Hi there,
I want to use a captcha generator witch works like this:
1)Save some sequrity text in the _SESSION variable
2)Display the captha image.
<img src="http://www.website.ro/captcha/captcha_source.php">
the captcha image is a php file which reads the $_SESSION["security_text"] and generates an image, by setting it-s header to an image:
header("Content-type:image/jpeg");
header("Content-Disposition:inline ; filename=secure.jpg");
3)compare the submited text to the one stored inside _SESSION
The problem:
-I set $_SESSION["outside"]="outside"; before the image tag, but inside captcha_source.php the $_SESSION variable is empty.
-If I give it session_start() at the beginning of captcha_source.php, the session_id IS THE SAME as for the rest of the site, but _SESSION is still empty.
-If I set $_SESSION["inside"]="inside"; inside captcha_source.php, when I read SESSION outside of captcha_source.php (after the img tag), SESSION only includes ["outside"]="outside". (And inside captcha_source, session prints as inside=>inside)
-If I remove the line with img src=captcha_source.php, and set SESSION to "test" and write "test" in the form, everything works after submitting (but I don't have the image, because it wasn't included).
So session works from page to page, but somehow not inside captcha_soruce.php. Even thow the id-s are the same, the sessions seam to be totally independent.
If instead of including the file inside the image tag, I include it as include "/captcha/captcha_source.php" it sets the sessions ok, but I need the image, not garbage text.
One hunch is that the problem is from htaccess (but the identical session id-s are strange), maybe from these lines: (the captcha folder is treated differently, but the base address should be unchanged)
RewriteCond $1 !^(index_ro|imagini|extra|fisiere|slider|tinymce|captcha)
RewriteRule ^(.*)/ index_ro.php?$1/
Maybe the identical sessions have to do with the way I read the files: remove the header from captcha_source.php and open the file www.site.ro/captcha/captcah_source.php whitch the same browser (firefox). And I see the garbage text and session id and session variables whitch I printed. Openning multiple tabs with the same site, keeps the same id.
I hope it's not to long, but it's been 2 days since I strougled with this problem. If it won't work, I'll do this with sql, but I would like to know where the problem is so it won't show up again in other circumstances.
Thank you :)
Here is a stripped code to show more clearly what happens:
<?php
session_start();
echo session_id();
if(!$_POST["mail_form_captcha"])
{
unset($_SESSION);
[...]
InitCaptcha();
$_SESSION["before"]="before";
?>
<img src="<?php echo "./captcha/image.php"; ?>" />
<?php
$_SESSION["after"]="after";
print_r($_SESSION);
}
else
{
print_r($_SESSION);
}
?>
<?php
session_start();
$_SESSION["inside"]="inside";
print_r($_SESSION);
echo session_id();
[...].
imagettftext([...] $_SESSION["security_text"]);
[...].
header("Content-type:image/jpeg");
header("Content-Disposition:inline ; filename=secure.jpg");
imagejpeg($img);
?>
Ok, it's been to many days since i've been stuck here. I'll save the text in a SQL table and read it from there. If anyone knows what's causing this, I'm interested, so I won't fall in this problem again :)