Hello everybody,

I have been working on a commenting script w/ a simple CAPTCHA from this website: http://www.zubrag.com/scripts/antispam-image-generator.php

My website, I’m just a hobbyist that enjoys the technical challenge, is http://www.bigwhitefish.com/

(Both the blog and individual photos will allow you to comment if you want to test it. I’ve left the alert code in there for now so you can see what I’m talking about in the rest of this inquiry. Please keep reading.)

It’s great as it’s a small script and it works wonderfully for me… The problem is that on the two other computers I’ve tested it on, it has not worked. The script creates a random 6 digit number then uses some imagecreate functions to create the CAPTCHA image. After that it assigns the same 6 digit code to the

[php] $_SESSION[‘AntiSpamImage’][/php]

variable. When the user submits the form it is supposed to send via

[php]$_POST[/php]

all the information to add_comment.php where is checks the

[php]$_SESSION['AntiSpamImage'][/php]

code against the user supplied code in

[php] $_POST[‘anti_spam_code’]
[/php]
(a standard text input name=anti_spam_code).

What seems to be happening is that the very first conditional session[‘AntiSpamImage’] != post[‘anti_spam_code’] is ignored and the session variable is randomized before the users input and the original value of session[‘AntiSpamImage’] can be compared. This results in the alert window that pops up and tells you both the user input and the session variable. On their computers it shows the user input as what they entered, but the session variable has already been randomized (you can tell because AFTER the fail or success of the conditional it assigns the session variable a 7 digit random number instead of the 6 that the script works off of.)

I have none of these issues. It works flawlessly for me so I have no idea where to start trying to fix it… Any insight into this would be greatly appreciated. I’m gonna keep trying on my own as well, but I gotta say that I am stumped! Bah the love and hate of web design. I will also post all of the three files that interact to make this happen if you are willing to help.

This is the conditional at the beginning of the add_comment.php script

[php]if ($_SESSION['AntiSpamImage'] != $_POST['anti_spam_code']) {
   
    // set antispam string to something random, in order to avoid reusing it once again

    echo "<script>alert('Incorrect answer. User input: " . $_POST['anti_spam_code'] .
         " Answer: " . $_SESSION['AntiSpamImage'] . "')</script>";
   
    $_SESSION['AntiSpamImage'] = rand(1,9999999);

    // here you add code to let user know incorrect code entered

    echo "<script>history.go(-1)</script>";
   
} else {
   
    // set antispam string to something random, in order to avoid reusing it once again

    $_SESSION['AntiSpamImage'] = rand(1,9999999);

    // everything is fine, proceed with processing feedback/comment/etc.   [/php]

Ok, so I’ve tried a few different things and had some odd results. For these tests the computers and software are as follows:

My computer: Intel based MacBook Pro running OS X 10.6.8 - Safari 5.1.7 - FireFox 15.0.1

My sister’s computer: Intel based MacBook Pro running OS X 10.8.1 - Safari 6.0 - FireFox 14.0.1

For my computer I can post comments like I should be able to in both Safari and Firefox (I don’t have IE to test my sites on so I’m sure they will explode if viewed with IE). When I do NOT enter the CAPTCHA code the pop up tells me the correct answer which is the same as the image that is display in the form - everything works.

On my sister’s computer in Safari if you type in the comment and the code the pop up tells you the code you typed in which is the same as the image in the form, but the correct answer that it displays is a completely different 7 digit number (this should occur AFTER the pop up window so I have no idea how its getting the new value to display). If you submit the form WITHOUT the CAPTCHA the pop up displays another random 7 digit number as the correct answer - not the 6 digit number that is displayed in the image on the form.

On my sister’s computer in FireFox when you enter the comment and the CAPTCHA code the pop up gives you the user input as exactly what you typed in and exactly whats in the image in the form and the supposed correct answer as another random 7 digit number. For example I just tried to submit a comment with this user input: 382959 which was what was displayed in the image. The pop up reflected my input but said the correct answer was: 1460555. When I run FireFox on her comp and submit a comment WITHOUT entering the CAPTCHA code the popup again tells me that my input does not match a new random 7 digit number.

So, I guess I have a few things that are confusing me.

