Posted by DaveNotik on August 25, 2006 at 7:10am
| Project: | CAPTCHA |
| Version: | 4.7.x-1.x-dev |
| Component: | Code |
| Category: | bug report |
| Priority: | critical |
| Assigned: | Unassigned |
| Status: | closed (fixed) |
Issue Summary
It seems captcha.module is broken. I'm seeing weird issues, running some tests as an anonymous user. All the captcha validations stopped working, giving an error message each time:
"The answer you entered to the math problem is incorrect." or "The image verification code you entered is incorrect." depending on which type of validation was set (I tried both).
I can't get this to work 9 times out of 10! Just got it to work once, by leaving name as "Anonymous" default, but trying another one that way failed verification. May be a number of related issues, including the other issue here about it failing always once it failed once.
Can others verify?
Comments
#1
you need to lock your sessions
put
db_query("
SELECT GET_LOCK('mysite-%s', 60)
",
$key
);
at the top of sess_read
and put
db_query("
SELECT RELEASE_LOCK('mysite-%s')
",
$key
);
just before the return in sess_write
#2
The code recommendations above refer to the file "includes/session.inc". If you're worried about changing that file, it can be overridden in a copy placed in "sites/YOURSITE/includes/session.inc".
#3
In addition to the modifications above, you should also do the following:
put this in your settings.php
ini_set('ignore_user_abort', 1);
and put
session_write_close();
before header('Location: '. $url);
in drupal_goto() in includes/common.inc
This will ensure that the session is always unlocked.
#4
Thanks guys.
Lame having to hack stuff. Is this something that can one day be fixed in Drupal core?
How am I affecting site-wide session-handling by making these changes?
Thanks for the help. :)
#5
ini_set('ignore_user_abort', 1); means that execution always finishes (and unlocks the session) even if you press stop or change to loading a different page.
header('Location: '. $url); ends the scripts execution, so session_write_close(); must be called to unlock the session. This is important because drupal_goto() is called when a node is inserted.
#6
the reason you are being bitten by this bug is probably because there is something else on the page in addition to the captcha that is also activating an instance of drupal.
#7
So I made all the changes (put the .inc files I modified in sites/[mysite]/includes as I do with all files I modify), and it seems to work better now. But 3 times out of 5 or more, the image verification is wrong. I feel like there are characters off the image that it's expecting me to type in, and sometimes I'm mistaking the M for an N. Try posting a comment at http://dave.notik.com/node/31.
Maybe some textimage settings I need to play with?
And is the ideal scenario that Drupal core is fixed so that these hacks don't have to be made?
#8
I think you are right about the letters sometimes going off the edge. I use the attached free ttf font on my site filesoul.org. It is far more readable than the crappy built in font. I think the code in the textimage module for ttf fonts is much better.
create a dir called fonts in the root of your drupal installation and put the attached font there.
In the textimage settings, put 'fonts' in TrueType Fonts Path.
After saving config, check Image and font information at bottom.
#9
Jbrown thanks a lot for this fonts. After enabling the fonts you provided no hacking of session.inc is required. I'm using 4.7 version of drupal and captcha module.
#10
Great!
#11
I also want to thank jbrown for both the hacks and the font. I was having the same problems with verifications always failing. Unlike Rok, adding the ttf font alone did not solve the problem for me (though the provided font is sure a heck of a lot nicer than the default font). However, after implementing the recommended hacks, I'm no longer having any issues... Thanks!
#12
Dear All,
Thank you for you work with this issue....I am nearly there...if I may ask for some assistance with one last glitch. JBrown this is in relation to the 'fonts' folder, so maybe you would have an answer for this:
Having created the folder 'fonts' in the directory and then placed '/fonts/' or '/fonts' or 'fonts' in the Textimage configuration, I am returned the following error:
* warning: is_dir() [function.is-dir]: open_basedir restriction in effect. File(/fonts/) is not within the allowed path(s): (/home/sgprojx:/usr/lib/php:/usr/local/lib/php:/tmp) in /home/sgprojx/public_html/sites/default/modules/textimage/textimage.module on line 218.
* The entered font path is invalid
Previously, I had placed a different True-Type Font file in the path '/tmp/'. This did not return the above error, nor did it achieve the desired result of getting Textimage to work with Captcha.
