Re: [vox-tech] when is an html image sent?
On Friday 16 December 2005 11:24 pm, Peter Jay Salzman wrote: ... No matter what I try, though, I can't access sessions from the captcha2.php file. I guess it must interfere with the image being sent to the client. Oooh. It must be that there's no mechanism for the browser to send the cookie (which contains the session ID) when it requests an image. Sorry I caused you so much trouble. I think what may work is to send the session ID in the URL. That is, construct the image URL like this: $url = 'captcha2.php?' . session_name() . '=' . session_id(); and then your form requests the image with: img src='?php echo $url ?' or whatever the equivalent is with Smarty. I have not tried this, it's just my best guess from reading the docs. -- Rod ___ vox-tech mailing list vox-tech@lists.lugod.org http://lists.lugod.org/mailman/listinfo/vox-tech
Re: [vox-tech] when is an html image sent?
On Sat 17 Dec 05, 12:15 AM, Rod Roark [EMAIL PROTECTED] said: On Friday 16 December 2005 11:24 pm, Peter Jay Salzman wrote: ... No matter what I try, though, I can't access sessions from the captcha2.php file. I guess it must interfere with the image being sent to the client. Oooh. It must be that there's no mechanism for the browser to send the cookie (which contains the session ID) when it requests an image. Sorry I caused you so much trouble. I think what may work is to send the session ID in the URL. That is, construct the image URL like this: $url = 'captcha2.php?' . session_name() . '=' . session_id(); and then your form requests the image with: img src='?php echo $url ?' or whatever the equivalent is with Smarty. I have not tried this, it's just my best guess from reading the docs. Thanks Rod! Unfortunately, it's still not working. Here's what I tried: Smarty template/web page view_by_permalink.php: $smarty-assign('sessionId', session_id()); $smarty-assign('sessionName', session_name()); img src=captcha2.php?{$sessionName}={$sessionId} alt=validation string / captcha2.php: session_id( $_REQUEST['PHPSESSID'] ); start_session(); $_SESSION['captcha'] = $cmntPass; Using error_log(), I determined that in captcha2.php, $_REQUEST['PHPSESSID'] is the correct session ID. But something isn't right because if I stick error_log('hello world'); in captcha2.php before start_session(), the message appears in my error log. But if I stick it in after start_session(), it doesn't appear. So PHP seems to be very unhappy with the start_session() line. Needless to say, 'captcha' is an undefined $_SESSION index in the receiving form. I'm really on ground here. I'm reading, but there's enough documentation to drown in. Have any idea on how to proceed? Pete ___ vox-tech mailing list vox-tech@lists.lugod.org http://lists.lugod.org/mailman/listinfo/vox-tech
Re: [vox-tech] when is an html image sent?
On Sat, Dec 17, 2005 at 10:16:07AM -0500, Peter Jay Salzman wrote: Have any idea on how to proceed? Have your image.php script dump the environment to a file you can review. You should see a number of interesting things in there, like the source ip address and port, browser version, etc, etc. If you md5sum some of that stuff together, you'll get a key, which you could then store related to that session, and use from the image to find that session. Probably. Depending on what you use that may not be foolproof -- so think about it. Aol has proxies that might hide a bunch of people, and so forth. -- Ted Deppner http://www.deppner.us/ ___ vox-tech mailing list vox-tech@lists.lugod.org http://lists.lugod.org/mailman/listinfo/vox-tech
Re: [vox-tech] when is an html image sent?
On Saturday 17 December 2005 07:16 am, Peter Jay Salzman wrote: ... captcha2.php: session_id( $_REQUEST['PHPSESSID'] ); Try it without explicitly setting the session ID here. PHP is supposed to parse the session ID from the URL transparently. If you set it with session_id(...) then a new cookie will be sent, and that may not be valid when returning an image. Also make sure session.use_only_cookies is not set in your php.ini. I'll cross my fingers for you. ;-) -- Rod ___ vox-tech mailing list vox-tech@lists.lugod.org http://lists.lugod.org/mailman/listinfo/vox-tech
Re: [vox-tech] when is an html image sent?
