dapphp
commented
4 years ago In version 4.0.1 there were some major changes with how codes are stored and associated with clients. To do away with the requirement of cookies or more complicated database settings and make database/file/redis/session storage standardized, captcha codes are identified by IDs.
You'll have to start by using Securimage::getCaptchaHtml() (see the example_form.php in nextgen / 4.0.1 branch) after having configured your storage settings in config.inc.php.
Image URLs are now like:
http://domain/securimage/securimage_show.php?id=ab0695e6014b6739ea71ad94ce616a172764407e
The form should then embed that ID in a hidden input field, and server side when validating the code using check, supply the captcha ID as the second argument.
In your form you can generate a random code and serve it like this:
<?php
$id = bin2hex(openssl_random_pseudo_bytes(24));
?>
<input type="hidden" name="captcha_id" value="<?= $id ?>">
<img src="/path/to/securimage_show.php?id=<?= $id ?>" ...>
Enter code: <input type="text" name="code">Then when validating the form:
<?php
$id = @$_POST['captcha_id'];
$code = @$_POST['code'];
$options = array(/* your options here */);
$securimage = new Securimage($options);
$valid = $securimage->check($code, $id);Unfortunately I never got any great examples for this done. The wordpress plugin at https://wordpress.org/plugins/securimage-wp/ is built using 4.0 and can be used as an example though.
Serucimage version 4.0.1
Downloaded it from here https://github.com/dapphp/securimage/archive/4.0.1.zip
When I open the URL to securimage_show.php and reload. The text in an image did not change at all. Reload many times but nothing changed.
Go back to version 3.6.7 it is working fine.