i'm trying to write a very simple CAPTCHA script. following some examples
and working a bit on the code to suit my needs, i managed to generate the
random image as desired. i have a php file with the form to be filled
(called "form.php"), and another one with the code needed to generate the
CAPTCHA image (called "captcha.php"). int the former i have a simple IMG tag
in the former file to call the latter, like this:

<img src="captcha.php">


before writing the code needed to process the entered password against the
value of the one displayed in the image, i wanted to make sure that the
script was getting the correct value. "captcha.php", after randomly
generating the password, puts its value into a session var using the
following instruction:

$_SESSION["passcheck"] = $pass;

i put the following line at the end of "form.php", to check if the value was
passed correctly:


print "VAR VALUE: ".$_SESSION["passcheck"];

here comes the problem: the script always displays the *former* value of the
variable, not the current one. for example, if the first time i run the
script the image displays, say, "AAAAA", the bottom line displays "VAR
VALUE: " with an empty string after it.
i have to reload the page to see "VAR VALUE: AAAAA", but of course in the
meantime the image has changed to, say "BBBBB". i am sure it's a very silly
thing, but right now i just can't manage to untie the knot. anybody wants to
point out how stupid i am by giving me some advice? :)

thanks a lot.

swann

"Swann" <nomailatall9182374614 [at] hotmail.com> wrote in message
news:f02ctg$7sd$1 [at] tdi.cu.mi.it...
>
> i'm trying to write a very simple CAPTCHA script. following some examples
> and working a bit on the code to suit my needs, i managed to generate the
> random image as desired. i have a php file with the form to be filled
> (called "form.php"), and another one with the code needed to generate the
> CAPTCHA image (called "captcha.php"). int the former i have a simple IMG
tag
> in the former file to call the latter, like this:
>
> <img src="captcha.php">
>
>
> before writing the code needed to process the entered password against the
> value of the one displayed in the image, i wanted to make sure that the
> script was getting the correct value. "captcha.php", after randomly
> generating the password, puts its value into a session var using the
> following instruction:
>
> $_SESSION["passcheck"] = $pass;
>
> i put the following line at the end of "form.php", to check if the value
was
> passed correctly:
>
>
> print "VAR VALUE: ".$_SESSION["passcheck"];
>
> here comes the problem: the script always displays the *former* value of
the
> variable, not the current one. for example, if the first time i run the
> script the image displays, say, "AAAAA", the bottom line displays "VAR
> VALUE: " with an empty string after it.
> i have to reload the page to see "VAR VALUE: AAAAA", but of course in the
> meantime the image has changed to, say "BBBBB". i am sure it's a very
silly
> thing, but right now i just can't manage to untie the knot. anybody wants
to
> point out how stupid i am by giving me some advice? :)
>
> thanks a lot.
>
> swann
>
>

I'll see if if I can demonstate how stupid I can be by attempting to answer
your question ;)
After you generate your password try the following;
$_SESSION["passcheck"] = $pass;
$GLOBALS["passcheck"]=&$_SESSION["passcheck"];
HTH
Vince

"Swann" <nomailatall9182374614 [at] hotmail.com> wrote in message
news:f02ctg$7sd$1 [at] tdi.cu.mi.it...
|
| i'm trying to write a very simple CAPTCHA script. following some examples
| and working a bit on the code to suit my needs, i managed to generate the
| random image as desired. i have a php file with the form to be filled
| (called "form.php"), and another one with the code needed to generate the
| CAPTCHA image (called "captcha.php"). int the former i have a simple IMG
tag
| in the former file to call the latter, like this:
|
| <img src="captcha.php">
|
|
| before writing the code needed to process the entered password against the
| value of the one displayed in the image, i wanted to make sure that the
| script was getting the correct value. "captcha.php", after randomly
| generating the password, puts its value into a session var using the
| following instruction:
|
| $_SESSION["passcheck"] = $pass;
|
| i put the following line at the end of "form.php", to check if the value
was
| passed correctly:
|
|
| print "VAR VALUE: ".$_SESSION["passcheck"];
|
| here comes the problem: the script always displays the *former* value of
the
| variable, not the current one. for example, if the first time i run the
| script the image displays, say, "AAAAA", the bottom line displays "VAR
| VALUE: " with an empty string after it.
| i have to reload the page to see "VAR VALUE: AAAAA", but of course in the
| meantime the image has changed to, say "BBBBB". i am sure it's a very
silly
| thing, but right now i just can't manage to untie the knot. anybody wants
to
| point out how stupid i am by giving me some advice? :)
|
| thanks a lot.

