Comments for Captcha PHP
Re: Eliminates waves border
Thank you very much for sharing this fix! The next release will include it ;)
[Totally forgot about this, because I've tested with the black/inverse version only.]
Eliminates waves border
I have modified the function distort() changing this inside the "for":
#-- get source pixel, paint dest
if ($single_pixel) {
// single source dot: one-to-one duplicate (unsmooth, hard edges)
if ( ((int)$dx+$x > 0) && ((int)$dy+$y > 0) && ((int)$dx+$x < $width) && ((int)$dy+$y < $height) ) {
imagesetpixel($dest, $x, $y, @imagecolorat($i, (int)$dx+$x, (int)$dy+$y));
} else {
imagesetpixel($dest, $x, $y, $this->inverse ? $this->bg ^ 0xFFFFFF : $this->bg);
};
}
//-------------------------------------
This eliminates borders when I use the Wave function.
Thanks for that excelent and free script.
Re: yes, this class is not secure.
I very much doubt that linkspamming under fake names and abusive conjectures get you any customers.
Re: Security hole
There has never been such a "security hole", because the _tcf= parameter (in version 0.9 only) has been filtered by:
if (preg_match('/^\w+$/', $id) && file_exists(...
Which also works more reliable than basename(), since it doesn't let special characters or even dots through.
------------
Even though this was a false alarm here, it's a very good practice to do at least such a surface security check in new scripts. So, no offence, and many thanks for voicing concerns and providing feedback here!
yes, this class is not secure.
yes, this class is not secure. :(
I have also found many other free php captcha scripts, but most have a problem of some kind... I think the solution is either writing your own captcha php script or use something professional ( ex. www.captchacreator.com (www.captchacreator.com) )
Alicia
Re: nice project
sry; s/kepp/keep/
nice project
I realy like this project because it is so damn easy to use and I need no database or such things. Kepp hacking!
--steffen
header bug
this class just work on IE,and dont work on firefox
Re: Security hole
> There is a serious security hole in this
> class!!!
>
> It is possible to retrieve the passwd
> file by using
>
> You could do with using basename()
> around POST/GET variables before
> using them.
>
> Regards
> Paul Brennan
the passwords in the file /etc/passwd is irreversibly encrypted (hashed) so thats not the problem. The problem is that he can access ANY file on system, even cleartext config files which may contain password in unencrypted form.
failure to display
So I've been trying to add this captcha to some code I'm
using and I'm unable to get it to display the image in my
form. I get the alt text and I can click to go to the image
directly and it displays ok but I never get anything in the
form page. I've read the README for clues but so far
nothing. I've added error_log() debugging code to the code
and when the request comes in for the image the only code
that is exercised is the the test for the invoking of the script
directly.
So out of ideas I put in the following hack as an else after
the test in the aforementioned if.
} else {
if (isset($_SERVER['QUERY_STRING']) && strpos
($_SERVER['QUERY_STRING'], "__ec_i=ec.") === 0 ){
$c = new easy_captcha();
$expired = !$c->is_valid();
if ($expired) {
$type = "image/png";
$bin = easy_captcha_utility::expired_png();
} else {
$type = "image/jpeg";
$bin = $c->image->jpeg();
}
header("Pragma: no-cache");
header("Cache-Control: no-cache, no-store, must-
revalidate, private");
header("Expires: " . gmdate("r", time()));
header("Content-Length: " . strlen($bin));
header("Content-Type: $type");
print $bin;
}
}
and not surprisingly the image shows up in my form. So I
don't understand how on the requests for the image from my
form anything is supposed to happen since prior to this
change as far as I can tell nothing but the API() code put out
a header and the image. Second I don't see how any code
would ever be activated by the REQUEST that asks for the
image since the only "main line" code is that code that tests
for the direct invoke. I'm clearly missing something here
that must be obvious to the author. Any help would be
appreciated. TIA.
BTW I see the following error when I use "whirly" mode.
PHP Notice: Undefined variable: y in .../captcha.php on line
800
which is this line:
if (($x > $this->height) && ($y > $this->height)) {
and $y is undefined at this point.