Hello,

I am currently having an issue with image_captcha in that the captcha image is not being displayed for any form when the user is anonymous. When I log in, I can see the captcha image correctly. I'm a little confused since I had image captcha working for a while now, and I did not mess with the forms (including the drupal contact form), and I did not change any captcha settings. I did update from RC3 to stable (and I did run update.php), and it seemed to have upgraded fine. I do not see any errors in the watchdog or php error logs, so I'm not sure how to debug this problem further.

I did try to do the following:
* I verified that GD is working and the fonts are working (they have to be since an image is created when a user logs in).
* In Opera, I see an empty box where the captcha image is supposed to be, and I tried saving the image, but it was 0 bytes.
* I switched the captcha type to both math captcha and text captcha to see if it would work, and both worked correctly when the user is anonymous.
* I viewed the page source for the form as an anonymous user, and I could see the Only local images are allowed. tag for the captcha image.
* I tried switching the drupal caching from normal to disabled, and no changes (I also used the devel module to clear the cache manually too).
* I disabled CAPTCHA and image_captcha, and uninstalled the modules (through the "uninstall module" admin panel), and re-installed CAPTCHA and the fonts, ... it did not fix the problem.

A further note, my rackspace server does not use any proxy (or at least that I know of), so I don't think that's the problem. I also did not try updating to the 3-dev version of CAPTCHA, as it didn't seem that there were any CVS patches committed that would have addressed this issue.

So, hopefully the above describes my issue well. As I mentioned, I really confused with this issue, and I would appreciate any help debugging the issue, and seeing if the error is either a bug, incompatibility with some module, etc.

Thanks in Advance

Comments

soxofaan’s picture

soxofaan commented

Thank you for such an elaborate report. This saves us several back and forth replies. If only all bug report would be like that ;)

From your description I have no idea what could be wrong as it seems to work in some situations (authenticated users, math captcha).

Some things from the top of my head you could try:

  • Comment out line 351 and 367 (and also try disabling just one of them):
      // unset the code from $_SESSION to prevent rerendering the CAPTCHA
  // unset($_SESSION['image_captcha'][$seed]);
...
    // drupal_set_header("Cache-Control: max-age=3600, must-revalidate");

    and retry your experiments

  • flush your sessions table (caution: this will log out every user) or delete only the sessions of anonymous users if you know how to do this. I'm not sure this will make any difference, since the session stuff seems to work considering the working math captcha. Which browsers and OS's/platforms did you already try?
jonli447’s picture

jonli447 commented

Thanks for your reply.

I cleared out the sessions, and nothing happened. Currently, I have personally tried Opera and Firefox on Ubuntu and my buddy reported the same issue on Windows using Firefox and I.E, as well (I don't personally have a window's machine available at the moment).

I also tried commenting out the lines mentioned above (plus a missing bracket), and image captcha is still broke for anonymous.

I'm not sure, but my guess there is a permission problem somewhere (sort of reminds me of a hotlink protection gone bad issue, though I have no idea what would cause that).

Thanks again, I'll keep trying to locate the bug.

soxofaan’s picture

soxofaan commented

Disabling line 351 makes it possible to request the image more than one time. Try the following as anonymous user: request an image CAPTCHA enabled form, look in the source code and extract the URL of the CAPTCHA image (do not forget to prepend the domain), load this URL in your browser and report what happens.

jonli447’s picture

jonli447 commented

I disabled line 351 and went to a form w/ image captcha as an anonymous user. I extracted the image url as suggested, and opened it firefox, nothing. I also tried to download the image via wget, and the image is still 0 bytes.

soxofaan’s picture

soxofaan commented

You're not getting a "not found"/"forbidden" error or something when GETting the url?
So you actually get an image: you receive the "Content-type: image/jpeg" header, but the payload is 0 bytes?
Does wget terminate in a normal way (no timeout of something)?
Can you give an example of such an URL (no need to include your domain, just the drupal query is enough)?

Can you compare with the situation when logged in as administrator?

jonli447’s picture

jonli447 commented

Note that I still have that line disabled:

When I am not logged as anonymous and I try to access the url in the browser, nothing gets displayed (no forbidden or not found error messages). However, if I am logged in as an Administrator, and access the url, I can view it in the browser.