ahhh...a man who knows 'a lot'...excellent!

look, if it's any use to you, here's a singleton class i have that stores
configuration information for a site...including storing a current security
code whilst being able to validate with the previously seen security code.
also, see the user class that follows the site class. it handles basic
validation using the security code. you'll have to forgive the text-wrapping
and the references to dealerships (it's a carfax thing:)

in the end, these classes allow you to include a couple of lines of code to
enable security:

user::initialize($_REQUEST['logIn'], $_POST['passwd'],
$_POST['securityCode']);
// take action here if !user::$isValid ... i.e. a 'not authorized' message,
then exit.

hth...

<?
class site
{
public static $adminEmail = '';
public static $classDirectory = '';
public static $cssDirectory = '';
public static $currentPage = '';
public static $description = '';
public static $errorLogFile = '';
public static $fontDirectory = '';
public static $homePage = '';
public static $host = '';
public static $htdocsDirectory = '';
public static $imagesDirectory = '';
public static $includeDirectory = '';
public static $jscriptDirectory = '';
public static $lastSecurityCode = '';
public static $logo = '';
public static $mailDropDirectory = '';
public static $popUpAttributes = '';
public static $rootDirectory = '';
public static $securityCode = '';
public static $title = '';
public static $uploadBaseDirectory = '';
public static $uri = '';

private function __clone(){}

private function __construct(){}

private static function getSecurityCode()
{
$alphabet = '2347ACEFHJKLMNPRTWXYZ'; // removed 0, 1, I, O, Q,
D, 8, 9, B, 5, S, 6, G, U, V - look too similar
$alphabetLength = strlen($alphabet) - 1;
self::$securityCode = '';
for ($i = 0; $i < 6; $i++)
{
self::$securityCode .= $alphabet[mt_rand(0, $alphabetLength)];
}
$_SESSION['securityCode'] = self::$securityCode;
if (!self::$lastSecurityCode){ self::$lastSecurityCode =
self::$securityCode; }
}

public static function initialize()
{
self::$lastSecurityCode = $_SESSION['securityCode'];
self::getSecurityCode();
}
}
?>

<?
require_once 'relative.path.php';
require_once $relativePath . 'site.cfg.php';
// the above defines the site class static vars
// and connects an abstract db class with a db...
// see db::execute($sql) references.
class user
{
public static $id = 0;
public static $firstName = '';
public static $middleName = '';
public static $lastName = '';
public static $logIn = '';
public static $password = '';
public static $passport = '';
public static $email = '';
public static $expired = false;
public static $dealership = 0;
public static $region = 0;
public static $dealerships = array();
public static $regions = array();
public static $isValid = false;
public static $invalidUser = true;
public static $invalidSecurityCode = true;
public static $validated = false;
public static $isAdministrator = false;
public static $isDealershipManager = false;
public static $isRegionalManager = false;
public static $isNationalManager = false;
public static $staticDealership = true;
public static $reportAccess = array();

private function __clone(){}

private function __construct(){}

public static function reset()
{
self::$firstName = '';
self::$middleName = '';
self::$lastName = '';
self::$logIn = '';
self::$password = '';
self::$passport = '';
self::$email = '';
self::$expired = false;
self::$dealership = 0;
self::$region = 0;
self::$dealerships = array();
self::$regions = array();
self::$isValid = false;
self::$invalidUser = true;
self::$invalidSecurityCode = true;
self::$validated = false;
self::$isAdministrator = false;
self::$isDealershipManager = false;
self::$isRegionalManager = false;
self::$isNationalManager = false;
self::$staticDealership = true;
self::$reportAccess = array();
$_SESSION['logIn'] = '';
$_SESSION['password'] = '';
$_SESSION['validated'] = '';
}