1. Why isn’t the conditional working?
   The $_SESSION variable is being set at least at the point after the conditional fails. The session variable is how the pop up gets the “correct answer” content. This means that the session variable is holding information. I can also do this on either computer with the exact same results logged in or logged out and almost all of my pages have the session_start in them and yes the affected scripts have been checked and re-checked. I don’t understand how the conditional fails because the code that is sent to the session variable initially stored and not touched until the conditional runs - there isn’t another step…

2. Is the $_SESSION variable having issues?
   The only other thing I can think of is that the session variable isn’t holding the initial input given to it by the antispam.php script that I will post at the end of these questions. If this is the case I still do not understand why it works flawlessly on my computer and the above problems happen on my sisters computer. Is there anyway to investigate this further or ? I am stumped.

Here is the antispam.php code from the website I link in the first post:

[php]<?php
###############################################################
# Anti-spam Image Generator (CAPTCHA) 1.0
###############################################################
# For updates visit http://www.zubrag.com/scripts/
###############################################################

// Font name to use. Make sure it is available on the server.
// You could upload it to the same folder with script if it cannot find font.
// By default it uses arial.ttf font.
$font = 'Espar_Arial_Classic.ttf';

// list possible characters to include on the CAPTCHA
$charset = '0123456789';

// how many characters include in the CAPTCHA
$code_length = 6;

// antispam image height
$height = 20;

// antispam image width
$width = 80;

############################################################
#  END OF SETTINGS
############################################################

// this will start session if not started yet
@session_start();

$code = '';
for($i=0; $i < $code_length; $i++) {
  $code = $code . substr($charset, mt_rand(0, strlen($charset) - 1), 1);
}

$font_size = $height * 0.7;
$image = @imagecreate($width, $height);
$background_color = @imagecolorallocate($image, 255, 255, 255);
$noise_color = @imagecolorallocate($image, 161, 137, 99);

/* add image noise */
for($i=0; $i < ($width * $height) / 4; $i++) {
  @imageellipse($image, mt_rand(0,$width), mt_rand(0,$height), 1, 1, $noise_color);
}
/* render text */
$text_color = @imagecolorallocate($image, 161, 137, 99);
@imagettftext($image, $font_size, 0, 7,17,
              $text_color, $font , $code)
  or die('Cannot render TTF text.');

/* output image to the browser */
header('Content-Type: image/png');
@imagepng($image) or die('imagepng error!');
@imagedestroy($image);
$_SESSION['AntiSpamImage'] = $code;
exit();
?>

[/php]

And here is my form code:

[php]$comment_form = '<div class="comment" style="margin-top:20px;">
                  <form id="comment_form" action="add_comment.php" method="post">
                  <fieldset>
                  <legend>Add Comment</legend>
                  <table style="width:100%;">
                  <tr>
                  <td valign="top">
                  <textarea name="cbody" rows="10" cols="38"></textarea>
                  </td>
                  <td valign="top" style="width:90px;">
                  <strong>
                  <input type="text" name="poster_name" size="13" maxlength="50" value="name(optional)" />
                  <br />
                  <input type="text" size="13" maxlength="80" name="email" value="email(optional)" />
                  <br />
                  <img src="http://www.bigwhitefish.com/antispam.php">
                  <br />
                  <input name="anti_spam_code" type="text" size="13" value="Enter Code!" />
                  </strong>
                  <br />
                  <br />
                  <center>
                  <input type="image" name="submit" src="images/comment-add.png" width="30" alt="Add" />
                  </center>
                  </td>
                  </tr>
                  </table>
                  <input type="hidden" name="imgid" value="' . $image_id . '" />
                  <input type="hidden" name="mode" value="img_comm" />
                  <input type="hidden" name="submitted" value="true" />
                  </fieldset>
                  </form>
                  </div>
                  <div style="text-align:left; width:66%; clear:both; color:#CCC;">
                  <b>All Comments:</b>
                  <hr style="border:1px solid #CCC;" />
                  </div>
                  </center>';[/php]

This is for the image comment form, but the blog comment form is identical except with appropriate variable name changes - which have all been checked…

Any thoughts?

Hi jc0351,

I have looked at the code that you have posted and cannot immediately identify the problem. I have also visited your site and entered incorrect values in the form using two different browsers on my work computer (running Windows XP). Both Firefox and Safari displayed the correct values (entered and expected) in the alert.

I had originally thought the issue may be that the CAPTCHA image was being cached, but that doesn’t explain the change from six digits to seven.

