vuthao / cool-php-captcha

Automatically exported from code.google.com/p/cool-php-captcha
GNU General Public License v3.0
0 stars 0 forks source link

bug with multiple use #8

Open GoogleCodeExporter opened 8 years ago

GoogleCodeExporter commented 8 years ago
next bug is in multiply use

example I have to opened two pages in same computer

edit-post.php ... set captcha to session
in next tab of browser I have edit-article.php ... that overwrite captcha 
session

so when submit form on edit-post.php ... result will be that captcha always 
fail because $_SESSION['captcha'] contain captcha for edit-article.php

solution use $_SESSION['captcha'] = array()
on create captcha use $_SESSION['captcha'][] = 'new captcha';
after read unset by unset($_SESSION['captcha'][0]);
...

Original issue reported on code.google.com by svecp...@gmail.com on 31 Aug 2010 at 5:51

GoogleCodeExporter commented 8 years ago
One can have same page on many tabs. Only sure way to fix this would be to send 
unnique hash with the answer to the server with $_POST. 

Unique value can be simply made by UUID class with 
http://stackoverflow.com/questions/2413754/how-to-create-uniqe-key-value-in-php#
answer-2413781 v4 is pseudorandom and should be enough for this purpose.

<img src="captcha.php?mathrandomstuff&check=UNIQUE_FOR_EACH_PAGE_VIEW" />
<input type="hidden" name="check" value="UNIQUE_FOR_EACH_PAGE_VIEW" />
<input type="text" name="chekcAgainst" value="" />

Check would be unique for each word (not image).

So when generating image (or regenerating it):
$_SESSION['captcha'][$_REQUEST['check']] = 'new captcha';

Check against after submitting:

if( $_SESSION['captcha'][$_REQUEST['check']] == $_REQUEST['captcha'] )
{
   // clear to proceed.
}else
{
   // incorrect captcha
}

unset($_SESSION['captcha'][$_REQUEST['check']]);

Original comment by matti.t....@gmail.com on 1 Mar 2012 at 4:09