I have a MVC app and I used composer to install securimage.
The directory layout is like so:
app/
composer.json
composer.lock
vendor/
...
dahpp/securimage (with securimage.php, securimage_show.php, etc).
public_html/
.htaccess
index.php (routing, bootstrapping, etc.)
templates/
contact.php
Nothing under app is publicly available. Since securimage_show.php is not accessible, I'm trying to put the captcha generation code in the contact.php template itself.
So in that template, I have this:
<?php
session_start();
$securimage = new Securimage(array('send_headers' => false));
?>
later in the HTML...
<img id="captcha" src="<?= $securimage->show() ?>" alt="CAPTCHA Image" />
The problem is when I do this, I get a bunch of question mark gibberish (?�), like there's an encoding issue or something. If I set send_headers to true, I get an error: "Failed to generate captcha image, content has already been output. This is most likely due to misconfiguration or a PHP error was sent to the browser."
Using getCaptchaHtml() doesn't work, either. The image path that it tries to generate goes appends the absolute path on the machine to the host (http://www.example.com/var/www/app/vendor/dahpp/securimage).
What does work is a symlink in the public_html directory to the protected app directory. In other words, if I create a symlink called securimage_show.php and point it to the real file under app/vendor/dahpp/securimage, and set the img source to it:
<img id="captcha" src="securimage_show.php" alt="CAPTCHA Image" />
However, this doesn't seem as clean as using the official methods available. Is there a setting I'm missing somewhere or am I stuck using the symlink approach?