One thing that I would do differently regarding the antispam.php code is to immediately assign the $_SESSION[‘AntiSpamImage’] variable, after the $code value is generated. There are several opportunities for the code to exit prior to the point where it is assigned at the bottom of the script. I doubt this will resolve your issue, but it might be worth trying.

You might try including something like[php]echo ‘

’;

print_r($_SESSION);

echo ‘

’;
[/php]
at the top of your page. This would help isolate whether the $_SESSION[‘AntiSpamImage’] value was coming into the page wrong, or somehow being changed.

Something that I noticed is that your pages are missing a <!DOCTYPE> declaration and have a lot of depreciated elements and styles. Different browsers and platforms will handle these situations differently. I would definitely add the <!DOCTYPE> declaration. It should go BEFORE your tag. Since you do have depreciated elements, you might try<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
It is likely there is a more appropriate choice, but this gives you a starting point.

If none of the above helps, I think I would need to see the rest of your code in order to provide much more, as I’m just not seeing the issue with what you have posted.

Hello, thank you for your reply. I went through and did as you suggested. I put up the doctype info in the header, added the pre tags around the print_r of the session variable. I took out the alert and had the information display on the page for debugging purposes. In antispam.php I moved the SESSION[AntiSpamImage] value assignment to right after the $code variable is created. I even added another variable to store the same value (one that was not later manipulated by any new random number generation):
[php]$code = ‘’;
for($i=0; $i < $code_length; $i++) {
$code = $code . substr($charset, mt_rand(0, strlen($charset) - 1), 1);
}

$_SESSION[‘AntiSpamImage’] = $code;
$_SESSION[‘TheCodeAnswer’] = $code;[/php]
These things didn’t solve my problem, but it did get me closer to understanding it I think. When I try to comment now my computer still works fine and reflects all of the propper variables:

[code]Array
(
[AntiSpamImage] => 765521
[TheCodeAnswer] => 765521
)

Your comment has been added successfully. Click here to see your post. [/code]
Now, if I enter the WRONG code this is what I get:

[code]Array
(
[AntiSpamImage] => 370433
[TheCodeAnswer] => 370433
)

Incorrect answer. User input: 123456 Answer: 370433 [/code]
Now, on my sisters computer this is what I get when I enter everything correctly:

[code]Array
(
[AntiSpamImage] => 6058899
)

Incorrect answer. User input: 041731 Answer: 6058899[/code]
My sister’s computer with the WRONG code entered:

[code]Array
(
[AntiSpamImage] => 5931520
)

Incorrect answer. User input: 123456 Answer: 5931520[/code]
So what this tells me is that for some reason on my sisters computer the antispam.php file is NOT affecting the SESSION variable for whatever reason. It does not assign the SESSION[‘TheCodeAnswer’] variable. This same problem occurs on my lady friends computer (PC running google chrome).

On my computer antispam.php DOES affect the SESSION variable and assigns the value to the SESSION[‘TheCodeAnswer’] variable.

I have no idea why…

I will post each file here for you to view. If there are rules that I am breaking by posting entire files here I’m sorry - I can email them if thats what I’m supposed to do. For now, though, I’ll post each as a reply.

This is the functions.php file. The only function that is used relating to the add_comment script is the display_image_comments function or the display_blog_comments function. I will first post the display_image_comments function as it is the most applicable then I will post the complete file.
[php]function display_image_comments($image_id) {

$comment_form = '<div class="comment" style="margin-top:20px;">
              <form id="comment_form" action="add_comment.php" method="post">
              <fieldset>
              <legend>Add Comment</legend>
              <table style="width:100%;">
              <tr>
              <td valign="top">
              <textarea name="cbody" rows="10" cols="38"></textarea>
              </td>
              <td valign="top" style="width:90px;">
              <strong>
              <input type="text" name="poster_name" size="13" maxlength="50" value="name(optional)" />
              <br />
              <input type="text" size="13" maxlength="80" name="email" value="email(optional)" />
              <br />
              <img src="http://www.bigwhitefish.com/antispam.php"> 
              <br />
              <input name="anti_spam_code" type="text" size="13" value="Enter Code!" />
              </strong>
              <br />
              <br />
              <center>
              <input type="image" name="submit" src="images/comment-add.png" width="30" alt="Add" />
              </center>
              </td>
              </tr>
              </table>
              <input type="hidden" name="imgid" value="' . $image_id . '" />
              <input type="hidden" name="mode" value="img_comm" />
              <input type="hidden" name="submitted" value="true" />
              </fieldset>
              </form>
              </div>
              <div style="text-align:left; width:66%; clear:both; color:#CCC;">
              <b>All Comments:</b>
              <hr style="border:1px solid #CCC;" />
              </div>
              </center>';
            
