Technical Questions On The New CAPTCHA System

Posted: Wed Mar 28, 2007 10:13 am

Since I wrote the system I guess I should explain it a bit more, since there seems to be some confusion. So here is some brief info on how the system works.

One thing for you all to remember is there is 2 CAPTCHA systems.

There is the old nuke/nsn system

And the new Visual and Audio PHP CAPTCHA system

The old system uses includes/gfx.php to generate the CAPTCHA. It only requires GD library to run and will show up if you do not have FreeType & GD2 installed.

The new system uses images/captcha.php to generate the CAPTCHA. It requires GD2 & FreeType installed to run. (Come to think of it probably should move either file so they are both in the same folder on the next release.)

If GD is NOT installed then neither one will generate a CAPTCHA and the CAPTCHA check will return true no matter what.

The function to generate a CAPTCHA is done in includes/gfx_check.php security_code(). You can force a CAPTCHA by passing a 1 or true to the last argument. This is useful if you want to have it in say weblinks submittals, or feedback, etc.

Both use PHP sessions to hold the code to insure its valid. There is no posting or getting. So if for some reason no matter how many times you enter the code it fails its your sessions that are the problem most likely. I have repeatedly come across sites that do not have their session path setup correctly by the host. Which in turn causes the sessions to fail but does not generate a visual error on the site.

Adding:

Code:

session_save_path(dirname(__FILE__));

To the mainfile will tell you if that is the problem, and is a temp fix for it.

Both systems use includes/gfx_check.php security_code_check() to check the POST (and only POST) input vs the session. If valid it returns a true, if not a false.

includes/class.captcha.php is only for the new system and is used with images/captcha.php to generate the image and includes/gfx_check.php to validate the input.