0

I'm working on a Captcha class and i'm almost done, there is one thing that doesn't work

In the file where I put the form, I start with this line:

    include 'captcha.php';
    $captcha = Captcha::tryCaptcha(2,4,'#000', '#ffffff');

and this is the captch construct:

static $do_generate = TRUE;
function __construct($aantal_letters = 2, $aantal_cijfers = 4, $voorgrond = '#000000', $achtergond = '#ffffff') {
    session_start();
    if (self::$do_generate == TRUE) {
        $letters = substr(str_shuffle('ABCDEGHJKLMNPQRSTUVWXYZ'),0 ,$aantal_letters);
        $cijfers = substr(str_shuffle('23456789'),0 ,$aantal_cijfers);
        $imgbreed = 18 * ($aantal_letters + $aantal_cijfers); 
        $_SESSION['imgbreed'] = $imgbreed;
        $_SESSION['captcha'] = $letters . $cijfers;
        $_SESSION['voorgrond'] = $this->hex2rgb($voorgrond);
        $_SESSION['achtergond'] = $this->hex2rgb($achtergond);
    }
}

so in other words I put my stuff in a session if the static var $do_generate == TRUE

So when I post the form, the captcha is getting checked by a procesor.php

like this:

if (Captcha::captcha_uitkomst() == TRUE) {
echo "Great";
} else {
echo "Wrong";

}

And this is the captcha function that checks the etered captcha code:

static function captcha_uitkomst() {
    if (strcmp($_SESSION['captcha'], strtoupper(str_replace(' ', '', $_POST['captcha-invoer']))) == 0) {
        return TRUE;
    } else {
        echo "test";
        self::$do_generate = FALSE;
        return FALSE;
    }
}

If I enter a correct captcha code, it's all good, that works I get the echo great. If wrong I get the echo Wrong,

Perfect, but.... when I go back to form (hit backspace one history back) to enter a correct captcha, it regenerates a new captcha.

In the class: captcha_uitkomst you see that I made the self::do_generate FALSE And the echo 'TEST' works when it's false, (just for checking)

What am I doing wrong

Improve this question
2
  • Why do you think that captcha shouldn't regenerate when you click back? Commented Jun 22, 2014 at 14:49
  • Because the Image that's created by php with imagettftext, is not refresing, so it shows the old picture with a new generated code. That goes wrong Commented Jun 22, 2014 at 15:05

1 Answer 1

Reset to default
1

When you hit "back", the page is reloaded. You get a new CAPTCHA.

The premise of your question is fundamentally flawed, as you have just randomly assumed that this shouldn't happen, whereas in reality this is entirely by design.

It wouldn't be a very effective CAPTCHA if you could repeatedly get it wrong then go back and try again; any bot could just start brute forcing it and learning from the experience.

Improve this answer
Sign up to request clarification or add additional context in comments.

4 Comments

Indeed it does, in the var dump I see that it regenerates, but I call the picture like this: <img src="image.php" /> and in image.php I create the picture from the captcha session, while the page gets reloaded, the picture somehow is not, if I hit F5, then the whole page is reloaded included the picture and the whole bunch is in sync.
I have no idea what you just said.
@RalphSchipper sounds like you're trying to say "the capcha image displayed is cached until I refresh the page" or some other such "it's the http cache headers in the image.php response" problem, especially in light of this comment.
Yes @AD7six I totaly overlooked that it might be a chache issue, I'll take a look at that, if that works. I just want the displayed picture to be the same as the (regenerated) captcha key.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.