         // display image comments
        
         echo '<br />
               <br />
               <span style="font-size:14px; font-weight:bold;">Comments</span>
               <div style="text-align:left; width:66%; color:#CCC;">
               <b>Most Recent:</b>
               <hr style="border:1px solid #CCC;" />
               </div>
               <br />';
         
         $q = "SELECT *, DATE_FORMAT(date_entered, '%M %D, %Y @ %r') AS dr FROM img_comment WHERE img_id=$image_id ORDER BY c_id DESC";
         $r = mysql_query($q);
              
         $comm_disp_count = 0; // initiate comment counter - comment form will be rendered after 3 comments are displayed unless there are less than 3 comments
         $add_comm_drawn = false; // has comment form already been drawn - no not yet
         
         if($r) {
             
            if(mysql_num_rows($r) > 0) {
                
                echo '<center>';
                
                while($row = mysql_fetch_array($r)) {
                    
                    $email = stripslashes(trim($row['email']));
                    $name = stripslashes(trim($row['name']));
                    $cid = $row['c_id'];
                    $body = nl2br(stripslashes(trim($row['body'])));
                    $dt = trim($row['dr']);
                    $stat = trim($row['status']);
                    $is_flag = trim($row['flagged']);
                    
                    echo '<div class="comment" style="text-align:left;">
                        <img style="border:0px; width:20px;" src="images/comment.png" /> <span style="font-size:11px;">' . $body;
                    
                    if($is_flag == 'yes') {
                        echo '<br />
                              <center><i style="color:red;">This message has been flagged.</i></center>';
                    }
                    
                    echo '</span>
                        <table align="right" style="width:90%;" cellspacing="0">
                        <tr>
                        <td align="left" style="font-size:11px;">
                        <i><b>name:</b> ';
                    
                    if($row['status'] == 'yes') {
                        
                        echo '<a style="color:red;" href="mailto:[email protected]">bigwhitefish.com</a>';
                        
                    }else{
                        
                        if($email != 'email(optional)') {
                            
                            echo '<a href="mailto:' . $email . '"><i>' . $name . '</i></a>';
                            
                        }elseif($name != "name(optional)") {
                            
                            echo $name;
                            
                        }else{
                            
                            echo 'anonymous';
                                
                        }
                            
                    }
                    
                    echo '</i></td>
                        <td align="right" style="font-size:11px;">
                        <i>' . $dt . '</i> <a href="flag_comment.php?cid='.$cid.'&pid='.$image_id.'&mode=photo&todo=flag"><img style="border:0px;" src="images/mini-flag-red.png" /></a>';
                    
                    if($_SESSION['status'] == 'admin') {
                    
                        echo '<a href="delete_comment.php?mode=photo&cid=' . $cid . '&pid=' . $image_id . '&mode=photo">
                            <img style="border:0px;" src="images/mini-delete.png" /></a>';
                    
                    }
                    
                    echo '</td>
                        </tr>
                        </table>
                        </div>
                        <br />';
                    
                    echo '<br />';
                    
                    if(($comm_disp_count == 2) && ($add_comm_drawn==false)) {
                        
                        echo $comment_form;
                        $add_comm_drawn = true;
                    }
                    
                    $comm_disp_count++;
                    
                } // end while loop   
                
            } // end num rows if
            if($add_comm_drawn==false) {
                    
                echo $comment_form;
                $add_comm_drawn = true;
                    
            }
                
        } // end comment query 

}[/php]

The function for displaying the blog comments is exactly the same aside from the appropriate variable name changes. The forum will not allow me to post the entire file so I will post the other appropriate function display_blog_comments. Again this shows the comments and creates the add comment form. I will e-mail you the entire files if you that helps.

