473,839 Members | 1,465 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

Captchas and <img>

I have a captcha system going and for some reason when I use

<?php

$s = "";
for($i = 0; $i < 10; $i++) { $s = $s.rand(0,9); }
$_SESSION['CaptchaValue'] = $s;
$fn = '/Login/Register/Captcha.php';
echo '<img src="'.$fn.'" alt="Captcha" />';
?>

and Captcha.php uses require_once or include to include some classes that I
use to generate the captcha then it fails(usually get alt showed). But when
I include the classes directly inside the file it works ;/

This is very strange behavior? It really shouldn't matter if I do that,
right? And it is also a security issue because then if they can read the php
I they can get how I generate them.

What I can I do?

captcha.php

<?php

// Captcha classes inserted here but removed for brevity

header("Content-type: image/png");
session_start() ;
$f = $_SERVER['DOCUMENT_ROOT'].'/Login/Register/';
//require_once($f .'Captcha.php') ;

$c = new Captcha();

$c->Fonts->Add($f."1.TTF" , 0.23, 15, 2, 5, 0, 10, 20);
$c->Fonts->Add($f."2.TTF" , 0.5, 15, 2, 5, 0, 10, 20);
$c->Fonts->Add($f."3.TTF" , 0.27, 18, 2, 5, 0, 10, 20);
$c->Fonts->Add($f."4.TTF" , 0.27, 18, 2, 5, 0, 10, 20);

$s = $_SESSION['CaptchaValue'];
$img = $c->Create($s);

imagepng($img);
imagedestroy($i mg);

?>

Now I know the require is working or atleast when I debug I can step through
the classes so I'm sure its including it but it acts almost as if I'm not
including it(except I don't get any errors about it).

What ends up happening is either I get the alt showed or I get something
where its like the image is missing(but you get the border for with the X
icon).

Any ideas?

Thanks,
Jon
Jun 8 '07 #1
4 2018
On 8 Jun., 23:57, "Jon Slaughter" <Jon_Slaugh...@ Hotmail.comwrot e:
I have a captcha system going and for some reason when I use

<?php

$s = "";
for($i = 0; $i < 10; $i++) { $s = $s.rand(0,9); }
$_SESSION['CaptchaValue'] = $s;
$fn = '/Login/Register/Captcha.php';
echo '<img src="'.$fn.'" alt="Captcha" />';
?>

and Captcha.php uses require_once or include to include some classes that I
use to generate the captcha then it fails(usually get alt showed). But when
I include the classes directly inside the file it works ;/
Needed classes or other files must be included inside Catpcha.php.
First, the client will get an output including 10 html image tags.
After then, the client sends new requests, to get and display the
images. Therefore you must include them inside Captcha.php
This is very strange behavior? It really shouldn't matter if I do that,
right? And it is also a security issue because then if they can read the php
I they can get how I generate them.
Normally it's not possible to "read" PHP files. PHP code will
outputted by the Webserver if you use show_code() or if the Webserver
doesn't know what to to with files having .php format.
An approved way is to source out included files like classes, helper,
etc. outside the web directory. Then, nobody can require these files
directy by using a request.
What I can I do?

captcha.php

<?php

// Captcha classes inserted here but removed for brevity

header("Content-type: image/png");
session_start() ;

$f = $_SERVER['DOCUMENT_ROOT'].'/Login/Register/';
//require_once($f .'Captcha.php') ;

$c = new Captcha();

$c->Fonts->Add($f."1.TTF" , 0.23, 15, 2, 5, 0, 10, 20);
$c->Fonts->Add($f."2.TTF" , 0.5, 15, 2, 5, 0, 10, 20);
$c->Fonts->Add($f."3.TTF" , 0.27, 18, 2, 5, 0, 10, 20);
$c->Fonts->Add($f."4.TTF" , 0.27, 18, 2, 5, 0, 10, 20);

$s = $_SESSION['CaptchaValue'];
$img = $c->Create($s);

imagepng($img);
imagedestroy($i mg);

?>

Now I know the require is working or atleast when I debug I can step through
the classes so I'm sure its including it but it acts almost as if I'm not
including it(except I don't get any errors about it).

What ends up happening is either I get the alt showed or I get something
where its like the image is missing(but you get the border for with the X
icon).

Any ideas?

