Sessions in URL and captcha

[hvandracas]

Hello everybody, I am new to these forums and registered due to my problems which has been annoying me all the evening... I've been googling for 3 hours and still haven't found a proper answer.

 

The situation is:

 

I started to use session in my page.

<?php

ini_set('session.use_cookies', 0);

ini_set('session.use_only_cookies', 0);

ini_set('session.name', 'sid');

ini_set('session.auto_start', 0);

ini_set('session.use_trans_sid', 1);

session_start();

?>

these lines are included in, let's say, my register.php file.

(please, don't recommend me cookies as i'm developing a site for mobiles)

 

And then, there is a form:

<?php

echo '<form action="register.php?sid='.session_id().'" method="POST">

Įveskite kodą:<br/>

<input class="input" type="text" name="captcha" maxlength="4"/><br/>

<img id="captcha" src="captcha.php?sid='.session_id().'" /><br/>

<input type="submit" name="submit" value="Registruotis" /><br/>

</form>';?>

 

although captcha is shown, when I submit the form and i have to check inputs I get this error:

 

Notice: Undefined index: randomnr2 in C:\Program Files\EasyPHP-5.3.3.1\www\new\register.php on line 144

 

Well, my captcha.php file:

 

<?php

 

$randomnr = rand(1000, 9999);

$_SESSION['randomnr2'] = $randomnr;

 

$im = imagecreatetruecolor(100, 38);

 

$white = imagecolorallocate($im, 255, 255, 255);

$grey = imagecolorallocate($im, 150, 150, 150);

$black = imagecolorallocate($im, 0, 0, 0);

 

imagefilledrectangle($im, 0, 0, 200, 35, $black);

 

//path to font - this is just an example you can use any font you like:

 

$font = dirName(__FILE__).'/font/karate/Karate.ttf';

 

imagettftext($im, 20, 4, 22, 30, $grey, $font, $randomnr);

 

imagettftext($im, 20, 4, 15, 32, $white, $font, $randomnr);

 

//prevent caching on client side:

header("Expires: Wed, 1 Jan 1997 00:00:00 GMT");

header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");

header("Cache-Control: no-store, no-cache, must-revalidate");

header("Cache-Control: post-check=0, pre-check=0", false);

header("Pragma: no-cache");

 

header ("Content-type: image/gif");

imagegif($im);

imagedestroy($im);

?>

 

 

Any ideas? Thanks in advance.

 

 

 

[btherl]

Can you post line 144 of register.php?

[hvandracas]

Sure: $true_captcha = $_SESSION['randomnr2'];

 

by the way, print_r($_SESSION); shows Array ( )

[btherl]

Oh I see .. you need to put the same session initializing code into EVERY php file.  You can either copy and paste it, or put it all into one file such as "session.php" and include that into every other file.  Otherwise captcha.php doesn't have access to your session.

[hvandracas]

I've already tried that. But when I include them, captcha image isn't shown.

 

Found a solution. I had to change my form img element to this: <img id="captcha" src="captcha.php?sid='.session_id().'" />

 

Thanks a lot.

[hvandracas]

Well, i have another question. Now everything works fine, however, the same session url works on different machines when url is copied/pasted. I assume i have to check some information in order not to let copy/paste sids and login to other users. What are the best things to check? Just ip and browser? As the majority of my page users gonna use mobiles, their ip may be the same, phones too. Any other ideas am i wrong?