[php]function display_blog_comments($blog_ID) {

// create the add comment form for later use;

$comment_form = '<div class="comment" style="margin-top:20px;">
                 <form id="comment_form" action="add_comment.php" method="post">
                <fieldset>
                <legend>Add Comment</legend>
                <table style="width:100%;">
                <tr>
                <td valign="top">
                <textarea name="cbody" rows="10" cols="38"></textarea>
                </td>
                <td valign="top" style="width:90px;">
                <strong>
                <input type="text" name="poster_name" size="13" maxlength="50" value="name(optional)" />
                <br />
                <input type="text" size="13" maxlength="80" name="email" value="email(optional)" />
                <br />
                <img src="http://www.bigwhitefish.com/antispam.php"> 
                <br />
                <input name="anti_spam_code" type="text" size="13" value="Enter Code!" />
                </strong>
                <br />
                <br />
                <center>
                <input type="image" name="submit" src="images/comment-add.png" width="30" alt="Add" />
                </center>
                </td>
                </tr>
                </table>
                 <input type="hidden" name="bid" value="' . $blog_ID . '" />
                 <input type="hidden" name="mode" value="blog_comm" />
                 <input type="hidden" name="submitted" value="true" /> 
                 </fieldset>
                </form>
                 </div>
                 <div style="text-align:left; width:66%; clear:both; color:#CCC;">
                 <b>All Comments:</b>
                 <hr style="border:1px solid #CCC;" />
                 </div>
                 </center>';
                            
/***************************************************************
 * 
 *      Assign the queries and display the comments
 * 
 ***************************************************************/

echo '<center>
    <br />
    <span style="font-size:14px; font-weight:bold;">Comments</span>
    <div style="text-align:left; width:66%; color:#CCC;">
    <b>Most Recent:</b>
    <hr style="border:1px solid #CCC;" />
    </div>
    <br />';

$q = "SELECT *, DATE_FORMAT(date_entered, '%M %D, %Y @ %r') AS dr FROM blog_comment WHERE b_id=$blog_ID ORDER BY c_id DESC";
$r = mysql_query($q);

$comm_disp_count = 0; // initiate comment counter (comment form will be rendered after 3 comments are displayed unless there are less than 3 comments)
$add_comm_drawn = false; // has comment form already been drawn - no not yet

if($r) {

    if(mysql_num_rows($r) > 0) {

        echo '<center>';

        while($row = mysql_fetch_array($r)) {

            $email = stripslashes(trim($row['email']));
            $name = stripslashes(trim($row['name']));
            $c_id = $row['c_id'];
            $body = nl2br(stripslashes(trim($row['body'])));
            $dt = trim($row['dr']);
            $is_flag = trim($row['flagged']);

            echo '<div class="comment" style="text-align:left;">
                <img style="border:0px; width:20px;" src="images/comment.png" /> <span style="font-size:11px;">' . $body;
            
            if($is_flag == 'yes') {
                echo '<br />
                      <center><i style="color:red;">This message has been flagged.</i></center>';
            }
            
            echo '</span>
                <table align="right" style="width:90%;" cellspacing="0">
                <tr>
                <td align="left" style="font-size:11px;">
                <i><b>name:</b> ';

            if($row['status'] == 'yes') {

                echo '<a style="color:red;" href="mailto:[email protected]">bigwhitefish.com</a>';


            }else{

                if($email != 'email(optional)') {

                    echo '<a href="mailto:' . $email . '"><i>' . $name . '</i></a>';

                }elseif($name != "name(optional)") {               

                    echo $name;

                }else{

                    echo 'anonymous';

                }

            }

            echo '</i></td>
                <td align="right" style="font-size:11px;">
                <i>' . $dt . '</i> <a href="flag_comment.php?cid='.$c_id.'&bid='.$blog_ID.'&mode=blog&todo=flag"><img style="border:0px;" src="images/mini-flag-red.png" /></a>';
            
            if($_SESSION['status'] == 'admin') {

                echo '<a href="delete_comment.php?cid=' . $c_id . '&bid=' . $blog_ID . '&mode=blog">
                    <img align="right" style="border:0px;" src="images/mini-delete.png" /></a>';
            }
            
            echo '</td>
                </tr>
                </table>
                </div>
                <br />';
            
            echo '<br />';

            if(($comm_disp_count == 2) && ($add_comm_drawn==false)) {

                echo $comment_form;
                $add_comm_drawn = true;

            }

            $comm_disp_count++;

        } // end while loop

    }
    
    if($add_comm_drawn == false) {
        
        echo $comment_form;
        $add_comm_drawn = true;         

    }
    
}

}[/php]

I will e-mail you the entire files if you that helps.