public static function initialize($logIn = '', $password = '',
$securityCode = '', $dealership = '')
{
$password = $password ? $password : $_SESSION['password'];
self::$logIn = $logIn ? $logIn : $_SESSION['logIn'];
self::$password = $_SESSION['password'];
self::$validated = $_SESSION['validated'];
$securityCode = strtoupper(!self::$validated ? $securityCode :
site::$lastSecurityCode);
$sql = "
SELECT Id ,
FirstName ,
MiddleName ,
LastName ,
Password ,
UserName ,
Email ,
Expired ,
Passport
FROM people
WHERE UserName = '" . user::$logIn . "'
OR Email = '" . user::$logIn . "'
";
unset($records);
$records = db::execute($sql);

self::$id = $records[0]['ID'];
self::$firstName = $records[0]['FIRSTNAME'];
self::$middleName = $records[0]['MIDDLENAME'];
self::$lastName = $records[0]['LASTNAME'];
self::$logIn = $records[0]['USERNAME'];
self::$passport = $records[0]['PASSPORT'];
self::$password = $records[0]['PASSWORD'];
self::$invalidUser = count($records) ? false : true;
self::$invalidSecurityCode = $securityCode == site::$lastSecurityCode ?
false : true;
self::$isValid = !self::$invalidUser &&
$password == self::$password &&
!self::$invalidSecurityCode;
self::$expired = $records[0]['EXPIRED'];
self::$email = $records[0]['EMAIL'];
self::$validated = self::$isValid;
if (!self::$isValid){ return; }
$records = getSetting(self::$logIn, 'DEFAULT
DEALERSHIP');
self::$dealership = $records[0]['LABEL'];
self::$region = getRegion(self::$dealership);
self::$isAdministrator = getSetting(self::$logIn, 'SECURITY [
AUTHORIZATION ]', 'ADMINISTRATOR') ? true : false;
self::$isDealershipManager = getSetting(self::$logIn, 'SECURITY [
AUTHORIZATION ]', 'DEALERSHIP') ? true : false;
self::$isRegionalManager = getSetting(self::$logIn, 'SECURITY [
AUTHORIZATION ]', 'REGIONAL') ? true : false;
self::$isNationalManager = getSetting(self::$logIn, 'SECURITY [
AUTHORIZATION ]', 'NATIONAL') ? true : false;
self::$dealerships = array(self::$dealership =>
getDealerName(self::$dealership));
self::$regions = array(self::$region =>
getRegionName(self::$region));
if (self::$isAdministrator || self::$isRegionalManager)
{
self::$dealerships = array();
$records = getDealersInRegion(self::$region);
foreach ($records as $dealer => $name)
{
self::$dealerships[$dealer] = $name;
}
}
if (self::$isAdministrator || self::$isNationalManager)
{
self::$dealerships = array();
self::$regions = array();
$records = getCertifiedDealers(true);
foreach ($records as $dealerId => $name)
{
self::$dealerships[$dealerId] = strtoupper($name);
}
$records = getRegions();
foreach ($records as $region => $name)
{
self::$regions[$region] = strtoupper($name);
}
}
self::$staticDealership = !(
self::$isAdministrator ||
self::$isNationalManager ||
self::$isRegionalManager
);
$reports = array(
'DEALER MANAGEMENT REPORT' ,
'EXECUTIVE SUMMARY' ,
'EXECUTIVE SUMMARY [ REGIONAL ]' ,
'ESTIMATE METRICS SUMMARY' ,
'ESTIMATE METRICS BREAK-OUT' ,
'RO VS. ESTIMATE ANALYSIS' ,
'RO VS. ESTIMATE SUMMARY' ,
'RO VS. ESTIMATE BREAK-OUT'
);
self::$reportAccess = array();
foreach ($reports as $report)
{
self::$reportAccess[$report] = getSetting(self::$logIn, 'REPORT
ACCESS', $report) ? true : false;
}
$_SESSION['logIn'] = self::$logIn;
$_SESSION['password'] = self::$password;
$_SESSION['validated'] = self::$validated;
if ($dealership)
{
$dealerships = array_keys(user::$dealerships);
if (in_array($dealership, $dealerships))
{
deleteSetting(user::$logIn, 'DEFAULT DEALERSHIP');
saveSetting( user::$logIn, 'DEFAULT DEALERSHIP', $dealership,
getDealerName($dealership) . ' - ' . $dealership);
self::initialize(user::$logIn, user::$password);
}
}
}
}
?>

