RE: FN-FORUM: Spam Email - Major problem I need help with!

date posted 22nd November 2005 13:40

> if($_SESSION['Code_Text']!=3D$_POST['CodeCode']){
> $ERRMsg .=3D "Image validation did not match";
> }

Graeme had the essence of _A_ problem with it, which is that you are not
checking that $_SESSION['Code_Text'] either exists or is not zero =
length, so
a bot jumping straight to the submission can have $_SESSION['Code_Text']
unset and $_POST['CodeCode'] unset or empty then in PHP unset =3D empty
(generates warning) and they have passed your test. Trying

if(!isset($_SESSION['Code_Text']) or !strlen($_SESSION['Code_Text']) or
($_SESSION['Code_Text']!=3D$_POST['CodeCode'])){
$ERRMsg .=3D "Image validation did not match";
}

might help though I have not checked the rest of the code.

HTH,

Dai

--=20
TechnologyAngel
http://www.technologyangel.co.uk/