This is (hopefully) the entire antispam.php file:
[php]<?php
###############################################################

Anti-spam Image Generator (CAPTCHA) 1.0

###############################################################

For updates visit http://www.zubrag.com/scripts/

###############################################################

// Font name to use. Make sure it is available on the server.
// You could upload it to the same folder with script if it cannot find font.
// By default it uses arial.ttf font.
$font = ‘Espar_Arial_Classic.ttf’;

// list possible characters to include on the CAPTCHA
$charset = ‘0123456789’;

// how many characters include in the CAPTCHA
$code_length = 6;

// antispam image height
$height = 20;

// antispam image width
$width = 80;

############################################################

END OF SETTINGS

############################################################

// this will start session if not started yet
@session_start();

$code = ‘’;
for($i=0; $i < $code_length; $i++) {
$code = $code . substr($charset, mt_rand(0, strlen($charset) - 1), 1);
}

$_SESSION[‘AntiSpamImage’] = $code;
$_SESSION[‘TheCodeAnswer’] = $code;

$font_size = $height * 0.7;
$image = @imagecreate($width, $height);
$background_color = @imagecolorallocate($image, 255, 255, 255);
$noise_color = @imagecolorallocate($image, 161, 137, 99);

/* add image noise /
for($i=0; $i < ($width * $height) / 4; $i++) {
@imageellipse($image, mt_rand(0,$width), mt_rand(0,$height), 1, 1, $noise_color);
}
/ render text */
$text_color = @imagecolorallocate($image, 161, 137, 99);
@imagettftext($image, $font_size, 0, 7,17,
$text_color, $font , $code)
or die(‘Cannot render TTF text.’);

/* output image to the browser */
header(‘Content-Type: image/png’);
@imagepng($image) or die(‘imagepng error!’);
@imagedestroy($image);
exit();
?>[/php]

And this will hopefully be the entire add_comment.php file:
[php]<?php
session_start(); // start session

$page_title = “Add Comment”; // include title for this web page

include_once("…/templates/header.php"); // load header file
include("…/templates/connect.php"); // load sql information

echo ‘

’;

print_r($_SESSION);

echo ‘

’;

// Attempt to add anti-spam protection

if ($_SESSION[‘AntiSpamImage’] != $_POST[‘anti_spam_code’]) {

// set antispam string to something random, in order to avoid reusing it once again
echo "Incorrect answer. User input: " . $_POST['anti_spam_code'] . 
     " Answer: " . $_SESSION['AntiSpamImage'];

$_SESSION['AntiSpamImage'] = rand(1,9999999);

// here you add code to let user know incorrect code entered
// echo "<script>history.go(-1)</script>";

} else {

// set antispam string to something random, in order to avoid reusing it once again
$_SESSION['AntiSpamImage'] = rand(1,9999999);

// everything is fine, proceed with processing feedback/comment/etc.                       
                
/******************************************************************************
****************************** BLOG COMMENTS *********************************
****************************************************************************** 
*/ 

if($_POST['mode'] == 'blog_comm') {  // if specific entry has been selected

    if(!empty($_POST['bid'])) {
        $bid = mysql_real_escape_string(stripslashes(trim($_POST['bid'])));
    }else{
        $errors[] = "No blog ID was passed";
    }
    if(!empty($_POST['cbody'])) {
        $body = mysql_real_escape_string(strip_tags(stripslashes(trim($_POST['cbody']))));
    }else{
        $errors[] = "No blog ID was passed";
    }
    if((!empty($_POST['email'])) && ($_POST['email'] != 'email(optional)')) {
        $mail = mysql_real_escape_string(stripslashes(trim($_POST['email'])));
    }else{
        $mail = "email(optional)";
    }
    if((!empty($_POST['poster_name'])) && ($_POST['poster_name'] != 'name(optional)')) {
        $name = mysql_real_escape_string(stripslashes(trim($_POST['poster_name'])));
    }else{
        $name = "name(optional)";
    }

    if(empty($errors)) {

        if($_SESSION['status'] == 'admin') {

            $q = "INSERT INTO blog_comment (c_id, b_id, body, name, email, status, date_entered) VALUES (0, $bid, '$body', 
                '$name', '$mail', 'yes', NOW())";
        }else{

