I have a captcha system going and for some reason when I use
<?php
$s = "";
for($i = 0; $i < 10; $i++) { $s = $s.rand(0,9); }
$_SESSION['CaptchaValue'] = $s;
$fn = '/Login/Register/Captcha.php';
echo '<img src="'.$fn.'" alt="Captcha" />';
?>
and Captcha.php uses require_once or include to include some classes that I
use to generate the captcha then it fails(usually get alt showed). But when
I include the classes directly inside the file it works ;/
This is very strange behavior? It really shouldn't matter if I do that,
right? And it is also a security issue because then if they can read the php
I they can get how I generate them.
What I can I do?
captcha.php
<?php
// Captcha classes inserted here but removed for brevity
header("Content-type: image/png");
session_start();
$f = $_SERVER['DOCUMENT_ROOT'].'/Login/Register/';
//require_once($f.'Captcha.php');
$c = new Captcha();
$c->Fonts->Add($f."1.TTF", 0.23, 15, 2, 5, 0, 10, 20);
$c->Fonts->Add($f."2.TTF", 0.5, 15, 2, 5, 0, 10, 20);
$c->Fonts->Add($f."3.TTF", 0.27, 18, 2, 5, 0, 10, 20);
$c->Fonts->Add($f."4.TTF", 0.27, 18, 2, 5, 0, 10, 20);
$s = $_SESSION['CaptchaValue'];
$img = $c->Create($s);
imagepng($img);
imagedestroy($img);
?>
Now I know the require is working or atleast when I debug I can step through
the classes so I'm sure its including it but it acts almost as if I'm not
including it(except I don't get any errors about it).
What ends up happening is either I get the alt showed or I get something
where its like the image is missing(but you get the border for with the X
icon).
Any ideas?
Thanks,
Jon 4 1902
On 8 Jun., 23:57, "Jon Slaughter" <Jon_Slaugh...@Hotmail.comwrote:
I have a captcha system going and for some reason when I use
<?php
$s = "";
for($i = 0; $i < 10; $i++) { $s = $s.rand(0,9); }
$_SESSION['CaptchaValue'] = $s;
$fn = '/Login/Register/Captcha.php';
echo '<img src="'.$fn.'" alt="Captcha" />';
?>
and Captcha.php uses require_once or include to include some classes that I
use to generate the captcha then it fails(usually get alt showed). But when
I include the classes directly inside the file it works ;/
Needed classes or other files must be included inside Catpcha.php.
First, the client will get an output including 10 html image tags.
After then, the client sends new requests, to get and display the
images. Therefore you must include them inside Captcha.php
This is very strange behavior? It really shouldn't matter if I do that,
right? And it is also a security issue because then if they can read the php
I they can get how I generate them.
Normally it's not possible to "read" PHP files. PHP code will
outputted by the Webserver if you use show_code() or if the Webserver
doesn't know what to to with files having .php format.
An approved way is to source out included files like classes, helper,
etc. outside the web directory. Then, nobody can require these files
directy by using a request.
What I can I do?
captcha.php
<?php
// Captcha classes inserted here but removed for brevity
header("Content-type: image/png");
session_start();
$f = $_SERVER['DOCUMENT_ROOT'].'/Login/Register/';
//require_once($f.'Captcha.php');
$c = new Captcha();
$c->Fonts->Add($f."1.TTF", 0.23, 15, 2, 5, 0, 10, 20);
$c->Fonts->Add($f."2.TTF", 0.5, 15, 2, 5, 0, 10, 20);
$c->Fonts->Add($f."3.TTF", 0.27, 18, 2, 5, 0, 10, 20);
$c->Fonts->Add($f."4.TTF", 0.27, 18, 2, 5, 0, 10, 20);
$s = $_SESSION['CaptchaValue'];
$img = $c->Create($s);
imagepng($img);
imagedestroy($img);
?>
Now I know the require is working or atleast when I debug I can step through
the classes so I'm sure its including it but it acts almost as if I'm not
including it(except I don't get any errors about it).
What ends up happening is either I get the alt showed or I get something
where its like the image is missing(but you get the border for with the X
icon).
Any ideas?
Thanks,
Jon
purcaholic
"purcaholic" <pu********@googlemail.comwrote in message
news:11**********************@p77g2000hsh.googlegr oups.com...
On 8 Jun., 23:57, "Jon Slaughter" <Jon_Slaugh...@Hotmail.comwrote:
>I have a captcha system going and for some reason when I use
<?php
$s = ""; for($i = 0; $i < 10; $i++) { $s = $s.rand(0,9); } $_SESSION['CaptchaValue'] = $s; $fn = '/Login/Register/Captcha.php'; echo '<img src="'.$fn.'" alt="Captcha" />'; ?>
and Captcha.php uses require_once or include to include some classes that I use to generate the captcha then it fails(usually get alt showed). But when I include the classes directly inside the file it works ;/
Needed classes or other files must be included inside Catpcha.php.
