session start and captcha...

Posted by Co on March 8, 2009, 5:11 am

Please log in for more thread options

Hi All,

I'm trying to write a registration page for my website using a
captcha.
On the register.php page the user fills in his credentials and a
security code (captcha).
These are send to register2.php. There an error check is done.
Register2.php checks if all the fields are filled out and if the right
security code was submitted.
When something is wrong he is redirected to register.php.

1. somehow the security code is always wrong, or the $_SESSION
['security_code'] = empty.;
2. when the user is redirected to register.php I get this error
"Warning: session_start() [function.session-start]: Cannot send
session cache limiter - headers already sent".

When I run the captcha code as a seperate example it works but not
embedded in my code.

CaptchaSecurityImages.php

<?php
session_start();

class CaptchaSecurityImages {

        var $font = 'monofont.ttf';

        function generateCode($characters) {
                /* list all possible characters, similar looking characters and
vowels have been removed */
                $possible = '23456789bcdfghjkmnpqrstvwxyz';
                $code = '';
                $i = 0;
                while ($i < $characters) {
                        $code .= substr($possible, mt_rand(0, strlen($possible)-1), 1);
                        $i++;
                }
                return $code;
        }

        function CaptchaSecurityImages($width='120',$height='40',
$characters='6') {
show/hide quoted text
                /* font size will be 75% of the image height */
                $font_size = $height * 0.75;
                $image = @imagecreate($width, $height) or die('Cannot initialize new
GD image stream');
                /* set the colours */
                $background_color = imagecolorallocate($image, 255, 255, 255);
                $text_color = imagecolorallocate($image, 20, 40, 100);
                $noise_color = imagecolorallocate($image, 100, 120, 180);
                /* generate random dots in background */
                for( $i=0; $i<($width*$height)/3; $i++ ) {
                        imagefilledellipse($image, mt_rand(0,$width), mt_rand(0,$height),
1, 1, $noise_color);
                }
                /* generate random lines in background */
                for( $i=0; $i<($width*$height)/150; $i++ ) {
                        imageline($image, mt_rand(0,$width), mt_rand(0,$height), mt_rand
(0,$width), mt_rand(0,$height), $noise_color);
                }
                /* create textbox and add text */
show/hide quoted text
('Error in imagettfbbox function');
                $x = ($width - $textbox[4])/2;
                $y = ($height - $textbox[5])/2;
                imagettftext($image, $font_size, 0, $x, $y, $text_color, $this-
show/hide quoted text
                /* output captcha image to browser */
                header('Content-Type: image/jpeg');
                imagejpeg($image);
                imagedestroy($image);
                $_SESSION['security_code'] = $code;
        }

}

$width = isset($_GET['width']) ? $_GET['width'] : '120';
$height = isset($_GET['height']) ? $_GET['height'] : '40';
show/hide quoted text
$_GET['characters'] : '6';

$captcha = new CaptchaSecurityImages($width,$height,$characters);

show/hide quoted text

Register.php

<?
session_start();

if ($_SESSION['email_address'] != "" ) {
show/hide quoted text

if ( empty( $first_name ) ) {
        print "Please login below!";
        include 'index.php';
}
} else { echo "

show/hide quoted text

show/hide quoted text

show/hide quoted text
Velden gemarkeerd met een asterisk (*) zijn verplicht.
show/hide quoted text

Register2.php

<?php

// SET ERROR REPORTING
error_reporting(E_ALL ^ E_NOTICE);
date_default_timezone_set('Europe/Paris');

$database_name = "stommennl";
$db_password = "xQZHS2v%";
$adminemail = "stommennl@stommen.nl";

$connection = mysql_connect("mysql50-c1.stommen.nl", $database_name ,
$db_password) or die(mysql_error());
$db = mysql_select_db($database_name) or die(mysql_error());

// Define post fields into simple variables
$first_name = $_POST['first_name'];
$last_name = $_POST['last_name'];
$email_address = $_POST['email_address'];
$username = $_POST['username'];
$info = $_POST['info'];
$gsm = $_POST['gsm'];
$sitename = "Sphinx Website";

if (isset($_POST['sms'])) {
$sms = $_POST['sms'];

        if ($sms == 'ja') {
        $sms = 1;
        }
        else { $sms = 0;
         }
}

/* Lets strip some slashes in case the user entered
any escaped characters. */

$first_name = stripslashes($first_name);
$last_name = stripslashes($last_name);
$email_address = stripslashes($email_address);
$username = stripslashes($username);
$info = stripslashes($info);
$gsm = stripslashes($gsm);

/* Do some error checking on the form posted fields */

if( $_SESSION['security_code'] == $_POST['security_code'] && !empty
($_SESSION['security_code'] ) ) {
                unset($_SESSION['security_code']);
} else {
                echo "<link rel=\"stylesheet\" href=\"images/style.css\" type=\"text/
show/hide quoted text
                include 'register.php'; // Show the form again!
                exit(); // if the error checking has failed, we'll exit the script!
}

if(empty($_POST['first_name']) || empty($_POST['last_name']) || empty
($_POST['email_address']) || empty($_POST['username']) || empty($_POST
['gsm'])){

        echo "<link rel=\"stylesheet\" href=\"images/style.css\" type=\"text/
show/hide quoted text
        if(!$first_name){
show/hide quoted text
        }
        if(!$last_name){
show/hide quoted text
        }
        if(!$email_address){
show/hide quoted text
        }
        if(!$username){
show/hide quoted text
        }
        if(empty($_POST['gsm'])){
                if($_POST['sms'] == 'ja'){
show/hide quoted text
                }
}
        session_unset();
        session_destroy();
        include 'register.php'; // Show the form again!
        /* End the error checking and if everything is ok, we'll move on to
         creating the user account */
        exit(); // if the error checking has failed, we'll exit the script!
}

if(preg_match("/^[0-9]$/s", $_POST['gsm']) || preg_match("/^+[0-9]
$/s", $_POST['gsm'])) {

} else {
        echo "<link rel=\"stylesheet\" href=\"images/style.css\" type=\"text/
show/hide quoted text

        session_unset();
        session_destroy();
        include 'register.php'; // Show the form again!
        exit(); // if the error checking has failed, we'll exit the script!

}

/* Let's do some checking and ensure that the user's email address or
username
does not exist in the database */

$sql_email_check = mysql_query("SELECT email_address FROM members
WHERE email_address='$email_address'");
$sql_username_check = mysql_query("SELECT username FROM members WHERE
username='$username'");

$email_check = mysql_num_rows($sql_email_check);
$username_check = mysql_num_rows($sql_username_check);

show/hide quoted text
        echo "<link rel=\"stylesheet\" href=\"images/style.css\" type=\"text/
show/hide quoted text
                unset($email_address);
        }
show/hide quoted text
                unset($username);
        }
        session_unset();
        session_destroy();
        include 'register.php'; // Show the form again!
        exit(); // exit the script so that we do not create this account!
}

/* Everything has passed both error checks that we have done.
It's time to create the account! */

show/hide quoted text
        <meta http-equiv="REFRESH" content="5;url=http://www.stommen.nl/
show/hide quoted text

Marco