To update your script, just find every occurence of a variable that comes from a posted form and reference it using the correct superglobal ($_POST, $_GET, $_COOKIE, or $_SESSION).

// Instead of $new_string:
$_POST['new_string'];

Also, as your script is coded right now it is vulnerable to a sql injection attack [php.net]. Secure your script using mysql_real_escape_string [php.net]!

secondly you need to approach this logically, start with what you know

register_globals was turned off and this script started giving an error

the error is
"image verification failed"

where does this error come from, easy enough to find

if ($new_string!= $random2) {

where do these vars come from? is it possible one of them was effected by the globals switch?

$random2

comes from here
$random2 = trim($_POST['random']);
which is posted from our form, it uses the proper POST syntax so it shouldn't have been effected

that leaves $new_string

where does it come from?

looks like this down near the bottom

$new_string;
session_register('new_string');

ahhh, SESSION, which is effected by globals, so maybe we can make a quick change and that will work

try using the full session syntax

if ($_SESSION['new_string']!= $random2) {

might work, if not then dump the session to the browser like so

echo '<pre>';
print_r($_SESSION);
echo '</pre>';

then figure out what the session var you are looking for is called

then go from there

always identify the line/area of code that is causing the problem and then figure out where all the parts of that code are coming from and carry on

Then i tried :
echo '<pre>';
print_r($_SESSION);
echo '</pre>';

It said : Array
(
[new_string] => 320d2
)
But the number that was generated in the captcha image was not 320d2. IT was 180f4. And when in the text box i entered 320d2 i passed the verification but when i enter the captcha number it says "Image Verification Failed". What shud i do next? I also tried replacing $new_string with $_SESSION['new_string']. this din work either.

I was going to test the script (the full one you originally posted) but it actually doesn't work at all for me

where did you put your echo statement for the session? I am guessing it is echo'ing the newly generated one

for testing do this

if ($new_string!= $random2) {
$notice = "<div id=\"failure\">Image Verification Failed.</div>";
echo '<p>new_string value: ',$new_string;
echo '<p><pre>session values: ';
print_r($_SESSION);
echo '</pre>';
die();
} else {

this will stop execution on error and dump some vars, you can then go back to regen and try again

I am sorry to paste a large chunk of code once again. But i need to do it to explain it to u.
What i did was defined $new_string at the beginning of the page. So the beginning was starting was this like this :

<? session_start();
include ('mysql.php');
session_register('new_string');
$im = ImageCreate(200, 25);
$white = ImageColorAllocate($im, 255, 126, 40);
$black = ImageColorAllocate($im, 212, 212, 212);
srand((double)microtime()*1000000);
$string = md5(rand(0,9999));
$new_string = substr($string, 17, 5);
echo $new_string;
and then the rest of the code like $user= $_POST['user'] and so on.

And i changed the check part to :

if ($new_string!= $random2) {
$notice = "<div id=\"failure\">Image Verification Failed.</div>";
echo " New string : $new_string";
echo " Input : $random2";
}

Before Submitting :

The output was : e3c5b (which was also the captcha code)

Then after entering e3c5b and submitting, the output changed to :

For the first echo of $new_string it was, ie, for this : $new_string = substr($string, 17, 5);
echo $new_string; The output was a newly generated random number : e0fa1

and for this part :

echo " New string : $new_string";
echo " Input : $random2";

The output was :
New string : e0fa1 Input : e3c5b

I think that the problem lies with the var $new_string. Could you please solve it for me?

you broke it, the value is regenerated so you've changed what you are trying to compare

you have to keep that code at the bottom, I would think, as it is you are corrupting your own data

move it back to the bottom and try again

the code posted above is acceptable it's just when you keep dumping the whole thing intot he post that it is difficult for people to debug

New String:
Input: whateva i input

echo " New string : $new_string";
echo " Input : $random2";

you can't echo $new_string as it is from the SESSION try

echo " New string : ", $_SESSION['new_string'];
echo " Input : $random2";

I have also been wondering about the session_destroy(); at the bottom of the original script, doesn't really make sense that it is there, though I have not run and debugged this myself so it may have some use

well $new string is set when you first load the page

that string has to be passed to the second page somehow, otherwise it would be impossible to compare what you entered into the box, how would the file you posted to have an idea what it generated previously?

well, by passing the original string used in the image via the session

you then compare the string typed into the textbox from the POST array to the value written into the SESSION

unless it is being passed in some other magical way that I am unaware of

I'm not totally sure how this script worked when globals was on, though it could have always worked and not properly failed

again, this type of confusion doesn't come up when form don't post to themselves

But it works only for the first time when the session is newly set. I mean that the session does not destroy. Where shud i place session_destroy () ;?

I tried to place it at the end, it dint work. I think I have to place it somewhere between the validation checks.

then a little farther down

change
$new_string = substr($string, 17, 5);
to
$_SESSION['new_string'] = substr($string, 17, 5);

and change
ImageString($im, 10, 75, 5, $new_string, $white);
to
ImageString($im, 10, 75, 5, $_SESSION['new_string'], $white);

this should make it all work, to be honest I still don't think it should be working as is

then just don't worry about the destroy at all