Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Archived Discussions Archived Development & Programming freak auth light captcha security problem
freak auth light captcha security problem
  • El Forum
    Guest
  •  
#1
10-09-2008, 06:55 AM

[eluser]alectrash[/eluser]
I am creating a page with a form in that I want to use freakauth light in for validation.

In view i have:

Code:
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
&lt;html &gt;
&lt;head&gt;
&lt;/head&gt;
&lt;body&gt;
<h1>Content</h1>
  <h3><a name="leavecomment">Leave a comment</a></h3>
    &lt;?=form_open('/test/')?&gt;
<label for="commentname">Name: </label><br />&lt;?=form_input(array('name'=>'commentname',
                           'id'=>'commentname',
                           'maxlength'=>'120',
                           'size'=>'35',
                         'value'=>$this->validation->commentname ))?&gt;<br />
<span>&lt;?=(isset($this->validation) ? $this->validation->{'commentname'.'_error'} : '')?&gt;</span><br />
    
<label for='comment'>Comment: </label><br />&lt;?=form_textarea(array('name'=>'comment',
                         'id'=>'comment',
                         'rows'=>'10',
                         'cols'=>'50',
                         'value'=>$this->validation->comment ))?&gt;<br />
                    
                     <span>&lt;?=(isset($this->validation) ? $this->validation->{'comment'.'_error'} : '')?&gt;</span><br />
&lt;!--CAPTCHA (security image)--&gt;
    &lt;?php
    if ($this->config->item('FAL_use_captcha_comment'))
    {?&gt;
    &lt;?=$this->load->view($this->config->item('FAL_captcha_img_tag_view'), null, true)?&gt;
<label for="security"><br />&lt;?=$this->lang->line('FAL_captcha_label')?&gt;:</label><br />
&lt;?=form_input(array('name'=>'security',
                           'id'=>'security',
                           'maxlength'=>'45',
                           'size'=>'45',
                           'value'=>''))?&gt;
    &lt;?=(isset($this->validation) ? $this->validation->{'security'.'_error'} : '')?&gt;
    
    &lt;?php }?&gt;
    &lt;!-- END CAPTCHA (security image)--&gt;
&lt;?=form_submit('mysubmit', 'Add Comment');?&gt;
&lt;/body&gt;
&lt;/html&gt;

In controller I have:

Code:
&lt;?php

class Test extends Controller
{
  function Test()
  {
    parent::controller();
    //load fal library
    $this->load->library('FAL_front', 'fal_front');
    $this->load->library('FAL_validation');
    $this->load->library('Freakauth_light');
    $this->load->config('freakauth_light');

  }
  function index()
  {
      
        //load validation library
        $this->load->library('validation');
        $this->validation->set_error_delimiters("<div class='error'>", "</div>");
      
        //set validation rules
          $rules['comment'] = "required|min_length[4]|max_length[400]";
        $rules['security'] = 'required|matches[captcha]';
        $rules['commentname'] = 'required|min_length[2]|max_length[50]';

        //just use login action for sake of it
        $action = '_comment';
        $this->freakauth_light->captcha_init($action);
    
        $data['captcha'] = $this->config->item('FAL_captcha_image');
      
        $this->validation->set_rules($rules);
    
        //set fields to validate
        $fields['comment'] = "comment";
        $fields['security'] = "security";
        $fields['commentname'] = "commentname";
        
          $this->validation->set_fields($fields);
    
        if($this->validation->run() == FALSE)
        {
            $this->load->view('test_view', $data);  
        }
        else
        {
           $this->load->view('test_view', $data);
        }  
  }
  
}
?&gt;

Also in freakauthlight config i have ammended like so:

Code:
/*
|------------------------------------------------------------------------------
| Whether to use CAPTCHA (security code) functionality for those processes
|------------------------------------------------------------------------------
*/
$config['FAL_use_captcha_login'] = FALSE;
$config['FAL_use_captcha_register'] = TRUE;
$config['FAL_use_captcha_forgot_password'] = TRUE;
$config['FAL_use_captcha_comment'] = TRUE;

I just dont understand whats going on. When I look in the CI_SESSIONS table, the captcha value is the same as what is being generated on screen but then validation for the captcha always fails.

Has anybody experienced this before or have any ideas, ben racking my brain for months now.
  • El Forum
    Guest
  •  
#2
10-09-2008, 09:38 AM

[eluser]alectrash[/eluser]
I managed a way around the problem. I get captcha value from session data and store it in an extra field in sessions table. I then check posted captcha against value in db.

Code:
$this->db_session->userdata('FreakAuth_captcha')

wasted 3 hours doing this though. sigh...




Theme © iAndrew 2016 - Forum software by © MyBB