With wget, it does terminate a little bit strange. It does not appear that I am receiving the correct header. Here's the output:

HTTP request sent, awaiting response... 200 OK
Length: 0 [text/html]

    [ <=>                                 ] 0             --.--K/s             

10:19:09 (0.00 B/s) - `1923180477.1' saved [0/0]

Here's an example of a url that I tried to access as anonymous: /image_captcha/230762832. That url is from a captcha image that was generated on a form while being an anonymous user. Strangely, when I log in as Administrator, I cannot view that url (maybe that's supposed to happen).

I also tried accessing another image, /image_captcha/894053324. This url was generated on a form while logged in as admin. As I mentioned above, I can access this url in the browser while logged in as admin. When I log out, I cannot access the url (nor can I wget it). Furthermore, when I log back in as admin, I can no longer access the image.

Hope that indicates something. Thanks. :-)

jonli447’s picture

jonli447 commented

Just a note about the wget output in #6, on the saved line, you see 1923180477.1, the ".1" is because I tried it twice. :-)

soxofaan’s picture

soxofaan commented

Here's an example of a url that I tried to access as anonymous: /image_captcha/230762832. That url is from a captcha image that was generated on a form while being an anonymous user. Strangely, when I log in as Administrator, I cannot view that url (maybe that's supposed to happen).

I also tried accessing another image, /image_captcha/894053324. This url was generated on a form while logged in as admin. As I mentioned above, I can access this url in the browser while logged in as admin. When I log out, I cannot access the url (nor can I wget it). Furthermore, when I log back in as admin, I can no longer access the image.

This is all expected behavior: the images and their URLs (actually the numerical codes in those URLs) are associated to a user session. So, one user can not view another user's image, and if you log out and log in again, you're working in a different session and you can't view the images from previous sessions.

soxofaan’s picture

soxofaan commented

As you seem familiar with the devel module, we can try the following if your site is not live, or you don't have much visitors for the moment.

(still with line 351 disabled)

as admin:
* enable the "access devel information" for the anonymous user role
* enable the devel block

as anonymous:
* get a CAPTCHA enabled form, and get the URL of the image
* click on "session viewer" in the devel block

as admin:
* disable the devel permission and block again

report the URL and the session data

jonli447’s picture

jonli447 commented

Aha!, I found the issue soxofaan. :-) I actually was following your logic and using the devel module to catch the $_SESSION vars, and I realized that anonymous users were not opening any sessions. I checked my user table in the sql database, and discovered that for some reason, the anonymous user row was deleted, thus preventing drupal from creating the session. I repaired the table, and image captcha now works again. :-) Thanks a lot for your help.

An aside, I noticed that forms with image_captcha fail W3C compliance due to a lack of an alt tag for the image. To solve the issue, I changed line 324 from

<?php
           '#value' => '<img src="'. check_url(url("image_captcha/$seed")) .'" />',
?>

to

<?php
          '#value' => '<img src="'. check_url(url("image_captcha/$seed")) .'" alt="" />',
?>

I'm not sure, but you might actually want to change the description from "" to something like "CAPTCHA image" for accessibility reasons. Fixing this minor issue should make some of the major search engines a little more happy (at least it did for me). :-)

soxofaan’s picture

soxofaan commented
Status: Active » Fixed

if that's the reason, it's weird that math and text CAPTCHA did work as you reported, because they use $_SESSION too. But I guess with "working" you just meant "showing up in the form" and not "doing the validation stuff".

Anyway, I'm glad that this issue is fixed now.

concerning your alt/title suggestion: http://drupal.org/cvs?commit=89452

jonli447’s picture

jonli447 commented

Yep, the captcha image now appears, and it can validate properly. I'm trying to figure out why the anonymous user got deleted from my user table. :-) Thanks again.

By the way, I'm happy to see that image captcha is now w3c complaint.

Anonymous’s picture

(not verified) commented
Status: Fixed » Closed (fixed)

Automatically closed -- issue fixed for two weeks with no activity.

asak’s picture

asak commented

And how does one login as admin while a malfunctioning captcha test is used for login? ;)

soxofaan’s picture

soxofaan commented

If you can't log in anymore, you can disable a module by setting its status field in the system table to zero.

For you this would mean in SQL:

UPDATE `system` SET `status` = '0' WHERE name LIKE '%captcha%' ;

But you can also do it in phpMyAdmin