Hi guys,

A little trouble finishing of a log-on script with captcha-check. Hope you can spot it.

I have just started messing around with the GD graphics libary for PHP to complete a log-on script and I’m trying to create a captcha process with it. I have installed the GD library for PHP, but still the below code results in nothing but a blank, white browserpage with a small “broken file” icon in the top-left corner of the white browser area. What should I be checking for first?

The code:

$width  = 120;
$height =  40;
$length =   5;

$baseList = '0123456789abcdfghjkmnpqrstvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ';

$code    = "";
$counter = 0;

$image = imagecreate($width, $height) or die('Cannot initialize GD!');

for( $i=0; $i<10; $i++ ) {
   imageline($image, 
         mt_rand(0,$width), mt_rand(0,$height), 
         mt_rand(0,$width), mt_rand(0,$height), 
         imagecolorallocate($image, mt_rand(150,255), 
                                    mt_rand(150,255), 
                                    mt_rand(150,255)));
                                    }
for( $i=0, $x=0; $i<$length; $i++ ) {
   $actChar = substr($baseList, rand(0, strlen($baseList)-1), 1);
   $x += 10 + mt_rand(0,10);
   imagechar($image, mt_rand(3,5), $x, mt_rand(5,20), $actChar, 
      imagecolorallocate($image, mt_rand(0,155), mt_rand(0,155), mt_rand(0,155)));
   $code .= strtolower($actChar);
   }

header('Content-Type: image/jpeg');
imagejpeg($image);
imagedestroy($image);

$_SESSION['securityCode'] = $code;

// CAPTCHA GENERATOR END

       $token = md5(uniqid(rand(), TRUE));
     $_SESSION['token'] = $token;
     echo sprintf("<form action='/musicartcenter.php' method='post'>
             <fieldset>
              <legend>Please enter the code below as you see it:</legend>
               <p><label>Captcha</label><img src='/musicartcenter.php' />                                           
                                        <input type='text' name=secCode size=10 />
                                        <input type='hidden' name='formtoken' value='%s'>
              <span><input name='submitBtn' type='submit' value='process_captcha' /></span>
             </fieldset>
            </form>", $token);
     die('</div><!-- applicationarea end -->');
       }
      }
     } 

The PHP config:

[ATTACH]4621[/ATTACH]

Thx for the glancing over.

You should first look at what is being sent to the browser (since it apparently is not a valid JPEG file). If your browser won't let you look at the raw response, comment out the 'Content-Type:' header.

Thx very much for the reply.

result from commenting out header:

ÿØÿàJFIFÿþ>CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), default quality ÿÛC $.' ",#(7),01444'9=82<.342ÿÛC 2!!22222222222222222222222222222222222222222222222222ÿÀ(x"ÿÄ ÿĵ}!1AQa"q2‘¡#B±ÁRÑð$3br‚ %&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyzƒ„…†‡ˆ‰Š’“”•–—˜™š¢£¤¥¦§¨©ª²³´µ¶·¸¹ºÂÃÄÅÆÇÈÉÊÒÓÔÕÖ×ØÙÚáâãäåæçèéêñòóôõö÷øùúÿÄ ÿĵw!1AQaq"2B‘¡±Á #3RðbrÑ $4á%ñ&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz‚ƒ„…†‡ˆ‰Š’“”•–—˜™š¢£¤¥¦§¨©ª²³´µ¶·¸¹ºÂÃÄÅÆÇÈÉÊÒÓÔÕÖ×ØÙÚâãäåæçèéêòóôõö÷øùúÿÚ?ôê(¢½Cà (¢€ r&üá”ÁŽ3øô¦ÑIùs£ÆpêÊ}Å6¦i—ËªÊOðŒ2ŸÏ}ùü*· üé&ú–áÙ‹E*G,™Ú©=Ôö ²Âÿ~7㺞¾Þ¿ˆ¡É TüÇ$Lãw{±àŸjŒœä=k—Ö¦Õc–+;Z¾ŸTŸ4–86G?3¾#Tr©à]*ņÜÌK~Uœ*96¬[§«É.àž}Í7.z£Õ©Dh£F)v¯÷GåZY½È÷q¡Uº¶ãéž?*)ôQÊ» Éô ¡¬Í$x’-åÅÄlgÀÊ€¯$GœsWêËHï*ü‰K„ÞŽv1S•ÑÈävçÓH‚+K¹¥¸šÚæŠxÑd"9©V,%Tçxǧ>–É©«ZÙi$•ç–âi«I.ÐvŒàa@nÙçéV¨~CV¾¤6—)ygÔa‚MÈ¡º€FF:š°´K«{{!uÍ,–È‘ˆƒ3^ÇŒ–îF0 î´)&Ö#¤$?àDcô5Œj6•Ö§DéAI¤ôþ¼îW[–}TجYÄq|ô±Ï§×5k(•½:/çÔþ{Öu¾Ÿ"^{ý®âàK(ˆD} ¦Þ3’O'ŸÊ¯ÿxÕ5'èM©*Ÿæ+´²ã{ð:*Œþ}±T´ÝBÏU±ŽóNIo.q&Ò¹Á ð@9È=iòMó=¸A+Ä\Æ’í—a8Ü0rxÜ;ô¬_\Ïwà*>{™¤šfó7I#–c‰“ìT¹n‡(òÅÉ»ìihÚOö\´Óýªöw/qtSkJsòñ“€ØÖ•Q¨«#IÉÝ…R€Np Ç&˜„¢Š)ˆ(¢Š(¢ŠpvPõ¿Ö›E†Ò»===h¢†® Ûb•æc}v—SGÜ¢ÄÐNð¾Âs´” ‘‘œžÊÊÛM²ŠÎΆÞ%Úˆ½þ§¹=I¢Šwv°Ü›V¹bŠ( ‘À¨ ±ô=(gf'@0(¢•Šæv°Ú(¢™'ÿÙ