Thanks,
Jon

purcaholic

Jun 9 '07 #2

"purcaholic " <pu********@goo glemail.comwrot e in message
news:11******** **************@ p77g2000hsh.goo glegroups.com.. .
On 8 Jun., 23:57, "Jon Slaughter" <Jon_Slaugh...@ Hotmail.comwrot e:
>I have a captcha system going and for some reason when I use

<?php

$s = "";
for($i = 0; $i < 10; $i++) { $s = $s.rand(0,9); }
$_SESSION['CaptchaValue'] = $s;
$fn = '/Login/Register/Captcha.php';
echo '<img src="'.$fn.'" alt="Captcha" />';
?>

and Captcha.php uses require_once or include to include some classes that
I
use to generate the captcha then it fails(usually get alt showed). But
when
I include the classes directly inside the file it works ;/
Needed classes or other files must be included inside Catpcha.php.
First, the client will get an output including 10 html image tags.
After then, the client sends new requests, to get and display the
images. Therefore you must include them inside Captcha.php
huh? But require/include should do this? I shouldn't have to manually copy
the classes into the php directly but should be able to use require/include
in any php to include data? The client has nothing to do with this as it
doesn't see php.
>This is very strange behavior? It really shouldn't matter if I do that,
right? And it is also a security issue because then if they can read the
php
I they can get how I generate them.
Normally it's not possible to "read" PHP files. PHP code will
outputted by the Webserver if you use show_code() or if the Webserver
doesn't know what to to with files having .php format.
An approved way is to source out included files like classes, helper,
etc. outside the web directory. Then, nobody can require these files
directy by using a request.
Yes, but what I'm worrieda bout is security. Same reason not to include
password in php files. But as you said... an "approved way" is to source out
include files... yet I cannot do this because when I use require_once it
then doesn't work..

I don't think you fully understand the issue.

Say I have the captcha.php used for the image
//------------------- CASE 1

// class.php
<?php
class CaptchaMods()
{
function modifyimage($im g)
{
//.........
}
}
?>

// some php file
<?php

header("content-type: image/png");

//*************** **
require_once('c lass.php);

$c = new CaptchaMods();
$img = imagecreate(100 ,100);
$img = $c->modifyimage($i mg);
imagepng($img);
imagedestroy($i mg);
?>php

The above doesn't work, but this does
//------------------- CASE 2

// some php file
<?php

header("content-type: image/png");

//*************** **
class CaptchaMods()
{
function modifyimage($im g)
{
//.........
}
}

$c = new CaptchaMods();
$img = imagecreate(100 ,100);
$img = $c->modifyimage($i mg);
imagepng($img);
imagedestroy($i mg);
?>php
--------------

In CASE 2 all I did was copy and paste the class where the require was...
and now it works(well, this is just test code that might not work but is the
idea). This is essentially what require is suppose to do anyways? Only thing
I can think of is that require isn't working but when debugging I was able
to step through the class. Maybe for some reason its not so I'll have to
play around with it to see.
Thanks,
Jon
Jun 9 '07 #3
On 9 Jun., 14:12, "Jon Slaughter" <Jon_Slaugh...@ Hotmail.comwrot e:
"purcaholic " <purcaho...@goo glemail.comwrot e in message

news:11******** **************@ p77g2000hsh.goo glegroups.com.. .


On 8 Jun., 23:57, "Jon Slaughter" <Jon_Slaugh...@ Hotmail.comwrot e:
I have a captcha system going and for some reason when I use
<?php
$s = "";
for($i = 0; $i < 10; $i++) { $s = $s.rand(0,9); }
$_SESSION['CaptchaValue'] = $s;
$fn = '/Login/Register/Captcha.php';
echo '<img src="'.$fn.'" alt="Captcha" />';
?>
and Captcha.php uses require_once or include to include some classes that
I
use to generate the captcha then it fails(usually get alt showed). But
when
I include the classes directly inside the file it works ;/
Needed classes or other files must be included inside Catpcha.php.
First, the client will get an output including 10 html image tags.
After then, the client sends new requests, to get and display the
images. Therefore you must include them inside Captcha.php

huh? But require/include should do this? I shouldn't have to manually copy
the classes into the php directly but should be able to use require/include
in any php to include data? The client has nothing to do with this as it
doesn't see php.
This is very strange behavior? It really shouldn't matter if I do that,
right? And it is also a security issue because then if they can read the
php
I they can get how I generate them.
Normally it's not possible to "read" PHP files. PHP code will
outputted by the Webserver if you use show_code() or if the Webserver
doesn't know what to to with files having .php format.
An approved way is to source out included files like classes, helper,
etc. outside the web directory. Then, nobody can require these files
directy by using a request.

Yes, but what I'm worrieda bout is security. Same reason not to include
password in php files. But as you said... an "approved way" is to source out
include files... yet I cannot do this because when I use require_once it
then doesn't work..

I don't think you fully understand the issue.

