topic Re: Problems using CaptchaSecurityImages since PN PHP upgrade in Tech Help - Software/Hardware etc

Problems using CaptchaSecurityImages since PN PHP upgrade

netman — Sun, 04 Apr 2010 14:11:30 GMT

Does anyone know how I can use CaptchaSecurityImages on my sumit forms as they were working before PN PHP upgrade and now they don't.
Where the page should display the security image I just get a red cross. Tried every trick that I know and now have run out of options.
Can anyone help please?
Netman

Re: Problems using CaptchaSecurityImages since PN PHP upgrade

Gabe — Sun, 04 Apr 2010 15:11:56 GMT

The image is showing. Have you flushed your browser cache?
Gabe

Re: Problems using CaptchaSecurityImages since PN PHP upgrade

netman — Sun, 04 Apr 2010 21:05:16 GMT

Hi Gabe
The image is not showing and I have used 2 different kind of browsers i.e. Chrome and IE. No matter what I do the images do not show. The image that you saw was a static image just to make sure that images were not blocked from PHP pages.
Netman

Re: Problems using CaptchaSecurityImages since PN PHP upgrade

Gabe — Sun, 04 Apr 2010 22:05:12 GMT

Hi Netman,
What I saw was images generated by http://ccgi.netman.plus.com/cgi-bin/security.lib.php. I reloaded the page and got a new picture each time. I still do if I use that url directly, though I see it's now been removed from the page.
Gabe

Re: Problems using CaptchaSecurityImages since PN PHP upgrade

netman — Sun, 04 Apr 2010 23:23:18 GMT

Hi Gabe
Yes you are right. I was a bit missleading. The image did reload but the PHP security.lib.php page would not release the numbers and letters. The to the contact page. I therefore tried another PHP page CaptchaSecurityImages.php which I found on the web and it just leaves a red cross still not passing the numbers and letters back. I am not sure what is going on as I tested both pages on my local machine and they seem to work fine. Confused or what???
Netman

Re: Problems using CaptchaSecurityImages since PN PHP upgrade

Gabe — Mon, 05 Apr 2010 14:04:58 GMT

Hi Netman,
How are you passing the variable? I'd expect the security.lib.php script to work with something like:

<?php
session_start();
require_once "security.lib.php";
//Generate random code.
$_SESSION['random'] = generate_random_code(SP_KEY);
//Show picture
get_security_picture($_SESSION['random']);

?>

and then use $_SESSION['random'] in the script that receives your form. Or have I misunderstood the problem?
Gabe

Re: Problems using CaptchaSecurityImages since PN PHP upgrade

netman — Mon, 05 Apr 2010 16:55:16 GMT

HI Gabe
Thanks for all your help but I am getting nowhere at the moment. It's a same that before PN upgraded to PHP5 all was well with my site but now I'm pulling my hair out. Well, I would if I had any
Anyway. The contact page is a html page as you know and it refers to the security.lib.php page
Code:
<?php

define('SP_KEY', '234612ASgBY0985Sfvtr3WDA345w3f35345dfb');
define('SP_CODE_LENGTH','5');
define('SP_CODE_OFFSET','2');
define('SP_QUALITY', '80');
define('SP_WIDTH', '60');
define('SP_HEIGTH', '30');
define('SP_CIRCLES', '100');
define('SP_FONT', '10');
define('SP_TEXT_X', '7');
define('SP_TEXT_Y', '7');
//generate random code. this code will be displayed at the image
//
function generate_random_code($key)
{
return substr(md5($_SERVER['HTTP_USER_AGENT'] . $key . date("YmdHis")), SP_CODE_OFFSET, SP_CODE_LENGTH);
}
//generate picture
//
function get_security_picture($code) {
//set height and width for image font
//
ImageFontWidth(SP_FONT);
ImageFontHeight(SP_FONT);
//create image
//
$im = @imagecreate(SP_WIDTH, SP_HEIGTH);
//set image color
//
imagecolorallocate($im, 255 , 255, 255);
//set random text color
//
$text_color = imagecolorallocate($im, rand(0,100), rand(0,100), rand(0,100));
//create random color circles
//
for ($i=1; $i<=SP_CIRCLES; $i++) {
$randomcolor = imagecolorallocate($im , rand(100,255), rand(100,255), rand(100,255));
imagefilledellipse($im, rand(0, SP_WIDTH-10), rand(0, SP_HEIGTH-3), rand(20,70), rand(20,70), $randomcolor);
}
imagerectangle($im, 0, 0, SP_WIDTH-1, SP_HEIGTH-1, $text_color);
imagestring($im, SP_FONT, SP_TEXT_X, SP_TEXT_Y, $code, $text_color);
//output image in browser
header ("Content-type: image/jpeg");
imagejpeg($im, '', SP_QUALITY);
//destroy current image
//
ImageDestroy($im);
}
get_security_picture(generate_random_code(SP_KEY));
?>