OK I couldn't stand it and did a test. test1.php: ?php session_start(); if (!isset($_SESSION['count'])) $_SESSION['count'] = 0; else $_SESSION['count']++; echo Count is . $_SESSION['count'] . br; echo img src='test2.php'; ? test2.php: ?php header(Content-type: image/png); session_start(); if (!isset($_SESSION['count'])) $_SESSION['count'] = 0; else $_SESSION['count']++; $im = @imagecreate(100, 50); $background_color = imagecolorallocate($im, 255, 255, 255); $text_color = imagecolorallocate($im, 233, 14, 91); imagestring($im, 1, 5, 5, Testing, $text_color); imagepng($im); imagedestroy($im); ? Everything seems to work, even with just cookies. The count increments by 2 on each refresh, and the image is displayed. -- Rod ___ vox-tech mailing list vox-tech@lists.lugod.org http://lists.lugod.org/mailman/listinfo/vox-tech
Re: [vox-tech] when is an html image sent?
On Sat 17 Dec 05, 9:59 AM, Rod Roark [EMAIL PROTECTED] said: OK I couldn't stand it and did a test. Rod, can you take a look here: http://www.dirac.org/blog/view_by_permalink.php?the_id=103 at the graphic image at the bottom of the page? Pete ___ vox-tech mailing list vox-tech@lists.lugod.org http://lists.lugod.org/mailman/listinfo/vox-tech
Re: [vox-tech] when is an html image sent?
On Saturday 17 December 2005 01:55 pm, Peter Jay Salzman wrote: On Sat 17 Dec 05, 9:59 AM, Rod Roark [EMAIL PROTECTED] said: OK I couldn't stand it and did a test. Rod, can you take a look here: http://www.dirac.org/blog/view_by_permalink.php?the_id=103 at the graphic image at the bottom of the page? LOL. You're welcome. ;-) So what was the problem? -- Rod ___ vox-tech mailing list vox-tech@lists.lugod.org http://lists.lugod.org/mailman/listinfo/vox-tech
Re: [vox-tech] when is an html image sent?
On Sat 17 Dec 05, 2:09 PM, Rod Roark [EMAIL PROTECTED] said: On Saturday 17 December 2005 01:55 pm, Peter Jay Salzman wrote: On Sat 17 Dec 05, 9:59 AM, Rod Roark [EMAIL PROTECTED] said: OK I couldn't stand it and did a test. Rod, can you take a look here: http://www.dirac.org/blog/view_by_permalink.php?the_id=103 at the graphic image at the bottom of the page? LOL. You're welcome. ;-) So what was the problem? -- Rod It was a mistake in my PHP. I didn't get the error message because the message got eaten by the graphic image. If I looked at my browser's cache for the validation image with a binary editor, I probably would've seen the error message. :) At least, that's what I think happened. Pete ___ vox-tech mailing list vox-tech@lists.lugod.org http://lists.lugod.org/mailman/listinfo/vox-tech
Re: [vox-tech] when is an html image sent?
nope. just have it expire after 20 seconds or something. you're keeping a log of the captacha phrases, too, so just delete them together. --Philip Neustrom On 12/16/05, Peter Jay Salzman [EMAIL PROTECTED] wrote: hi all, i'm writing a blogging system called peetblog. you can see a demo at http://www.dirac.org/blog. i haven't really linked to it much because it's still under active development. one of the features is a captcha system (an image file of letters/numbers that someone needs to type in to comment on a post). the code looks something like this: /// Captcha $retval = createImage(); $filename = $retval['filename']; $passkey = $retval['passkey']; $smarty-assign('filename', $filename); $smarty-assign('passkey', $passkey); $smarty-assign('id', $the_id); $smarty-assign('login', $_SESSION['user']-login); $smarty-assign('email', $_SESSION['user']-email); $smarty-assign('www', $_SESSION['user']-www); $smarty-display('permalink_C.tpl'); // Footer // $smarty-assign('me', $selfUrl); $smarty-assign('rss', $pb_url/$pb_rss); $smarty-display('footer.tpl'); unlink($filename); exit(0); footer.tpl contains the ending /body/html, so the page content ends right there. The img tag is contained in the permalink_C.tpl template. The problem is that when: unlink($filename); is used to delete the temporary image file, the image doesn't appear on the webpage. however, if i don't use unlink, then the image files tend to collect until i hand delete them. i suppose at some point, the image needs to be sent from server to client. when that happens, it would be ok to delete the image file. i was *hoping* that this would happen immediately after /html is sent, but it appears that i'm wrong. is there some kind of technique I can use to make sure the image file gets deleted after it's shipped off to the client? thanks, pete ___ vox-tech mailing list vox-tech@lists.lugod.org http://lists.lugod.org/mailman/listinfo/vox-tech ___ vox-tech mailing list vox-tech@lists.lugod.org http://lists.lugod.org/mailman/listinfo/vox-tech
Re: [vox-tech] when is an html image sent?
