this is the code that generates the captcha image:
<img src="../webassist/captcha/wavt_captchasecurityimages.php?field=fieldset_group_Security_code&font=fonts/MOM_T___.TTF" alt="Security Code" class="Captcha" /> </div>
<div class="fullColumnGroup" style="clear:left;">
the img src is:
webassist/captcha/wavt_captchasecurityimages.php?field=fieldset_group_Security_code&font=fonts/MOM_T___.TTF"
the first url variable field:
?field=fieldset_group_Security_code
is used to set the captcha session name as:
captcha_<field value>
captcha_fieldset_group_Security_code
so in this case, the captcha session will be named.
in the server validation, the code for the captcha validation is:
$WAFV_Errors .= WAValidateLE((strtolower(isset($_POST["fieldset_group_Security_code_2"])?$_POST["fieldset_group_Security_code_2"]:"")) . "",((isset($_SESSION["captcha_fieldset_group_Security_code_2"]))?strtolower($_SESSION["captcha_fieldset_group_Security_code_2"]):"") . "",true,2);
it is referancing the session as:
$_SESSION["captcha_fieldset_group_Security_code_2"]
in other words using a session named
captcha_fieldset_group_Security_code_2
but it should be using:
captcha_fieldset_group_Security_code
change that line to:
$WAFV_Errors .= WAValidateLE((strtolower(isset($_POST["fieldset_group_Security_code_2"])?$_POST["fieldset_group_Security_code_2"]:"")) . "",((isset($_SESSION["captcha_fieldset_group_Security_code"]))?strtolower($_SESSION["captcha_fieldset_group_Security_code"]):"") . "",true,2);
the form element:
<input id="fieldset_group_Security_code_2" name="fieldset_group_Security_code_2"
so:
$_POST["fieldset_group_Security_code_2"]
is correct, but the session being used is not.