This places an image ib the html page. Somehow I need to get the image contects to the text box called code and then this is posted to my sendmail php page
Code:
<?php
session_save_path('/files/home3/netman/cgi-bin/SESSIONS/');
session_start();
if( isset($_POST['submit'])) {

if( $_SESSION['code'] == $_POST['code'] && !empty($_SESSION['code'] ) ) {
//if( $_SESSION['code'] == $_POST['code'] && !empty($_SESSION['code'] ) ) {
// Insert you code for processing the form here, e.g emailing the submission, entering it into a database.
////echo 'Thank you. Your message said "'.$_POST['message'].'"';

//--------------------------Set these paramaters--------------------------
// Subject of email sent to you.
$subject = 'You have a message from Netmans Website';
// Your email address. This is where the form information will be sent.
$emailadd = 'web@netman.plus.com';
$emailaddfrom = 'Netman web feedback form';
// Where to redirect after form is processed.
$url = 'http://www.netman.plus.com/thankyou.html';
// Makes all fields required. If set to '1' no field can not be empty. If set to '0' any or all fields can be empty.
$req = '0';
// --------------------------Do not edit below this line--------------------------
$text = "Message from Netman Web email/feedback form:\n\n";
$space = ' ';
$line = '
';
foreach ($_POST as $key => $value)
{
if ($req == '1')
{
if ($value == '')
{echo "$key is empty";die;}
}
$j = strlen($key);
if ($j >= 100)
{echo "Name of form element $key cannot be longer than 100 characters";die;}
$j = 20 - $j;
for ($i = 1; $i <= $j; $i++)
{$space .= ' ';}
$value = str_replace('\n', "$line", $value);
$conc = "{$key}:$space{$value}$line";
$text .= $conc;
$space = ' ';
}
mail($emailadd, $subject, $text, 'From: '.$emailaddfrom.'');
echo '<META HTTP-EQUIV=Refresh CONTENT="0; URL='.$url.'">';

unset($_SESSION['code']);
} else {
// Insert your code for showing an error message here
//echo "Sorry, you have provided an invalid security code";

header('Location:http://www.netman.plus.com/whoops.html');
}
} else {
}
?>

Re: Problems using CaptchaSecurityImages since PN PHP upgrade

David_W — Mon, 05 Apr 2010 17:13:50 GMT

This may have nothing to do with it, but if it's a direct paste you have several major typos in your code.......

define('SP_HEIGTH',     '30');

Shouldn't it be SP_HEIGHT?

Re: Problems using CaptchaSecurityImages since PN PHP upgrade

netman — Mon, 05 Apr 2010 17:19:34 GMT

OK now you've got me...
define('SP_HEIGTH', '30');
Shouldn't it be SP_HEIGHT?
Arn't they both the same or are my eyes fuzzy from being infornt of the screen too long

Re: Problems using CaptchaSecurityImages since PN PHP upgrade

Oldjim — Mon, 05 Apr 2010 17:28:04 GMT

spelling of height

Re: Problems using CaptchaSecurityImages since PN PHP upgrade

alanrm — Mon, 05 Apr 2010 17:33:11 GMT

Come on Plusnet - this is a problem in PHP implementation & has exactly the same cause as the problems with sessions.
ALL calls to session_start(); are failing - there is another post describing complicated ways of getting round it. I found a simpler way
which has also solved the problem with showing the captcha image.
If no session id is assigned php automatically assigns a reference when session_start is called BUT the length of this reference
is too long & choking Plusnet's php implementation. Nothing wrong with scripts, nothing wrong on my Win32 or Ubuntu Linux implementations
with PHP5 - it is Plusnet's implementation.
I use PHPFusion so I can't comment directly on your case but the captcha routine there includes a call to session_start();
The solution is to call session_id(); before calling session_start(); & assigning a short id
eg session_id("sec");
This has worked both for IM scripts which use session_start(); & PHPFusions new Member registration script which uses
captcha images.
So... look in your script for the call to session_start(); & place session_id("sec"); before it & voila!