yuck. apparently pcntl_fork() isn't accessible when PHP runs as an apache module (and i guess it's not available at all for PHP under windows). i'll just put this on my TODO list and worry about it later. :( Thanks, Phil! Pete On Fri 16 Dec 05, 7:34 AM, Philip Neustrom [EMAIL PROTECTED] said: nope. just have it expire after 20 seconds or something. you're keeping a log of the captacha phrases, too, so just delete them together. --Philip Neustrom On 12/16/05, Peter Jay Salzman [EMAIL PROTECTED] wrote: (snip) The problem is that when: unlink($filename); is used to delete the temporary image file, the image doesn't appear on the webpage. however, if i don't use unlink, then the image files tend to collect until i hand delete them. i suppose at some point, the image needs to be sent from server to client. when that happens, it would be ok to delete the image file. i was *hoping* that this would happen immediately after /html is sent, but it appears that i'm wrong. is there some kind of technique I can use to make sure the image file gets deleted after it's shipped off to the client? ___ vox-tech mailing list vox-tech@lists.lugod.org http://lists.lugod.org/mailman/listinfo/vox-tech
Re: [vox-tech] when is an html image sent?
On Friday 16 December 2005 07:28 am, Peter Jay Salzman wrote: ... is there some kind of technique I can use to make sure the image file gets deleted after it's shipped off to the client? The clean way to handle this is to never create an image file. Instead, create the image dynamically from a script that is invoked with something like: img src='genimage.php' See the Image Functions section of the PHP documentation. -- Rod ___ vox-tech mailing list vox-tech@lists.lugod.org http://lists.lugod.org/mailman/listinfo/vox-tech
Re: [vox-tech] when is an html image sent?
On Fri 16 Dec 05, 8:53 AM, Ted Deppner [EMAIL PROTECTED] said: On Fri, Dec 16, 2005 at 10:28:40AM -0500, Peter Jay Salzman wrote: is there some kind of technique I can use to make sure the image file gets deleted after it's shipped off to the client? What Rod said is typically the best (generate it inline), except you'll have somewhat higher CPU needs as each time a customer goes back or reloads the page you'll generate another image. Also, you have to think about how you'll know what the key is you stuck in the image... the page taking the FORM must correlate with the image you generated. You ain't kidding! I've been at this for a few hours now. It seemed obvious to use sessions to store the verification string: ?php // file: captcha2.png // Create the string. I've removed 0, O. (snip) // Create image and define colors (snip) imagestring ($image, 5, 1, 1, $cmntPass, $colorBlue); ImagePNG( $image ); ImageDestroy( $image ); start_session(); $_SESSION['captcha'] = $cmntPass; ? and display the image as: img src=captcha2.php Where $cmntPass is the verification string. No matter what I try, though, I can't access sessions from the captcha2.php file. I guess it must interfere with the image being sent to the client. I'm now equal parts curious and frustrated. When using this method to show the verification image, how DOES one pass the verification string to the page that takes the form? Thanks! Pete ___ vox-tech mailing list vox-tech@lists.lugod.org http://lists.lugod.org/mailman/listinfo/vox-tech