<?
session_start();
session_register('new_string');
$_SESSION['new_string'] = "";

$im = ImageCreate(200, 25);

$white = ImageColorAllocate($im, 255, 126, 40);
$black = ImageColorAllocate($im, 212, 212, 212);

srand((double)microtime()*1000000);
$string = md5(rand(0,9999));
$_SESSION['new_string'] = substr($string, 17, 5);

if ($_SESSION['new_string']!= $random2) {
$notice = "<div id=\"failure\">Image Verification Failed.</div>";
echo "New String :". $_SESSION['new_string'];
echo "Input : $random2";
}

ImageFill($im, 0, 0, $black);
/*writes string */
ImageString($im, 10, 75, 5, $_SESSION['new_string'], $white);

header('Content-type: image/png');
ImagePNG($im, "verify.png");
ImageDestroy($im);

?>

Now, suppose, while i m entering the form, the captcha no. is 12345, so i enter the same in the input box. And after submitting, suppose, the new captcha no. generated is 54321, then my script compares the value i input with the new value, ie, 54321 and not 12345. It seems to be a simple solution. But i am nt able to get it!

the png code doesn't work and the session code doesn't work

I played with it a bit but it still doesn't work, I even made a bunch of corrections to the original script you had posted to try and get it working.

the image always has errors and the session code never changes

I am trying to test it for you but can't.

Caution
If you want your script to work regardless of register_globals, you need to instead use the $_SESSION array as $_SESSION entries are automatically registered. If your script uses session_register(), it will not work in environments where the PHP directive register_globals is disabled.

ImageString($im, 10, 75, 5, $_SESSION['new_string'], $white);

In functions, I tend to use $_SESSION[new_string] with the single quote removed.

I am interested to know what is causing the error.

so I forgot to make some changes and now it seems I've fixed it, this is taken from your original post and still contains my debug code with some of your stuff commented out.

I also split it into 2 files

the main form
<?
session_start();
$new_string = '';
$im = imagecreatetruecolor(200, 25);
$white = imagecolorallocate($im, 255, 126, 40);
$black = imagecolorallocate($im, 212, 212, 212);
srand((double)microtime()*1000000);
$string = md5(rand(0,9999));
$_SESSION['new_string'] = substr($string, 17, 5);
imagefill($im, 0, 0, $black);
imagestring($im, 10, 75, 5, $_SESSION['new_string'], $white);
imagepng($im, "verify.png");
imagedestroy($im);
?>
<html>
<head><title>Register</title></head>
<link type="text/css" rel="stylesheet" href="css.css">
<body>
<form name="form1" method="post" action="iffproc.php">
<fieldset>
<legend>Registration Form</legend>
<center> <? echo $notice;?></center><br>
<table width="100%" border="0" align="center">
<tr>
<td width="38%"><div align="right">Username : </div></td>
<td width="52%"><input name="user" type="text" id="user" value="<?= $user?>" ></td>
</tr>
<tr>
<td><div align="right">Password : </div></td>
<td><input name="pass" type="password" id="pass"></td>
</tr>
<tr>
<td><div align="right">
E-mail : <br>
</div></td>
<td><input name="email" type="text" id="pass" value="<?= $email?>"></td>
</tr>
<tr>
<td>&nbsp;</td>
<td><font size="-2">This address will be used later in case you forget your password or username</font></td>
</tr>
<tr>
<td>
<div align="right">Enter the code as you see in the image below: <br> <font size="-2">Case Sensitive</font></div></td>
<td><input type="text" name="random"></td>
</tr>
<tr>
<td>&nbsp;</td>
<td><img src="/verify.png" width="200" height="25" border="1"></td>
</tr></td>
</table>
<center><input name="submit" type="submit" id="submit" value="Submit"></center>

</fildset>
</form>

</body>
</html>

the processing script is called iffproc.php

<?
session_start();
//include ('mysql.php');

echo '<p>SESSION:<pre>';
print_r($_SESSION);
echo '</pre>';

echo '<p>POST:<pre>';
print_r($_POST);
echo '</pre>';

//die();

$new_string = $_SESSION['new_string'];
$user = $_POST['user'];
$actualpass = $_POST['pass'];
$pass = md5($_POST['pass']);
$email = $_POST['email'];
$bt = $_POST['submit'];
$time = base64_encode(time());
$random2 = trim($_POST['random']);
if ($bt) {
if ($new_string!= $random2) {
$notice = "<div id=\"failure\">Image Verification Failed.</div>";
} else {
$notice = '<p>you did it, they match.';
//$sql = "insert into users (username, password, initial_amount, email, timestamp) values ( '$user', '$pass', '200000', '$email', '$time');";
//if (mysql_query($sql)) {
//$notice = "<div id=\"success\">Click<a href=\"http://vsenepal/activate.php?user=$user&hash=$pass&id=$time\"> here </a> to activate. </div>";
//} else {
//echo mysql_error();
//}
}
}

echo '<p>notice: ',$notice;

?>

this works for all tests I tried

I removed camel case from function names

I changed imagecreate to imagecreatetruecolor

I trimmed some junk

I changed all session handling to the proper syntax

the image was messed because I forgot to take out the session_register and that was causing the png to contain errors and not be displayed (thanks henry0 for making me look again)

cleaning it up was the key and once I looked back at the original thread and followed my own advice it worked

tsk tsk, though it can be done that way, I really try to keep those quotes there and work around them when needed

I didn't realize the pun with 'bad form' until now

Firstly, jatar_k, the code which I originally posted, was working on the localhost, but not on the real time server.

Secondly, there still seems to be the same problem, it compares my input with the new captcha generated. :(

What should I do now?

My server has globals off, and I doubt I have anything else fancy that would cause it to work in my environment and not yours.

did you try the exact code that I posted? It compares properly and works over and over again.

And I also tried to make it a self posting form. The example is here What happens in this is that the value of $_SESSION['new_string'] does get changed when echoed..but in the image in does not change.

[edited by: jatar_k at 3:41 pm (utc) on Aug. 6, 2007]
[edit reason] no urls thanks [/edit]

as I said, the one I posted, that you put up works, it just looks like the browser is caching the image so you don't see the new image unless you actually refresh the page

the self posting example won't work because of variable corruption

<?
session_start();
header('Content-type: image/png');
$new_string = '';
$im = imagecreatetruecolor(200, 25);
$white = imagecolorallocate($im, 255, 126, 40);
$black = imagecolorallocate($im, 212, 212, 212);
srand((double)microtime()*1000000);
$string = md5(rand(0,9999));
$_SESSION['new_string'] = substr($string, 17, 5);
imagefill($im, 0, 0, $black);
imagestring($im, 10, 75, 5, $_SESSION['new_string'], $white);
imagepng($im);
imagedestroy($im);

?>

And Then In the Other File, I changed <img src="verify.png"> to <img src="image.php">

very glad to have helped

In my site, Whenever a user forgets his password, he will have to enter the username, and then a link will be sent to him that will direct him to change his pswd.

This is what YouTube has.

The link that is sent is something like this :
[youtube.com...]

What is action_forgot_password in here? Or what is that makes this link unique?