Welcome Guest, Not a member yet? Register   Sign In
freak auth light captcha security problem
#1

[eluser]alectrash[/eluser]
I am creating a page with a form in that I want to use freakauth light in for validation.

In view i have:

Code:
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
&lt;html &gt;
&lt;head&gt;
&lt;/head&gt;
&lt;body&gt;
<h1>Content</h1>
  <h3><a name="leavecomment">Leave a comment</a></h3>
    &lt;?=form_open('/test/')?&gt;
<label for="commentname">Name: </label><br />&lt;?=form_input(array('name'=>'commentname',
                           'id'=>'commentname',
                           'maxlength'=>'120',
                           'size'=>'35',
                         'value'=>$this->validation->commentname ))?&gt;<br />
<span>&lt;?=(isset($this->validation) ? $this->validation->{'commentname'.'_error'} : '')?&gt;</span><br />
    
<label for='comment'>Comment: </label><br />&lt;?=form_textarea(array('name'=>'comment',
                         'id'=>'comment',
                         'rows'=>'10',
                         'cols'=>'50',
                         'value'=>$this->validation->comment ))?&gt;<br />
                    
                     <span>&lt;?=(isset($this->validation) ? $this->validation->{'comment'.'_error'} : '')?&gt;</span><br />
&lt;!--CAPTCHA (security image)--&gt;
    &lt;?php
    if ($this->config->item('FAL_use_captcha_comment'))
    {?&gt;
    &lt;?=$this->load->view($this->config->item('FAL_captcha_img_tag_view'), null, true)?&gt;
<label for="security"><br />&lt;?=$this->lang->line('FAL_captcha_label')?&gt;:</label><br />
&lt;?=form_input(array('name'=>'security',
                           'id'=>'security',
                           'maxlength'=>'45',
                           'size'=>'45',
                           'value'=>''))?&gt;
    &lt;?=(isset($this->validation) ? $this->validation->{'security'.'_error'} : '')?&gt;
    
    &lt;?php }?&gt;
    &lt;!-- END CAPTCHA (security image)--&gt;
&lt;?=form_submit('mysubmit', 'Add Comment');?&gt;
&lt;/body&gt;
&lt;/html&gt;

In controller I have:

Code:
&lt;?php

class Test extends Controller
{
  function Test()
  {
    parent::controller();
    //load fal library
    $this->load->library('FAL_front', 'fal_front');
    $this->load->library('FAL_validation');
    $this->load->library('Freakauth_light');
    $this->load->config('freakauth_light');

  }
  function index()
  {
      
        //load validation library
        $this->load->library('validation');
        $this->validation->set_error_delimiters("<div class='error'>", "</div>");
      
        //set validation rules
          $rules['comment'] = "required|min_length[4]|max_length[400]";
        $rules['security'] = 'required|matches[captcha]';
        $rules['commentname'] = 'required|min_length[2]|max_length[50]';

        //just use login action for sake of it
        $action = '_comment';
        $this->freakauth_light->captcha_init($action);
    
        $data['captcha'] = $this->config->item('FAL_captcha_image');
      
        $this->validation->set_rules($rules);
    
        //set fields to validate
        $fields['comment'] = "comment";
        $fields['security'] = "security";
        $fields['commentname'] = "commentname";
        
          $this->validation->set_fields($fields);
    
        if($this->validation->run() == FALSE)
        {
            $this->load->view('test_view', $data);  
        }
        else
        {
           $this->load->view('test_view', $data);
        }  
  }
  
}
?&gt;

Also in freakauthlight config i have ammended like so:

Code:
/*
|------------------------------------------------------------------------------
| Whether to use CAPTCHA (security code) functionality for those processes
|------------------------------------------------------------------------------
*/
$config['FAL_use_captcha_login'] = FALSE;
$config['FAL_use_captcha_register'] = TRUE;
$config['FAL_use_captcha_forgot_password'] = TRUE;
$config['FAL_use_captcha_comment'] = TRUE;

I just dont understand whats going on. When I look in the CI_SESSIONS table, the captcha value is the same as what is being generated on screen but then validation for the captcha always fails.

Has anybody experienced this before or have any ideas, ben racking my brain for months now.
#2

[eluser]alectrash[/eluser]
I managed a way around the problem. I get captcha value from session data and store it in an extra field in sessions table. I then check posted captcha against value in db.

Code:
$this->db_session->userdata('FreakAuth_captcha')

wasted 3 hours doing this though. sigh...




Theme © iAndrew 2016 - Forum software by © MyBB