jQuery validation + Securimage issue

Question

I have some strange issue using jQuery Validation plugin. Firs of all here is my code:

formvalid.js

var v = jQuery("#sendform").validate({
        rules: {
            /* some other rules */
            captcha: {
                required: true,
                remote: "securimage/process.php"
            }
        },            
        messages: {
            /* some other messages */
            captcha: {
        required:"Security code is required",
        remote:"Security code is incorrect!"
        }
        }
    });

process.php

<?php
/* I tried with and without session_start(). 
Both ways works with same probelm (read next)*/
//session_start();
include_once '../securimage/securimage.php';

$securimage = new Securimage();

if ($securimage->check($_GET['captcha']) == false) 
    echo "false";

else
    echo "true";
?>

sendform.php

<?php
include_once 'securimage/securimage.php';

//echo $_POST['captcha'];

$securimage = new Securimage();
//echo "<br/>".$securimage->getCode();

if($_POST['captcha'] && $securimage->check($_POST['captcha']))
{
    //do sending
}
?>

So, the problem is when I'm checking security code with AJAX request, ajax works fine, but when I'm send the form, $securimage->check($_POST['captcha']) in sendform.php returns false. Then I tried to disable remote capctha validation and viola $securimage->check($_POST['captcha']) in sendform.php returned true!

As you can see I echo some values in sendform.php and result is:

Case #1: AJAX captcha validation enabled.

Results:

echo $_POST['captcha'];               // User_input_value;
echo $securimage->getCode();          // nothing
$securimage->check($_POST['captcha']) // false

Case #2: AJAX captcha validation disabled.

Results:

echo $_POST['captcha'];               // User_input_value;
echo $securimage->getCode();          // code from image
$securimage->check($_POST['captcha']) // true (if equals)

Anyone know how to make it work?

Thanks for any advice.

Answer 1

To prevent resetting captch, you should validate yourself without calling check() function in process.php like below code

<?php
include_once 'securimage.php';
if(!isset($_GET['txtcaptcha']))
    return 'false';


$securimage = new Securimage();
$securecode = $securimage->getCode();

if (strtolower($securecode) != strtolower($_GET['txtcaptcha'])) 
    echo "false";

else
    echo "true";
?>

Answer 2

Almost same question was asked a while ago, it seems that the captcha is resetting after each check.

What I suggest is to have a flag in your session that you would set to TRUE in your process.php after a valid captcha and then checking it instead of $securimage->check($_POST['captcha']) in your sendform.php:

if ($securimage->check($_GET['captcha']) == false) {
    $_SESSION['valid'] = FALSE;
    echo "false";
} else {
    $_SESSION['valid'] = TRUE;
    echo "true";
}

And:

if($_POST['captcha'] && isset($_SESSION['valid']) && $_SESSION['valid']) // set it back to false inside this!

Now here are two notes:

• Since you are having two separate calls, some one can still change the captcha between the two calls
• Since it's only a captcha and you most probably is using it to prevent spam, I wouldn't bother using the technique I posted above! actually I wouldn't even bother doing another captcha check in the sendform.php

Of course someone could spam you, but then and if you really need to use Ajax, then you have to stop processing the captcha in the jQuery plugin and just validate it when you submit your form, just like the original documentation approach.