Re: Problems using CaptchaSecurityImages since PN PHP upgrade

netman — Mon, 05 Apr 2010 18:12:24 GMT

Hi ananrm,
Thanks for the info. But alas I have put my website back to it's original state except for the PHP pages having
session_save_path('/files/home3/netman/cgi-bin/SESSIONS/');
session_id("sec");
session_start();
at the top and still no security images shows.... I must be going do-lally by now I guess.

Re: Problems using CaptchaSecurityImages since PN PHP upgrade

Gabe — Mon, 05 Apr 2010 18:24:18 GMT

Quote from: netman
session_save_path('/files/home3/netman/cgi-bin/SESSIONS/');

Try

ini_set('session.save_path', '/files/home3/netman/cgi-bin/SESSIONS');

And remove session_id("sec");
Gabe

Re: Problems using CaptchaSecurityImages since PN PHP upgrade

netman — Mon, 05 Apr 2010 19:00:57 GMT

Hi Gabe
Thanks for the info.
I don't have an issue with the sessions it's the image security I have a problem with.
However I have done as stated and still no change. I am sure the issue lies with PN PHP config

Re: Problems using CaptchaSecurityImages since PN PHP upgrade

alanrm — Mon, 05 Apr 2010 19:43:57 GMT

Hi netman,
Just to emphasize that it IS the session_start() function implementation which is causing the problem - you are viewing the captcha image
as something different but the problem is caused by the session_start function which is used in this script.
I came to your query because I had problems with this function in an IM script & after reading your query I found that suddenly the captcha image was not appearing in my PN PHPFusion setup. It was therefore no surprise at all to find that the captcha script included a call to the very same function. These are now working again after my amendment.
I don't know why you need to specify a session save path - does your original script do this? The ONLY change I had to make to two different
scripts causing problems was to set a short file length id by calling session_id() before session_start() specifically to address the error
notice being generated by PHP.
Of course, a reference generated automatically by PHP for a session id should not be rejected by PHP & is not by any other implementation that I have come across.
To Gabe I would say-
Try uploading this script to PN & then explain how to solve the error. There should of course be no error message.
<?php
session_start();
?>
Now upload this:-
<?php
session_id("test");
session_start();
?>
You will of course get a white screen but look at your cookies - the PHPSESSIONID has been successfully created - it failed on the call just to
session_start()

Re: Problems using CaptchaSecurityImages since PN PHP upgrade

netman — Mon, 05 Apr 2010 19:59:36 GMT

Hi alanru
I got this on your second comment...
Server error!
The server encountered an internal error and was unable to complete your request.
Error message:
Premature end of script headers: session2.php
If you think this is a server error, please contact the webmaster.
Error 500

Re: Problems using CaptchaSecurityImages since PN PHP upgrade

netman — Mon, 05 Apr 2010 20:14:22 GMT

Hi to both alanru and Gabe,
Here are my 3 instances of code
1. The call from the html file to the php security file
2. The php security file
3. the php Post and redirect file
I cannot see what's wrong
1.
******************************************************************************************************************************************************************************
<img src="http://ccgi.netman.plus.com/cgi-bin/CaptchaSecurityImages.php" /><br />
<label for="security_code">Security Code: </label><input id="security_code" name="security_code" type="text" value=""/><br />
<p><br>
<input type="submit" name="submit" id="submit" class="button" value="Send message" tabindex="6" />
******************************************************************************************************************************************************************************
2.
******************************************************************************************************************************************************************************
<?php
//session_id("sec");
//session_start();
session_id("sec");
ini_set('session.save_path', '/files/home3/netman/cgi-bin/SESSIONS');