Thank you in advance for any assistance with this matter.
Regards
Stephen G
#13
Hi guys
I cant get this to work well with Drupal 4.7.4. I am not using the textimage module, only captcha's and unless my maths sucks, it never lets me post a comment!
I've tried all the suggested patches here, but nothing seems to help.
Any other suggestions?
#14
I also have this problem on Drupal 4.74 where all math verifications are failing. Prior to 4.74 the maths captcha's did work! Only a few works after upgrading to 4.74 did I become aware of this issue on a site.
For a few weeks I have been following this thread, to no avail.
The content spammers are killing my site without a form of a captcha and my users are complaining.
Any suggestions?
#15
Hey Folks,
For the next three weeks I gonna be very busy, so now time to this issue yet.
But if someone could please spend some time in this issue I would help you the most I can.
thanks,
#16
casperl said:
Can you remember what was the cvs id of captcha.module you was using?
#17
I'm also having the problems described by others on this page: the new captcha images are very grainy and hard to read compared to the old version, some characters go off the edge of the image, and the verification fails a large percentage of the time. My reason for adding my comment, though, beyond just saying "me too!" is to say that I do not have a way to change the fonts on the settings screen (admin/settings/captcha). The version I was running under 4.6 had a setting for the fonts folder, and I really liked how I could place whatever TTF fonts I wanted in that folder and it would mix up the text in the image using the different fonts. One commenter above suggested changing the font settings for captcha--do other people have the ability to do this under 4.7.4? I wonder if the reason I don't is that I upgraded to 4.7.4 directly from 4.6.x, not from an earlier 4.7.x.
I think I'll try looking in the database to see if there's a way to change
I'd really rather not have to hack Drupal's session handing, but since the latest version of the spam module is all but unusable, the captcha is the only way to keep the spammers off my site. If the fonts trick does not work, I'll have no choice...
Just so I don't sound like an ingrate: I really appreciate the work that people have put into this module, other modules, and drupal in general. It's easy for appreciation to get lost in a message about frustrations with bugs. Thank you to all CVS committers and other contributors.
Dan
#18
An update on my fonts problem: I figured out that my fonts folder was missing, which was an artifact of having upgraded last weekend from 4.6.x to 4.7.4. In recreating the folder tree from my old installation, I had missed the fonts folder.
It appears to be using the fonts as it did before (using one font for some characters, and another font for others), and the characters look a little better. However, a large percentage of the time, one of the characters is either cut off at the edge, or does not appear in the image at all. It appears that the default is for five characters, and a lot of the time there are only four, or four plus one truncated one.
Even if I were to do the session hacking suggestions above, these faulty images make the image-based captcha not usable. I've tried the math problem captcha, but it seems too simplistic to foil a Drupal-aware bot, since it uses such small numbers for the math problems, and reuses the same numbers--seems so easy to guess. But if I can get it to validate properly, I guess I'll go with that for now...
Thanks again,
Dan
#19
The image validation did not work for me. Sometimes there was half a character at the edge of the image. The validation failed every time no matter what was shown on the image.
I tried adding a background image to force a larger image display but textimage cut the background image down to the size textimage wanted.
I changed 60 to 100 and 30 to 50 in the following lines and the validation now works:
<?php$imageWidth = 100 + drupal_strlen($string)*$charSpacingMax*.35;
$imageHeight = 50 + $charJiggleAmount;
?>
What still goes wrong is that the captcha validation sets a cookie even if the user name or password fails. When a user refreshes the page or in any way tries to register again, there is no captcha image or question. Either the cookie should not be set or it should be set to indicate the registration failed so that the captcha will be represented.
#20
When a captcha validation works, captcha_correct is set to true in _captcha_validate, which is called from captcha_form_alter. There is no check to see if the email or password is correct. Either captcha should validate the captcha reply after the email and password are validated or captcha_correct should be set to false by the password and email validation routines. Does anyone know how to control the validation of fields within forms?
#21
See also http://drupal.org/node/106235 - that may be a partial duplicate of this issue.
The earlier post about session locking - eek! We should not have to hack core modules for captcha to work correctly...
Help!
#22
#23
When I am modifying session.inc page do I need to replace the value of 'mysite' with the actual name of my site. I am copying session.in inc /sites/all/includes.