[RESOLVED] session value returns extra numbers

PaPPy

Ok i am trying to do a captcha, image verification

i am using this code to check the cookie if they have successfully vertified every 15 mins

$reval = "900";
//amount of seconds needed before revalidation. 900 is 15 mins =]
if(isset($_COOKIE['val'])){
}else{
include("val.php");
exit;
}

inside of val.php
it loads up the image page, captcha.php
and sets a session value of $key
then when the person enters their attempt at the image verification
it comes $security to the session key

my problem i am having is i am getting extra numbers at the begging of my session key
example session key: 33176390064565451032777834421138025
actual security code: 38025
submitted security code: 38025

so as you see the last 5 are the same. so i chopped off all but last 5 and compared and everything worked fine in Firefox, but anyone else was a no go

anyone have any idea?

any help is MUCH appricated
thank you in advanced

below is the attached files i am using

bpat1434

Interesting... I'm not seeing anything wrong except that in my session, I get a different key than what is shown on the screen...

PaPPy

its still not working for me,
is there a way to rewrite it to do the same thing
cause this is really frustrating

bpat1434

Well, you could generate a random string, save it to a php file, then include that file in the captcha.php file and then iterate over that string to get you your image. I've adapted it to do just this (with alphabetic letters too) and here's what i got:

captcha.php

<?php
session_start();
function hex2int($hex) {
        return array( 'r' => hexdec(substr($hex, 0, 2)), // 1st pair of digits
                      'g' => hexdec(substr($hex, 2, 2)), // 2nd pair
                      'b' => hexdec(substr($hex, 4, 2))  // 3rd pair
                    );
}
include_once('keyFile.php');
/*
Content: CAPTCHA image
Creator: Mark Cole
License: N/A
Copyright to Cyber-Wars.com
*/

$totalChars = 5;

$backrand = "backCAPTCHAimage" . rand(1, 4) . ".gif";
//$backrand = "backCAPTCHAimage2.gif";

$image = imagecreatefromgif("images/" . $backrand);
//change the image to whatever you want. I included one just in case



$spacing = (imagesx($image) / $totalChars);

//arial = 1.ttf
//masturbator = 2.ttf
//wizardry = 6.ttf
//augie = 4.ttf
//xfiles = 5.ttf
//medusa = 3.ttf


$colors = array('12CBEC', 'C315ED', '67F85D', '0151B7', '229E56', 'BA6DB4', 'E80363', 'F4D658', 'FFFFFF', 'DB2D12', 'A61859', 'A61812', '5EF254', 'ACE338', '21CB14', 'EE9CF1', '29F9FF', 'A1F63F', 'C31D19', 'ABC0E6', '1184CE', 'F71869', 'E0EDCC');

for($i = 0, $totalChars=strlen($key); $i < $totalChars; $i++)
{

$character = $key[$i];
$rand = rand(1,5); 
$font = 'Arial'; //$rand . '.pap';
$font_size = rand(20, 35);
$angle = rand(-30, 30);
$rand_keys = array_rand($colors, 2);

$imColor = hex2int($colors[$rand_keys[0]]);
$fontColor = imagecolorallocate($image, $imColor['r'], $imColor['g'], $imColor['b']);

$details = imageftbbox($font_size, $angle, $font, $character, array());
$x = $spacing / 4 + $i * $spacing;
$char_height = $details[2] - $details[5];
$y = imagesy($image) / 2 + $char_height / 4;
imagettftext($image, $font_size, $angle, $x, $y, $fontColor, $font, $character);
}

header("Content-Type: image/gif");
imagegif($image);
?>

val.php

<?php
session_start();
ob_start();

if(!isset($_POST['submit']))
{
	$_SESSION['key'] = genRandString();
	echo '
	<div align="center">
	<img src="10341597.captcha.php" alt="security image" />
	<form method="post">
	<input type="text" name="security" id="security" />
	<input type="submit" name="submit" value="Enter" />
	</form>
	</div>';
}
else
{
	$seskey = $_SESSION['key'];

$security = $_POST['security'];

if(strlen($security) <= 0){
	echo 'Field must be filled in. =/ idiot';
}
elseif($seskey != $security)
{
	echo 'Invalid Security Code<br />';
}
else
{
	$newtime = time() + 900; 
	setcookie("val", "set", "$newtime"); 
	echo '<script type="text/javascript">
	<!--
	window.location = "intro.php"
	//-->
	</script>';
}
}
ob_end_flush();

function genRandString($chars=5)
{
	$key = '';
	$alpha = range('A', 'Z');

for($i=0; $i<$chars; $i++)
{
	$alnum = rand(0,1);
	if($alnum)
	{
		$char = rand(0,9);
	}
	else
	{
		$char = $alpha[rand(0, 25)];
	}
	$key .= $char;
}

	writeKeyFile($key);
	return $key;
}

function writeKeyFile($key)
{
	$contents = '<?php
if(substr($_SERVER[\'SCRIPT_FILENAME\'], -11) == \'keyFile.php\')
{
	header(\'Location: 10341597.val.php\');
}

$key = \''.$key.'\';
?>';
	$fp = @fopen('keyFile.php', 'w+');
	fwrite($fp, $contents);
	fclose($fp);
}
?>

PaPPy

ya i was thinking of saving a file or in our mysql database
problably leaning towards mysql cause of the high traffic we get on our site

ill leave this unresolved to see if anyone else has run into this problem and has a solution

thanks for the suggestions

NogDog

I just save it as a session variable when I do a captcha.

PaPPy

thats what i do, and its adding a bunch of extra numbers in front

PaPPy

problem solved
for some reason every time u would set a session it was just adding the number before it to the end of the string

so i just did $key = "";
before hand and all is good