class CaptchaSecurityImages {
var $font = 'arial.ttf';
function generateCode($characters) {
/* list all possible characters, similar looking characters and vowels have been removed */
$possible = '23456789bcdfghjkmnpqrstvwxyz';
$code = '';
$i = 0;
while ($i < $characters) {
$code .= substr($possible, mt_rand(0, strlen($possible)-1), 1);
$i++;
}
return $code;
}
function CaptchaSecurityImages($width='120',$height='40',$characters='6') {
$code = $this->generateCode($characters);
/* font size will be 75% of the image height */
$font_size = $height * 0.75;
$image = @imagecreate($width, $height) or die('Cannot initialize new GD image stream');
/* set the colours */
$background_color = imagecolorallocate($image, 255, 255, 255);
$text_color = imagecolorallocate($image, 20, 40, 100);
$noise_color = imagecolorallocate($image, 100, 120, 180);
/* generate random dots in background */
for( $i=0; $i<($width*$height)/3; $i++ ) {
imagefilledellipse($image, mt_rand(0,$width), mt_rand(0,$height), 1, 1, $noise_color);
}
/* generate random lines in background */
for( $i=0; $i<($width*$height)/150; $i++ ) {
imageline($image, mt_rand(0,$width), mt_rand(0,$height), mt_rand(0,$width), mt_rand(0,$height), $noise_color);
}
/* create textbox and add text */
$textbox = imagettfbbox($font_size, 0, $this->font, $code) or die('Error in imagettfbbox function');
$x = ($width - $textbox[4])/2;
$y = ($height - $textbox[5])/2;
imagettftext($image, $font_size, 0, $x, $y, $text_color, $this->font , $code) or die('Error in imagettftext function');
/* output captcha image to browser */
header('Content-Type: image/jpeg');
imagejpeg($image);
imagedestroy($image);
$_SESSION['security_code'] = $code;
}
}
$width = isset($_GET['width']) ? $_GET['width'] : '120';
$height = isset($_GET['height']) ? $_GET['height'] : '40';
$characters = isset($_GET['characters']) && $_GET['characters'] > 1 ? $_GET['characters'] : '6';
$captcha = new CaptchaSecurityImages($width,$height,$characters);
?>
******************************************************************************************************************************************************************************
3.
*****************************************************************************************************************************************************************************
<?php
//session_save_path('/files/home3/netman/cgi-bin/SESSIONS/');
//session_id("sec");
session_id("sec");
ini_set('session.save_path', '/files/home3/netman/cgi-bin/SESSIONS');
session_start();
`chmod 700 $fn`;
if( isset($_POST['submit'])) {
// get_security_picture($_SESSION['random'])
if( $_SESSION['security_code'] == $_POST['security_code'] && !empty($_SESSION['security_code'] ) ) {

//--------------------------Set these paramaters--------------------------
// Subject of email sent to you.
$subject = 'You have a message from Netmans Website';
// Your email address. This is where the form information will be sent.
$emailadd = 'web@netman.plus.com';
$emailaddfrom = 'Netman web feedback form';
// Where to redirect after form is processed.
$url = 'http://www.netman.plus.com/thankyou.html';
// Makes all fields required. If set to '1' no field can not be empty. If set to '0' any or all fields can be empty.
$req = '0';
// --------------------------Do not edit below this line--------------------------
$text = "Message from Netman Web email/feedback form:\n\n";
$space = ' ';
$line = '
';
foreach ($_POST as $key => $value)
{
if ($req == '1')
{
if ($value == '')
{echo "$key is empty";die;}
}
$j = strlen($key);
if ($j >= 100)
{echo "Name of form element $key cannot be longer than 100 characters";die;}
$j = 20 - $j;
for ($i = 1; $i <= $j; $i++)
{$space .= ' ';}
$value = str_replace('\n', "$line", $value);
$conc = "{$key}:$space{$value}$line";
$text .= $conc;
$space = ' ';
}
mail($emailadd, $subject, $text, 'From: '.$emailaddfrom.'');
echo '<META HTTP-EQUIV=Refresh CONTENT="0; URL='.$url.'">';

unset($_SESSION['code']);
} else {
// Insert your code for showing an error message here
//echo "Sorry, you have provided an invalid security code";

header('Location:http://www.netman.plus.com/whoops.html');
}
} else {
}
?>
*******************************************************************************************************************************************
Thanks for all your help guys

Re: Problems using CaptchaSecurityImages since PN PHP upgrade

Gabe — Mon, 05 Apr 2010 20:43:04 GMT

Hi Alan,
Try

<?php
ini_set('session.save_path', '/files/homeX/username/SESSION');
session_id("test");
session_start();
?>

suitably edited for your path. Call it in a few browsers. Then look in /SESSION and count the sessions.
Gabe

Re: Problems using CaptchaSecurityImages since PN PHP upgrade

alanrm — Mon, 05 Apr 2010 20:49:33 GMT

Do we have a happy ending?
Both my original scripts without any alterations are now working again - Plusnet have been busy.
Netman - have you tried your original scripts again?

Re: Problems using CaptchaSecurityImages since PN PHP upgrade

Gabe — Mon, 05 Apr 2010 20:51:27 GMT

Hi Netman,
You appear to have taken the session_start(); out of your image generator.
try just


ini_set('session.save_path', '/files/home3/netman/cgi-bin/SESSIONS');
session_start();

Gabe