);
$img = $c->modifyimage($img);
imagepng($img);
imagedestroy($img);
?>php
--------------
In CASE 2 all I did was copy and paste the class where the require was...
and now it works(well, this is just test code that might not work but is the
idea). This is essentially what require is suppose to do anyways? Only thing
I can think of is that require isn't working but when debugging I was able
to step through the class. Maybe for some reason its not so I'll have to
play around with it to see.
Thanks,
Jon
Navigation:
[Reply to this message]
|