Captcha Not Restrictive - Login Page

I cannot understand why my captcha is not-restrictive. It passes and logs me in no matter what I enter in the captcha.

Attached my login page code.

Any help is appreciated.

Thnx

first thing is to test the servers session management. use the session test page from this thread to verify that sessions can be saved:
showpost.php?p=23826&postcount=2

Jason,

I tested my server's session management and it appears to be working correctly.

sessionTest.php

Any further suggestions are much appreciated.

can you send a link to the login page please

Here is my login page link:

loginWA/

when I test, it is not allowing a bad captcha value.

what I am seeing is that validation is failing with a bad captcha value, but the captcha error is not showing


it looks like the validation show if behavior was added to the captcha element for a validation that does not exist any more.


change the following code:

<?php
if (ValidatedField('index_529','index_529'))  {
  if ((strpos((",".ValidatedField("index_529","index_529").","), "," . "3" . ",") !== false || "3" == ""))  {
    if (!(false))  {
?>
                               <table border="0" width="265" cellpadding="4" style="border:solid; border-width:1px; border-color:#900; margin-left:3px; margin-top:3px">
                                 <tr>
                                   <td><span style="font-family:Arial, Helvetica, sans-serif; font-size:11px; color:#b70000">Incorrect captcha code. Please try again.</span></td>
                                 </tr>
                               </table
                         
                          >
                               <?php //WAFV_Conditional index.php index_529(3:)
    }
  }
}?>

to:

<?php
if (ValidatedField('index_529','index_529'))  {
  if ((strpos((",".ValidatedField("index_529","index_529").","), "," . "4" . ",") !== false || "4" == ""))  {
    if (!(false))  {
?>
                               <table border="0" width="265" cellpadding="4" style="border:solid; border-width:1px; border-color:#900; margin-left:3px; margin-top:3px">
                                 <tr>
                                   <td><span style="font-family:Arial, Helvetica, sans-serif; font-size:11px; color:#b70000">Incorrect captcha code. Please try again.</span></td>
                                 </tr>
                               </table
                         
                          >
                               <?php //WAFV_Conditional index.php index_529(4:)
    }
  }
}?>

Jason,

There still seems to be one problem. If I clear all cookies and sessions, then login for the first time, I can leave the captcha field blank and it will pass. Subsequent logins work fine, just probs on the first login before any cookies are stored.

This issue only occurs under those particular circumstances. Can you look at it one more time, and if we need to open a ticket (so I can provide you a valid login) let me know.

Thanks again. Attached is my latest code.

lkmg

I cant reproduce the problem.


no matter what i do, if i leave the captcha field blank, i get the validation error message.

I have created a support ticket so we can look into this issue further.

To view and edit your support ticket, please log into your support history:
supporthistory.php

Jason / Ray,

Below are the results of my support ticket:

To fix the issue, I moved my "set cookie" code below my "server validation" code.

This fixed it.

Thanks.

-D

ahhhh, that makes a little sense, glad to hear you sorted it out.