susing FTP to look at the code for the index page on the server, the from tag is:
<form action="confirmation.php" method="post" name="435345345" id="435345345" accept-charset="UTF-8">
the action of the form is to post to the confirmation page.
there is no code on the conformation page to process the page.
the validation code that I see is on the ondex page.
in the server validation code, on the index page:
<?php
if (($_SERVER["REQUEST_METHOD"] == "POST") && (isset($_SERVER["HTTP_REFERER"]) && strpos(urldecode($_SERVER["HTTP_REFERER"]), urldecode($_SERVER["SERVER_NAME"].$_SERVER["PHP_SELF"])) > 0) && isset($_POST)) {
$WAFV_Redirect = "failed_confirmation.php";
$_SESSION['WAVT_index_255_Errors'] = "";
if ($WAFV_Redirect == "") {
$WAFV_Redirect = $_SERVER["PHP_SELF"];
}
$WAFV_Errors = "";
$WAFV_Errors .= WAValidateRQ(((isset($_POST["Security_Code_1"]))?$_POST["Security_Code_1"]:"") . "",false,1);
if ($WAFV_Errors != "") {
PostResult($WAFV_Redirect,$WAFV_Errors,"index_255");
}
}
?>
you are using the required vlaidation type, not the like entry validation type.
1) the validation server behavior must be on the page specified as the form action
2) you should use the like entry validation type to compare the captcha session variable to the captcha form element.