Say I have the captcha.php used for the image

//------------------- CASE 1

// class.php
<?php
class CaptchaMods()
{
function modifyimage($im g)
{
//.........
}}

?>

// some php file
<?php

header("content-type: image/png");

//*************** **
require_once('c lass.php);

$c = new CaptchaMods();
$img = imagecreate(100 ,100);
$img = $c->modifyimage($i mg);
imagepng($img);
imagedestroy($i mg);
?>php

The above doesn't work, but this does

//------------------- CASE 2

// some php file
<?php

header("content-type: image/png");

//*************** **
class CaptchaMods()
{
function modifyimage($im g)
{
//.........
}

}

$c = new CaptchaMods();
$img = imagecreate(100 ,100);
$img = $c->modifyimage($i mg);
imagepng($img);
imagedestroy($i mg);
?>php

--------------

In CASE 2 all I did was copy and paste the class where the require was...
and now it works(well, this is just test code that might not work but is the
idea). This is essentially what require is suppose to do anyways? Only thing
I can think of is that require isn't working but when debugging I was able
to step through the class. Maybe for some reason its not so I'll have to
play around with it to see.

Thanks,
Jon- Zitierten Text ausblenden -

- Zitierten Text anzeigen -
Either the include path, where youre class besides, isn't in php
include_path setting, or included file has an white space, which will
be also send to the client. Check your'e captcha class for white space
characters before "<?php" or after ">?".

You wrote, that you could step to the class while debugging, therefore
i suppose an additional send character after header("content-type:
image/png"); causes the issue.
purcaholic

Jun 9 '07 #4

"purcaholic " <pu********@goo glemail.comwrot e in message
news:11******** *************@p 47g2000hsd.goog legroups.com...
On 9 Jun., 14:12, "Jon Slaughter" <Jon_Slaugh...@ Hotmail.comwrot e:
>"purcaholic " <purcaho...@goo glemail.comwrot e in message

news:11******* *************** @p77g2000hsh.go oglegroups.com. ..


On 8 Jun., 23:57, "Jon Slaughter" <Jon_Slaugh...@ Hotmail.comwrot e:
I have a captcha system going and for some reason when I use
><?php
>$s = "";
for($i = 0; $i < 10; $i++) { $s = $s.rand(0,9); }
$_SESSION['CaptchaValue'] = $s;
$fn = '/Login/Register/Captcha.php';
echo '<img src="'.$fn.'" alt="Captcha" />';
?>
>and Captcha.php uses require_once or include to include some classes
that
I
use to generate the captcha then it fails(usually get alt showed).
But
when
I include the classes directly inside the file it works ;/
Needed classes or other files must be included inside Catpcha.php.
First, the client will get an output including 10 html image tags.
After then, the client sends new requests, to get and display the
images. Therefore you must include them inside Captcha.php

huh? But require/include should do this? I shouldn't have to manually
copy
the classes into the php directly but should be able to use
require/include
in any php to include data? The client has nothing to do with this as it
doesn't see php.
>This is very strange behavior? It really shouldn't matter if I do
that,
right? And it is also a security issue because then if they can read
the
php
I they can get how I generate them.
Normally it's not possible to "read" PHP files. PHP code will
outputted by the Webserver if you use show_code() or if the Webserver
doesn't know what to to with files having .php format.
An approved way is to source out included files like classes, helper,
etc. outside the web directory. Then, nobody can require these files
directy by using a request.

Yes, but what I'm worrieda bout is security. Same reason not to include
password in php files. But as you said... an "approved way" is to source
out
include files... yet I cannot do this because when I use require_once it
then doesn't work..

I don't think you fully understand the issue.

Say I have the captcha.php used for the image

//------------------- CASE 1

// class.php
<?php
class CaptchaMods()
{
function modifyimage($im g)
{
//.........
}}

?>

// some php file
<?php

header("conten t-type: image/png");

//*************** **
require_once(' class.php);

$c = new CaptchaMods();
$img = imagecreate(100 ,100);
$img = $c->modifyimage($i mg);
imagepng($img) ;
imagedestroy($ img);
?>php

The above doesn't work, but this does

//------------------- CASE 2

// some php file
<?php

header("conten t-type: image/png");

//*************** **
class CaptchaMods()
{
function modifyimage($im g)
{
//.........
}

}

$c = new CaptchaMods();
$img = imagecreate(100 ,100);
$img = $c->modifyimage($i mg);
imagepng($img) ;
imagedestroy($ img);
?>php

--------------

In CASE 2 all I did was copy and paste the class where the require was...
and now it works(well, this is just test code that might not work but is
the
idea). This is essentially what require is suppose to do anyways? Only
thing
I can think of is that require isn't working but when debugging I was
able
to step through the class. Maybe for some reason its not so I'll have to
play around with it to see.

