PHP: Passing a class instance to another page?_问答_开发者

PHP: Passing a class instance to another page?

开发者 https://www.devze.com 2023-02-23 08:19 出处：网络

I\'m trying to implement a captcha system, and I found a nice and very simple class trough google that does what I want.

I'm trying to implement a captcha system, and I found a nice and very simple class trough google that does what I want.

it's something like:

$captcha = new Captcha();
$prefix = mt_rand();
$image = $captcha->generate($prefix);

then I开发者_如何学Python add the image in the form:

<img src="<?php echo $image; ?>" />
<input name="captcha" type="text" value="Type the security code from above" />

it works fine so far, but I don't know how to check if the submitted code matches the captcha. In the documentation, it says I have to do it with:

$correct = $captcha_instance->check($prefix, $_POST['captcha']);

but the problem is that after the form is submitted $captcha and $prefix are gone...

How do I pass these variables after the form is submitted to the next page?

@mario: you were right :D it's only the $prefix I needed to pass as a hidden input field :)

That's a very bad idea - in your form tag, if say you have hidden field captcha_answer and you're passing the value of that to $captchaInstance->check(), then you defeat the purpose of a captcha. Captcha's are to sort out robots from humans, but its so simple to read a value by downloading the source in the captcha solving bot and just getting the value="{answer}" out of the source.

Instead, you should use this:

<?php
session_start();
$_SESSION['answer'] = $prefix;
?>

Then in your checker you do this:

<?php
session_start();
$prefix = $_SESSION['answer'];
$passed = $captcha->check($prefix);
?>

In fact, I think this class would be better as only having static methods, but that's my opinion. Anyway, this way means that all the data is only stored server-side so they can't just view source for captcha answer.

You might want to set it in the session and then when it's posted, you need to check with the value in the session

Hope this helps

You want to marshall that instance and save it in a session, since HTTP is stateless. You can then demarshall it on the second page.

However:

Most PHP captcha system I've seen do not need this functionality, rather the check function should work independently and usually compares the data from a stored session and a POST variable.

What is the handler mapping needed in IIS 7.x to produce CAPTCHA images? The only one that works seems to be the wildcard, which is ridiculous from a security point of view. In tightening the security of ColdFusion according to the lock-down guide at http://www.adobe.com/products/coldfusion/whitepapers/pdf/91025512_cf9_ lockdownguide_wp_ue.pdf, they recommend to remove this wildcard mapping, but that seems to break CAPTCHA.