if I activate the header and try it in Firefox instead of Chrome, I get:

The image "http://127.0.0.1musicartcenter.php" could not be displayed, because it contains errors.

No bids on why the created image contains errors?

You cannot output the image and text from the same script. You'll need to put the image serving code into its own script so that all it outputs is the image, then access that via an IMG tag in the main page. (It's also a good idea to exit; right after you do the imagejpeg() call, just to ensure that nothing extraneous gets output after that.)

Ok, this is still not working for me.

I put the image creating code in it's own PHP file, looking like this:

<?php
//
// Code to generate captcha image below
//
$width  = 120;
$height =  40;
$length =   5;

$baseList = '0123456789abcdfghjkmnpqrstvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ';

$code    = "";
$counter = 0;

$image = imagecreate($width, $height) or die('Cannot initialize GD!');

for( $i=0; $i<10; $i++ ) {
   imageline($image, 
         mt_rand(0,$width), mt_rand(0,$height), 
         mt_rand(0,$width), mt_rand(0,$height), 
         imagecolorallocate($image, mt_rand(150,255), 
                                    mt_rand(150,255), 
                                    mt_rand(150,255)));
                                    }
for( $i=0, $x=0; $i<$length; $i++ ) {
   $actChar = substr($baseList, rand(0, strlen($baseList)-1), 1);
   $x += 10 + mt_rand(0,10);
   imagechar($image, mt_rand(3,5), $x, mt_rand(5,20), $actChar, 
      imagecolorallocate($image, mt_rand(0,155), mt_rand(0,155), mt_rand(0,155)));
   $code .= strtolower($actChar);
   }
header('Content-Type: image/jpeg');
imagejpeg($image);
imagedestroy($image);
$_SESSION['securityCode'] = $code;
//
// CAPTCHA GENERATOR END
//
?>

• included the new file at the top of the calling script and changed the reference where the image-file is needed to match the new destination and the new filename. Still errors out with the same message.

spookztar;11012515 wrote:

included the new file at the top of the calling script

... and therein lies your problem. As has already been said:

NogDog wrote:

You'll need to put the image serving code into its own script so that all it outputs is the image, then access that via an IMG tag in the main page.

(emphasis added)

See my reply above.

Ok, I see. Including adds to the existing file, so that PHP sees it as one big file. No separation as far as application logic goes.

Now, I get no errormessage, thx for that. Instead, I get the captcha form with the field for filling flanked by the small, "broken file" icon from before (Sorry, not allowed to post screenshots)

In the calling file, I now only have the IMG-tag with the path leading to the location of the "captacha.php" file posted above. I just commented out the include.

Ok, I see. Including adds to the existing file, so that PHP sees it as one big file. No separation as far as application logic goes.

Now, I get no errormessage, thx for that. Instead, I get the captcha form with the field for filling flanked by the small, "broken file" icon from before:

[ATTACH]4665[/ATTACH]

In the calling file, I now only have the IMG-tag with the path leading to the location of the "captacha.php" file posted above. I just commented out the include.

Try commenting out the header() call (that sets the Content-Type) and manually navigating to the URL of the captcha script that is to be outputting that image. Do you see any PHP error messages?

