Ok, I've been struggling for days with this issue with my captcha system. First it always was returning false but if you refreshed the page it would log you in. Then I pinpointed where the error was occurring and simplified the code (removed the unneeded database queries and $_Sessions), and now I can't even sign in if I refresh the page after it returning false like before and the error appeared to be occurring here (before and currently):
if(strtolower($characters)==strtolower($_POST["security_code"])){
Even though the text from $characters and $_POST["security_code"] are the exact same, I always get it to return false. This is an example test.php I made to show it not working. I've tried doing stuff with sessions to fix this but I might of just not done it correctly and that's what needs to be done.
<?php
$possible = '23456789bcdfghjkmnpqrstvwxyz';
$characters = '';
$i = 0;
while($i < 8){
$characters .= substr($possible, mt_rand(0, strlen($possible)-1), 1);
$i++;
}
if(strtolower($characters)==strtolower($_POST["security_code"])){
$captcha_solved = 'true';
}else{
$captcha_solved = 'false';
}
?>
<form name="example" action="test.php" method="post">
<input name="security_code" size="10" type="text">
<input name="Login" value="Login" type="submit" value="submit">
</form>
<? echo($characters."-".$captcha_solved); ?>