First, the client will get an output including 10 html image tags.
After then, the client sends new requests, to get and display the
images. Therefore you must include them inside Captcha.php
huh? But require/include should do this? I shouldn't have to manually copy
the classes into the php directly but should be able to use require/include
in any php to include data? The client has nothing to do with this as it
doesn't see php.
>This is very strange behavior? It really shouldn't matter if I do that, right? And it is also a security issue because then if they can read the php I they can get how I generate them.
Normally it's not possible to "read" PHP files. PHP code will
outputted by the Webserver if you use show_code() or if the Webserver
doesn't know what to to with files having .php format.
An approved way is to source out included files like classes, helper,
etc. outside the web directory. Then, nobody can require these files
directy by using a request.
Yes, but what I'm worrieda bout is security. Same reason not to include
password in php files. But as you said... an "approved way" is to source out
include files... yet I cannot do this because when I use require_once it
then doesn't work..
I don't think you fully understand the issue.
Say I have the captcha.php used for the image
//------------------- CASE 1
// class.php
<?php
class CaptchaMods()
{
function modifyimage($img)
{
//.........
}
}
?>
// some php file
<?php
header("content-type: image/png");
//*****************
require_once('class.php);
$c = new CaptchaMods();
$img = imagecreate(100,100);
$img = $c->modifyimage($img);
imagepng($img);
imagedestroy($img);
?>php
The above doesn't work, but this does
//------------------- CASE 2
// some php file
<?php
header("content-type: image/png");
//*****************
class CaptchaMods()
{
function modifyimage($img)
{
//.........
}
}
$c = new CaptchaMods();
$img = imagecreate(100,100);
$img = $c->modifyimage($img);
imagepng($img);
imagedestroy($img);
?>php
--------------
In CASE 2 all I did was copy and paste the class where the require was...
and now it works(well, this is just test code that might not work but is the
idea). This is essentially what require is suppose to do anyways? Only thing
I can think of is that require isn't working but when debugging I was able
to step through the class. Maybe for some reason its not so I'll have to
play around with it to see.
Thanks,
Jon
On 9 Jun., 14:12, "Jon Slaughter" <Jon_Slaugh...@Hotmail.comwrote:
"purcaholic" <purcaho...@googlemail.comwrote in message
news:11**********************@p77g2000hsh.googlegr oups.com...
On 8 Jun., 23:57, "Jon Slaughter" <Jon_Slaugh...@Hotmail.comwrote:
I have a captcha system going and for some reason when I use
<?php
$s = "";
for($i = 0; $i < 10; $i++) { $s = $s.rand(0,9); }
$_SESSION['CaptchaValue'] = $s;
$fn = '/Login/Register/Captcha.php';
echo '<img src="'.$fn.'" alt="Captcha" />';
?>
and Captcha.php uses require_once or include to include some classes that
I
use to generate the captcha then it fails(usually get alt showed). But
when
I include the classes directly inside the file it works ;/
Needed classes or other files must be included inside Catpcha.php.
First, the client will get an output including 10 html image tags.
After then, the client sends new requests, to get and display the
images. Therefore you must include them inside Captcha.php
huh? But require/include should do this? I shouldn't have to manually copy
the classes into the php directly but should be able to use require/include
in any php to include data? The client has nothing to do with this as it
doesn't see php.
This is very strange behavior? It really shouldn't matter if I do that,
right? And it is also a security issue because then if they can read the
php
I they can get how I generate them.
Normally it's not possible to "read" PHP files. PHP code will
outputted by the Webserver if you use show_code() or if the Webserver
doesn't know what to to with files having .php format.
An approved way is to source out included files like classes, helper,
etc. outside the web directory. Then, nobody can require these files
directy by using a request.
Yes, but what I'm worrieda bout is security. Same reason not to include
password in php files. But as you said... an "approved way" is to source out
include files... yet I cannot do this because when I use require_once it
then doesn't work..
I don't think you fully understand the issue.
Say I have the captcha.php used for the image
//------------------- CASE 1
// class.php
<?php
class CaptchaMods()
{
function modifyimage($img)
{
//.........
}}
?>
// some php file
<?php
header("content-type: image/png");
//*****************
require_once('class.php);
$c = new CaptchaMods();
$img = imagecreate(100,100);
$img = $c->modifyimage($img);
imagepng($img);
imagedestroy($img);
?>php
The above doesn't work, but this does
//------------------- CASE 2
// some php file
<?php
header("content-type: image/png");
//*****************
class CaptchaMods()
{
function modifyimage($img)
{
//.........
}
}
$c = new CaptchaMods();
$img = imagecreate(100,100);
$img = $c->modifyimage($img);
imagepng($img);
imagedestroy($img);
?>php
--------------
In CASE 2 all I did was copy and paste the class where the require was...
and now it works(well, this is just test code that might not work but is the
idea). This is essentially what require is suppose to do anyways? Only thing
I can think of is that require isn't working but when debugging I was able
to step through the class. Maybe for some reason its not so I'll have to
play around with it to see.
