Posted by purcaholic on 06/09/07 12:33

On 9 Jun., 14:12, "Jon Slaughter" <Jon_Slaugh...@Hotmail.com> wrote:
> "purcaholic" <purcaho...@googlemail.com> wrote in message
>
> news:1181378316.216673.314310@p77g2000hsh.googlegroups.com...
>
>
>
>
>
> > On 8 Jun., 23:57, "Jon Slaughter" <Jon_Slaugh...@Hotmail.com> wrote:
> >> I have a captcha system going and for some reason when I use
>
> >> <?php
>
> >> $s = "";
> >> for($i = 0; $i < 10; $i++) { $s = $s.rand(0,9); }
> >> $_SESSION['CaptchaValue'] = $s;
> >> $fn = '/Login/Register/Captcha.php';
> >> echo '<img src="'.$fn.'" alt="Captcha" />';
> >> ?>
>
> >> and Captcha.php uses require_once or include to include some classes that
> >> I
> >> use to generate the captcha then it fails(usually get alt showed). But
> >> when
> >> I include the classes directly inside the file it works ;/
> > Needed classes or other files must be included inside Catpcha.php.
> > First, the client will get an output including 10 html image tags.
> > After then, the client sends new requests, to get and display the
> > images. Therefore you must include them inside Captcha.php
>
> huh? But require/include should do this? I shouldn't have to manually copy
> the classes into the php directly but should be able to use require/include
> in any php to include data? The client has nothing to do with this as it
> doesn't see php.
>
> >> This is very strange behavior? It really shouldn't matter if I do that,
> >> right? And it is also a security issue because then if they can read the
> >> php
> >> I they can get how I generate them.
> > Normally it's not possible to "read" PHP files. PHP code will
> > outputted by the Webserver if you use show_code() or if the Webserver
> > doesn't know what to to with files having .php format.
> > An approved way is to source out included files like classes, helper,
> > etc. outside the web directory. Then, nobody can require these files
> > directy by using a request.
>
> Yes, but what I'm worrieda bout is security. Same reason not to include
> password in php files. But as you said... an "approved way" is to source out
> include files... yet I cannot do this because when I use require_once it
> then doesn't work..
>
> I don't think you fully understand the issue.
>
> Say I have the captcha.php used for the image
>
> //------------------- CASE 1
>
> // class.php
> <?php
> class CaptchaMods()
> {
> function modifyimage($img)
> {
> //.........
> }}
>
> ?>
>
> // some php file
> <?php
>
> header("content-type: image/png");
>
> //*****************
> require_once('class.php);
>
> $c = new CaptchaMods();
> $img = imagecreate(100,100);
> $img = $c->modifyimage($img);
> imagepng($img);
> imagedestroy($img);
> ?>php
>
> The above doesn't work, but this does
>
> //------------------- CASE 2
>
> // some php file
> <?php
>
> header("content-type: image/png");
>
> //*****************
> class CaptchaMods()
> {
> function modifyimage($img)
> {
> //.........
> }
>
> }
>
> $c = new CaptchaMods();
> $img = imagecreate(100,100);
> $img = $c->modifyimage($img);
> imagepng($img);
> imagedestroy($img);
> ?>php
>
> --------------
>
> In CASE 2 all I did was copy and paste the class where the require was...
> and now it works(well, this is just test code that might not work but is the
> idea). This is essentially what require is suppose to do anyways? Only thing
> I can think of is that require isn't working but when debugging I was able
> to step through the class. Maybe for some reason its not so I'll have to
> play around with it to see.
>
> Thanks,
> Jon- Zitierten Text ausblenden -
>
> - Zitierten Text anzeigen -

Either the include path, where youre class besides, isn't in php
include_path setting, or included file has an white space, which will
be also send to the client. Check your'e captcha class for white space
characters before "<?php" or after ">?".

You wrote, that you could step to the class while debugging, therefore
i suppose an additional send character after header("content-type:
image/png"); causes the issue.


purcaholic

[Back to original message]