Thanks,
Jon- Zitierten Text ausblenden -

- Zitierten Text anzeigen -

Either the include path, where youre class besides, isn't in php
include_path setting, or included file has an white space, which will
be also send to the client. Check your'e captcha class for white space
characters before "<?php" or after ">?".

You wrote, that you could step to the class while debugging, therefore
i suppose an additional send character after header("content-type:
image/png"); causes the issue.

Seems to be working now. I just copyed the file and removes the non class
code in one and the class code in the other and then added the require. You
might have been right about the extra spaces... maybe before or after the
php code. I didn't think about that but thats probably the case cause it was
saying the image was invalid(atleast in firefox) so chances are some spaces
were getting inserted.

Thanks,
Jon
Jun 9 '07 #5

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

15
3105
by: Philipp Lenssen | last post by:
My friend has the following problem (background: we want to transform XML to XHTML via XSLT): "We copy XHTML fragments into an output by using the following template: <xsl:template match="*" mode="xhtml"> <xsl:element name="{local-name()}"> <xsl:copy-of select="@*"/> <xsl:apply-templates mode="xhtml"/> </xsl:element>
5
2858
by: MyndPhlyp | last post by:
I've been busting my head trying to figure this out for quite some time. With IE6 and NS7, no problems. I can simply code the HTML <img height="100%"> and be done with it. But NS4 and NS6 (and probably a couple of other IE and NS versions I can't get to right now) don't want to play nice unless I hard code the image height. (Yes, I'm one of those who insists on still coding for NS4.)
8
67468
by: KS | last post by:
Just to show some code to show the consept. <img id="date" onclick="javascript:show_calendar();" src="/PlexSysWeb/images/show-calendar.gif" width=20 height=18 border=0> What i want the javascript to do is change the onclick value of the <IMG> tag above, by calling the test function from the same webpage by onclick on a button.
15
122194
by: Gérard Talbot | last post by:
Hello all, I'd like to know and understand the difference between, say, <img src="/ImageFilename.png" width="123" height="456" alt=""> and <img src="/ImageFilename.png" style="width: 123px; height: 456px;" alt="">
3
5458
by: Henry Johnson | last post by:
Okay - I'm spinning my wheels on this one... can someone help me figure out how to programmatically populate a table cell as follows (from C# code-behind)? I've tried using a Literal control in the TableCell, a HyperLink control, and an Image, but I'm not getting the results I want. Here's the source of what I'm after (retrieved by viewing the source of a page I'm trying to emulate): <td><a...
10
3329
by: News | last post by:
I am trying to be able to manipulate the width and height of an <img> but do not seem to be able. "Yes", I know the JavaScript will "not" manip anything, which is ok. I simply do not know how to capture the width or height. Once I can do that I can manipulate them. Here is the HTML for the <img> <div class="ImgMnp" id="myImg" onmouseover="imgSize('myImg','fpImg)"> <img src="images/FirePlace.jpg" width="480" height="640" id="fpImg" />
1
4632
by: Carl | last post by:
Hi all I have a javascript function that drags and drops an element (ie img) into a container (ie bordered div). The function works and returns the element and and container. My next step is to center the element in the container if the user is sloppy with positioning it. I can only test this on IE6 and IE5.5 and it fails. It positions the element too much right and low. Here is the function: function SnapToContainer(Container,El) {
4
9095
by: SammyBar | last post by:
Hi all, I wonder is it possible to upload the content of an <imgfield to a server. The content of the <imgwas downloaded from a web site different from the one it should be uploaded. The image file should not be saved locally before uploading. It should not be visible any <input type=file on the form. How can it be done? I'm working on a project where client javascript requests an image server to generate dynamic images. The client...
0
9855
marktang
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look ! Part I. Meaning of...
0
10586
jinu1996
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth. The Art of Business Website Design Your website is...
1
10648
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
0
9426
agi2029
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own.... Now, this would greatly impact the work of software developers. The idea...
0
7017
by: conductexam | last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one. At the time of converting from word file to html my equations which are in the word document file was convert into image. Globals.ThisAddIn.Application.ActiveDocument.Select();...
0
5682
by: TSSRALBI | last post by:
Hello I'm a network technician in training and I need your help. I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs. The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols. I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
0
5866
by: adsilva | last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
1
4484
by: 6302768590 | last post by:
Hai team i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
3
3134
bsmnconsultancy
by: bsmnconsultancy | last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.