Thanks,
Jon- Zitierten Text ausblenden -
- Zitierten Text anzeigen -
Either the include path, where youre class besides, isn't in php
include_path setting, or included file has an white space, which will
be also send to the client. Check your'e captcha class for white space
characters before "<?php" or after ">?".
You wrote, that you could step to the class while debugging, therefore
i suppose an additional send character after header("content-type:
image/png"); causes the issue.
purcaholic
"purcaholic" <pu********@googlemail.comwrote in message
news:11*********************@p47g2000hsd.googlegro ups.com...
On 9 Jun., 14:12, "Jon Slaughter" <Jon_Slaugh...@Hotmail.comwrote:
>"purcaholic" <purcaho...@googlemail.comwrote in message
news:11**********************@p77g2000hsh.googleg roups.com...
On 8 Jun., 23:57, "Jon Slaughter" <Jon_Slaugh...@Hotmail.comwrote: I have a captcha system going and for some reason when I use
><?php
>$s = ""; for($i = 0; $i < 10; $i++) { $s = $s.rand(0,9); } $_SESSION['CaptchaValue'] = $s; $fn = '/Login/Register/Captcha.php'; echo '<img src="'.$fn.'" alt="Captcha" />'; ?>
>and Captcha.php uses require_once or include to include some classes that I use to generate the captcha then it fails(usually get alt showed). But when I include the classes directly inside the file it works ;/
Needed classes or other files must be included inside Catpcha.php.
First, the client will get an output including 10 html image tags.
After then, the client sends new requests, to get and display the
images. Therefore you must include them inside Captcha.php
huh? But require/include should do this? I shouldn't have to manually copy the classes into the php directly but should be able to use require/include in any php to include data? The client has nothing to do with this as it doesn't see php.
>This is very strange behavior? It really shouldn't matter if I do that, right? And it is also a security issue because then if they can read the php I they can get how I generate them.
Normally it's not possible to "read" PHP files. PHP code will
outputted by the Webserver if you use show_code() or if the Webserver
doesn't know what to to with files having .php format.
An approved way is to source out included files like classes, helper,
etc. outside the web directory. Then, nobody can require these files
directy by using a request.
Yes, but what I'm worrieda bout is security. Same reason not to include password in php files. But as you said... an "approved way" is to source out include files... yet I cannot do this because when I use require_once it then doesn't work..
I don't think you fully understand the issue.
Say I have the captcha.php used for the image
//------------------- CASE 1
// class.php <?php class CaptchaMods() { function modifyimage($img) { //......... }}
?>
// some php file <?php
header("content-type: image/png");
//***************** require_once('class.php);
$c = new CaptchaMods(); $img = imagecreate(100,100); $img = $c->modifyimage($img); imagepng($img); imagedestroy($img); ?>php
The above doesn't work, but this does
//------------------- CASE 2
// some php file <?php
header("content-type: image/png");
//***************** class CaptchaMods() { function modifyimage($img) { //......... }
}
$c = new CaptchaMods(); $img = imagecreate(100,100); $img = $c->modifyimage($img); imagepng($img); imagedestroy($img); ?>php
--------------
In CASE 2 all I did was copy and paste the class where the require was... and now it works(well, this is just test code that might not work but is the idea). This is essentially what require is suppose to do anyways? Only thing I can think of is that require isn't working but when debugging I was able to step through the class. Maybe for some reason its not so I'll have to play around with it to see.
Thanks, Jon- Zitierten Text ausblenden -
- Zitierten Text anzeigen -
Either the include path, where youre class besides, isn't in php
include_path setting, or included file has an white space, which will
be also send to the client. Check your'e captcha class for white space
characters before "<?php" or after ">?".
You wrote, that you could step to the class while debugging, therefore
i suppose an additional send character after header("content-type:
image/png"); causes the issue.
Seems to be working now. I just copyed the file and removes the non class
code in one and the class code in the other and then added the require. You
might have been right about the extra spaces... maybe before or after the
php code. I didn't think about that but thats probably the case cause it was
saying the image was invalid(atleast in firefox) so chances are some spaces
were getting inserted.
Thanks,
Jon This discussion thread is closed Replies have been disabled for this discussion. Similar topics
15 posts
views
Thread by Philipp Lenssen |
last post: by
|
5 posts
views
Thread by MyndPhlyp |
last post: by
|
8 posts
views
Thread by KS |
last post: by
|
15 posts
views
Thread by Gérard Talbot |
last post: by
|
3 posts
views
Thread by Henry Johnson |
last post: by
|
10 posts
views
Thread by News |
last post: by
|
1 post
views
Thread by Carl |
last post: by
|
4 posts
views
Thread by SammyBar |
last post: by
| | | | | | | | | | |