I want to use a captcha generator witch works like this:
1)Save some security text in the $_SESSION variable 2)Display the captha image.
<img src="http://www.website.ro/captcha/captcha_source.php">
the captcha image is a php file which reads the $_SESSION["security_text"] and generates an image, by setting it-s header to an image:
header("Content-type:image/jpeg");
header("Content-Disposition:inline ; filename=secure.jpg");
3)compare the submited text to the one stored inside _SESSION
The problem: -I set $_SESSION["outside"]="outside"; before the image tag, but inside captcha_source.php the $_SESSION variable is empty.
-If I give it session_start() at the beginning of captcha_source.php, the session_id IS THE SAME as for the rest of the site, but _SESSION is still empty.
-If I set $_SESSION["inside"]="inside"; inside captcha_source.php, when I read SESSION outside of captcha_source.php (after the img tag), SESSION only includes ["outside"]="outside". (And inside captcha_source, session prints as inside=>inside)
-If I remove the line with img src=captcha_source.php, and set SESSION to "test" and write "test" in the form, everything works after submitting (but I don't have the image, because it wasn't included).
-If instead of including the file inside the image tag, I include it as include "/captcha/captcha_source.php" it sets the sessions ok, but I need the image, not garbage text.
So session works from page to page, but somehow not inside captcha_soruce.php. Even thow the id-s are the same, the sessions seam to be totally independent.
One hunch is that the problem is from htaccess (but the identical session id-s are strange), maybe from these lines: (the captcha folder is treated differently, but the base address should be unchanged)
RewriteCond $1 !^(index_ro|imagini|extra|fisiere|slider|tinymce|captcha)
RewriteRule ^(.*)/ index_ro.php?$1/
Maybe the identical sessions have to do with the way I read the files: remove the header from captcha_source.php and open the file www.site.ro/captcha/captcah_source.php whitch the same browser (firefox). And I see the garbage text and session id and session variables whitch I printed. Openning multiple tabs with the same site, keeps the same id.
I hope it's not to long, but it's been 2 days since I strougled with this problem. If it won't work, I'll do this with sql, but I would like to know where the problem is so it won't show up again in other circumstances.
Thank you :)
and here is a stripped code to show what hapens:
//the form part
<?php
session_start();
echo session_id(); //prints the same as on all pages
//the form was not submittted
if(!$_POST["mail_form_captcha"])
{
unset($_SESSION); //just to be sure nothing remains from older sessions
//generate form that has a field "mail_form_captcha"
[...]
//generate a random text for captcha and put it in security_text
InitCaptcha();
$_SESSION["before"]="before";
?>
<img src="<?php echo "./captcha/image.php"; ?>" />
<?php
//include "./captcha/image.php"; //if uncoment this line, everything works, but the image is included as garbage text
$_SESSION["after"]="after";
print_r($_SESSION); //this prints [security_text] => 10 [before] => before [after] => after
}
else //interpret the submission
{
print_r($_SESSION); //this is empty if session_start() is at the beginning of captcha_source.php, otherwise only contains before after and security_text
}
?>
//the captcha part
<?php
session_start(); //if included, it erases the session from the other files, otherwise it leaves it intact :-/
$_SESSION["inside"]="inside";
print_r($_SESSION); //this prints [inside] => inside
echo session_id(); //this prints the same session id as on the rest of the pages
[...]
imagettftext([...] $_SESSION["security_text"]); //this draws a blank image
[...]
header("Content-type:image/jpeg");
header("Content-Disposition:inline ; filename=secure.jpg");
imagejpeg($img);
?>