            $q = "INSERT INTO blog_comment (c_id, b_id, body, name, email, date_entered) VALUES (0, $bid, '$body', 
                '$name', '$mail', NOW())";
        }


        $r = mysql_query($q);

        if($r) {
            echo '<p>Your comment has been added successfully.  
                    <a href="blog.php?mode=view&id=' . $bid . '">Click here</a> 
                    to see your post.';

            if($_SESSION['status'] != 'admin') {

                $ToName = "BWF Admin";
                $ToEmail = "[email protected]";
                $FromName = "BWF Comment Alert";
                $FromEmail = "[email protected]";
                $Subject = "New Blog Comment";

                $Message = $ToName."<br /><br />
                        You have been sent an email from ".$FromName . "<br />
                        <br /><br />
                        <b>Blog Comment:</b> 
                        <i><a href=\"http://www.bigwhitefish.com/blog.php?mode=view&id=$bid\">Click here to view</a></i>
                        <br /><br />
                        Name: " . $name . "<br /><br />
                        " . $body . "<br />";

                $headers = "Content-type: text/html; charset=iso-8859-1\r\n";
                $headers .= "From: ".$FromName." <".$FromEmail.">";

                mail($ToEmail, $Subject, $Message, $headers);
            }

        }else{
            echo '<p class="error">Your comment could not be added!<br />' . $mysql_error() . '</p>';
        }
    }else{
        echo '<p class="error">The following errors occurred:</p>';
        foreach($errors AS $msg) {
            echo '<p class="error">' . $msg . '</p>';
        }
    }

/******************************************************************************
****************************** IMAGE COMMENTS ********************************
****************************************************************************** 
*/ 

}elseif($_POST['mode'] == 'img_comm') {

    if(!empty($_POST['imgid'])) {
        $iid = mysql_real_escape_string(stripslashes(trim($_POST['imgid'])));
    }else{
        $errors[] = "No image ID was passed";
    }
    if(!empty($_POST['cbody'])) {
        $body = mysql_real_escape_string(strip_tags(stripslashes(trim($_POST['cbody']))));
    }else{
        $errors[] = "No image ID was passed";
    }
    if((!empty($_POST['email'])) && ($_POST['email'] != 'email(optional)')) {
        $mail = mysql_real_escape_string(stripslashes(trim($_POST['email'])));
    }else{
        $mail = "email(optional)";
    }
    if((!empty($_POST['poster_name'])) && ($_POST['poster_name'] != 'name(optional)')) {
        $name = mysql_real_escape_string(stripslashes(trim($_POST['poster_name'])));
    }else{
        $name = "name(optional)";
    }

    if(empty($errors)) {

        if($_SESSION['status'] == 'admin') {

            $q = "INSERT INTO img_comment (c_id, img_id, body, name, email, status, date_entered) 
                VALUES (0, $iid, '$body', '$name', '$mail', 'yes', NOW())";
        }else{

            $q = "INSERT INTO img_comment (c_id, img_id, body, name, email, date_entered) 
                VALUES (0, $iid, '$body', '$name', '$mail', NOW())";
        }

        $r = mysql_query($q);

        if($r) {
            echo '<p>Your comment has been added successfully.  
                    <a href="photos.php?mode=uno&imgid=' . $iid . '">Click here</a> 
                    to see your post.';
            if($_SESSION['status'] != 'admin') {

                $ToName = "BWF Admin";
                $ToEmail = "[email protected]";
                $FromName = "BWF Comment Alert";
                $FromEmail = "[email protected]";
                $Subject = "New Image Comment";

                $Message = $ToName."<br /><br />
                        You have been sent an email from ".$FromName . "<br />
                        <br /><br />
                        <b>Image Comment:</b> 
                        <i><a href=\"http://www.bigwhitefish.com/photos.php?mode=uno&imgid=$iid\">Click here to view</a></i>
                        <br /><br />
                        " . $body . "<br />";

                $headers = "Content-type: text/html; charset=iso-8859-1\r\n";
                $headers .= "From: ".$FromName." <".$FromEmail.">";

                mail($ToEmail, $Subject, $Message, $headers);
            }

        }else{
            echo '<p class="error">Your comment could not be added!<br />' . $mysql_error() . '</p>';
        }
    }else{
        echo '<p class="error">The following errors occurred:</p>';
        foreach($errors AS $msg) {
            echo '<p class="error">' . $msg . '</p>';
        }
    }

}else{
    echo '<p class="error">You have reached this page in error.</p>';
}

}

include_once("…/templates/footer.php");
?>[/php]

The code has changed from its original form so some of the error messages have not been updated (like the add comment script will tell you no blog id was passed if you don’t put in the body text - I just haven’t updated those yet but the logical process should be sound I believe)

Thanks again for the help and if you need anything else from me feel free to ask.

