I've simple captcha that works perfect when register_global is disabled and this is the correct according to PHP Manual Using Register Globals
But sometimes i moves to many hosting and they by default enabled register global so my captcha stop working and always gives wrong captcha even if it was entered correct.
My question
why it does not works if register_global is enabled as well as if disabled ?
The code
captcha.php
<?PHP
session_start();
$digits_num=5;
$x_pos=25;
$y_pos=6;
$font_size=5;
function random_num($n){
$start_num = "1".str_repeat("0", $n-1);;
$end_num = str_repeat("9", $n);
return rand($start_num, $end_num);
}
$text = random_num($digits_num);
$_SESSION["captcha_num"] = md5($text);
$captcha = imagecreatefrompng("./images/captcha.png");
$font_color['black']=imagecolorallocate($captcha, 0, 0, 0);
$font_color['white']=imagecolorallocate($captcha, 80, 73, 20);
imagestring($captcha, $font_size, $x_pos, $y_pos, $text, $font_color['white']);
header("Content-type: image/png");
imagepng($captcha);
?>
The form
<form name="frm" method="post" action="add.php">
<img src="captcha.php">
<input type="text" name="captcha_num" id="captcha_num" >
<input type="submit" name="submit" id="submit" value="submit">
</form>
add.php
<?PHP
session_start();
if(md5($_POST['captcha_num']) != $_SESSION['captcha_num']){
echo "Wrong captcha";
}else{
echo "Good Pass it";
}
?>
From the manual page you refered to:
In other words: Switch it off.
How can I switch it off?
Option 1: With
ini_setPlace this code on top of you code (or in the bootstrap file if you have that)
Option 2: With htaccess
Make a
.htaccessfile in the root of your website and add this code to it:Don't ask yourself why the script is wrong if you use a bad technique, ask yourself how to switch off/avoid using the bad technique.