That outputs the following in the browser:

ÿØÿàJFIFÿþ>CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), default quality ÿÛC $.' ",#(7),01444'9=82<.342ÿÛC 2!!22222222222222222222222222222222222222222222222222ÿÀ(x"ÿÄ ÿĵ}!1AQa"q2‘¡#B±ÁRÑð$3br‚ %&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyzƒ„…†‡ˆ‰Š’“”•–—˜™š¢£¤¥¦§¨©ª²³´µ¶·¸¹ºÂÃÄÅÆÇÈÉÊÒÓÔÕÖ×ØÙÚáâãäåæçèéêñòóôõö÷øùúÿÄ ÿĵw!1AQaq"2B‘¡±Á #3RðbrÑ $4á%ñ&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz‚ƒ„…†‡ˆ‰Š’“”•–—˜™š¢£¤¥¦§¨©ª²³´µ¶·¸¹ºÂÃÄÅÆÇÈÉÊÒÓÔÕÖ×ØÙÚâãäåæçèéêòóôõö÷øùúÿÚ?ôÅ;—>½>”´Ð #·5ã#WwK@¢“æöp1xÂxôßÇu¨cQŽïPNHáŒ8.8Î~n¾õQƒ–Ɛ ç³_×ÈïÁÁÈëNó¹ê3YzÄ·ÞÒîî\¼óÚE,Ós2N“Vžâ$¾ŠÌ¡2KÊ0…AÏ¿Î?Z,îÒ¹[I¿——«,ù©Ü!?•ãþãçØÿõ©(¥pö±í[~ˆRWÏ¡ù捤ôtý²¢ù£·ÓûÃ.w Nzdæ,ÿ¼zvÔªjÝ %hëÈ¿óÊsÜ÷H&ÆÊ2Á±ïÅ¡Šœ‚Aö©¹Ÿµ]4ô·ù Ú;Œýy¥§yÝ‰úóFüõU?†?•"dÔ·“ù¢Š)…V»¾kC%*ÍËÊH $’Ä*þ'œñVk?T´šíaT¶°»‰\™!»SƒÁÁVÃ÷NAíWé{—$¹“·Ì’ÇR‡SÓྴFheàðÃ`úG^{Üf¸é¾ØÜkËs¨%ÕíÄÓA"îDµó>ð}¸|“óÖèvéš-”󉥉0_'IÀÏaÐ{Õ$vÏÐÖÑRŽÖûѼeRÚ·É¢¦‘fº~cb³ …µºCæûT.q“Ž•SPœZk¶72Epð‹iã- »Ë†-„ Ô0£±b€7÷‡óÓÂàéêjUá+µ}ÿ5r9d¥Ífïú”&Õ¡†ÖÞãɸqq(Š41ßqÎ2¯´Žêk+è£WCˆàeXudÀÒÞXÇ{äy…Ç‘2Ì»Hå—¦}¹¢ÎÆ;/?Ë.|ùšfÝÙ›®=¸¬;è´Œ”}ÔÓùþv% ™¥çe N{ãùš}>”PïÔÂJW÷· (¢‘!ERQEQEQEQEQERäúÑE4ÚÙ”§(蝃'ÖŒÑE>iwµŸv£>ÔQG3i>ÿ×Ü%QI»ÝÝÙÿÙ

EDIT: If I navigate there with the header active, I get a successfully created captcha-image.

Is this on a production server or a development server? If the former, do you have display_errors set to Off and log_errors set to On? If the latter, are the two booleans reversed (display = On, log = Off or On if you'd like)? Also, is error_reporting set to E_ALL (or better)?

Do you have any whitespace (or any other characters, really) outside of the <?php ... ?> tags in this image-generating script? It certainly looks like the GD extension is generating some binary image data, thus the main reason I can think of that would prevent a browser from displaying the desired image is if that raw binary data was getting corrupted somehow (e.g. by stray whitespace characters in the .php script, PHP dumping error messages to screen rather than logging them, etc.).

"Is this on a production server or a development server?"

Home PC with a running LAMP = home development server

"Do you have any whitespace (or any other characters, really) outside of the <?php ... ?> tags in this image-generating script?"

No.

Error reporting in php.ini:

error_reporting = E_ALL & ~E_DEPRECATED & ~E_WARNING
display_errors = On
log_errors = On.

EDIT: The captcha script itself works when navigating to it with the header on. Have a look:

[ATTACH]4667[/ATTACH]

Is the path to your captcha.php script correct? If the browser can't reach it, it won't display an image. Try inspecting the image URL that the <img> tag is using from your browser (Chrome, Firefox and Opera all come with this feature built in now). Is it the same as the one you're using when you see the captcha working?

Lastly, could it be a caching issue? Hit ctrl + F5 and see if that forces the browsers cache to refresh.

Is the path to your captcha.php script correct? If the browser can't reach it, it won't display an image. Try inspecting the image URL that the <img> tag is using from your browser (Chrome, Firefox and Opera all come with this feature built in now). Is it the same as the one you're using when you see the captcha working?

Lastly, could it be a caching issue? Hit ctrl + F5 and see if that forces the browsers cache to refresh.

Ok, weird stuff. I copy-pasted the code into an earlier version of the same main script, put it into the webdir, reloaded and now it works. I have to put in a few hours to get this version up to the level of the one I've been working on, but I think this is the way. Thx.