This is probably going to seem crazy, but in your form, try changing the following:<img src="http://www.bigwhitefish.com/antispam.php">
to<img src="http://bigwhitefish.com/antispam.php">
I just noticed that you are redirecting www.bigwhitefish.com to bigwhitefish.com, but your link includes the www. Some browsers may automatically truncate the www in this case, while others may not. This could be leading to a new session being created with browsers that include the www.

I could be totally wrong here, but it’s worth a shot! If that doesn’t fix it, I have some other ideas to try. We will get this!

Well that fixed the problem on my sisters computer! But now my computer has the problem lol. It is, however, slightly different. When I enter all of my information into the form and submit I get the following in FireFox:

[code]Array
(
[AntiSpamImage] => 3443909
[TheCodeAnswer] => 370433
)

Incorrect answer. User input: 306526 Answer: 3443909
[/code]
When I go back and try to comment again it does not update [TheCodeAnswer] and seemingly does not apply the $code value to [AntiSpamImage]

Now in Safari I got an empty array the first time I tried to comment after the change. The second time I got this:

Array ( [AntiSpamImage] => 5192390 ) Incorrect answer. User input: 075935 Answer: 5192390

So, I think you are on the money with whats happening. I bet, for whatever reason, my browser is seeing the session under http://www.bigwhitefish.com/ and theirs are seeing it as http://bigwhitefish.com/

Then the question would be how to tell each browser which one they should use? Or I may be off base with my assumptions. What do you think? And if it WAS working for you when you tried to add the comment with the incorrect answer on my page - try again now and do it at least twice to see if your results have changed. Thanks a million.

Correction!

In FireFox the [TheCodeAnswer] value was only there because the session was still alive. I logged in and out to destroy the session and tried again with the same results as Safari:

First attempt after session has been destroyed.

[code]Array
(
)

Incorrect answer. User input: 928302 Answer: [/code]

On the second (or any subsequent attempt) this is what happens:

[code]Array
(
[AntiSpamImage] => 947744
)

Incorrect answer. User input: 915964 Answer: 947744 [/code]

The same thing happens in Safari and FireFox on my computer now. My sisters it works fine. Sorry, for not checking myself properly before my last post.

Ok so I’m determined this is what’s happening:

My computer is looking for the session variable under http://www.bigwhitefish.com/

My sister’s is looking for the session variable under http://bigwhitefish.com/

Depending on the src= parameter of the CAPTCHA image it will change which url the SESSION variable will be created under. For example:

if the image code goes as follows

<img src="http://www.bigwhitefish.com/antispam.php" />

Then the SESSION variable with the proper CAPTCHA code is created in relation to http://www.bigwhitefish.com/ So when my computer accesses the SESSION variable all is well. However when my sisters computer tries to access the SESSION it is accessing it under http://bigwhitefish.com which is empty until the conditional fails and inputs that random 7 digit number

Now, if your CAPTCHA image code is as follows:

<img src="http://bigwhitefish.com/antispam.php" />

Then the SESSION variable with the proper CAPTCHA code is created in relation to http://bigwhitefish.com The same problem is caused only with the opposite computers being affected.

So is there any way to sort of force browsers to use one or the other?

I would avoid targeting browsers until there are no other options.

Now that we know what is causing the problem, I think we can tackle it pretty easily.

Try changing the link to:<img src="antispam.php" />If this doesn’t work, try “/antispam.php” as well.

Fingers crossed…

!!! IT WORKS !!!

That was a very logical next step, but I just couldn’t see it! Maybe my brain is just friend from the nightmare. Thank you so much! You are scholar amongst men. Now I just gotta take out all my debugging messages. I don’t think that I would have figured this out on my own so thanks again.

AWESOME!

I’m thrilled it’s working for you. I was starting to lean toward evil forces! I was particularly interested in how the browser could affect $_SESSION variables, as they should only exist on the server side. It makes sense now.