"Steve" <no.one [at] example.com> wrote in message
news:iygVh.555$gb1.418 [at] newsfe02.lga...
You do realize that I will steal it and modify it for my own use don't you?
Very nicely done. No wonder you hate sloppy stuff .
By the way, it's obviously enumerations now that I think about it ;)
Vince

"Vince Morgan" <vinhar [at] REMOVEoptusnet.com.au> wrote in message
news:4625e8ee$0$22073$afc38c87 [at] news.optusnet.com.au...
|
| "Steve" <no.one [at] example.com> wrote in message
| news:iygVh.555$gb1.418 [at] newsfe02.lga...
| You do realize that I will steal it and modify it for my own use don't
you?
| Very nicely done. No wonder you hate sloppy stuff .
| By the way, it's obviously enumerations now that I think about it ;)
| Vince

vince,

i posted a slew of code about a week ago that had this and a bunch of other
stuff that are the backbone for any site you'd like to launch. use this as
you will :)

thanks for the kudos. i only hate sloppy stuff if it is clear the author
knows better or sloughs off advice about how to write manageable code.
what's sad is that most are just doing what their 'beginning php' books told
them or what is perpetuated in examples on the net.

what are you wondering about enumerations?

"Steve" <no.one [at] example.com> wrote in message
news:ajoVh.2901$Bg.472 [at] newsfe12.lga...
> what are you wondering about enumerations?
>
>
I asked a q in another group, originaly about array pointers in php, but
then about the underlying implementation of php arrays. you said it was
obviously enums, and it just occured to me today that it certainly would be.
Vince

"Vince Morgan" <vinhar [at] REMOVEoptusnet.com.au> wrote in message
news:462612e2$0$22073$afc38c87 [at] news.optusnet.com.au...
|
| "Steve" <no.one [at] example.com> wrote in message
| news:ajoVh.2901$Bg.472 [at] newsfe12.lga...
| > what are you wondering about enumerations?
| >
| >
| I asked a q in another group, originaly about array pointers in php, but
| then about the underlying implementation of php arrays. you said it was
| obviously enums, and it just occured to me today that it certainly would
be.
| Vince

sorry vinnie, my memory sucks. i figured you were doing a 'callback' to a
previous post...i just didn't remember.

i have every confidence in the world that php is going to be a breeze for
you. don't sweat the learning process.

cheers.

"Steve" <no.one [at] example.com> wrote in message
news:T7pVh.11$wy6.6 [at] newsfe06.lga...
>
> "Vince Morgan" <vinhar [at] REMOVEoptusnet.com.au> wrote in message
> news:462612e2$0$22073$afc38c87 [at] news.optusnet.com.au...
> |
> | "Steve" <no.one [at] example.com> wrote in message
> | news:ajoVh.2901$Bg.472 [at] newsfe12.lga...
> | > what are you wondering about enumerations?
> | >
> | >
> | I asked a q in another group, originaly about array pointers in php, but
> | then about the underlying implementation of php arrays. you said it was
> | obviously enums, and it just occured to me today that it certainly would
> be.
> | Vince
>
> sorry vinnie, my memory sucks. i figured you were doing a 'callback' to a
> previous post...i just didn't remember.
>
> i have every confidence in the world that php is going to be a breeze for
> you. don't sweat the learning process.
>
> cheers.
>
>
Thanks Steve, very kind of you :) I have to say, I've never much had time
for scripting languages in the past, but i've found php's performance
excellent and it's very intuitive, wish I'd learned it years ago.