Hardpressed

WordPress Sessions and Captcha

October 1, 2010 Jonathon Hardpressed No Comments

Tonights project: Installing captcha onto a wordpress contact form.

Step One:
So the first thing that I’m going to do is locate a captcha script that I can use as my base. I found this quick little script, looks simple enough: http://www.encaps.net/software/php-captcha/

Note: Make sure that you copy the captcha.jpg image to your website and then set the correct path.

Now let’s go ahead and create the image file. I’m going to call mine captcha-image.php. First things first, get the image loading when you call your script directly. Once you’re ready, proceed to step two.

Step Two:
The one thing that I expect to happen is for the captcha to not work right off the bat. This is most likely do to the session variable. So I’m going to make sure that both sessions are started within the wordpress framework so that there’s no un-expected settings or variables making the system clash.

Here’s the code to load the wp framework outside of loading wordpress: require_once dirname(__file__).'/wp-load.php';

Hint: Wrap the __file__ namespace with the dirname() function for each folder that you are above the root wp install.

Also replace the session_start(); with the following code to prevent future conflicts:
if (!session_id()) session_start();

Reload and test your image. For those of you that have all of your file paths correct, proceed to step three.

Hint: If you see a broken image still, then comment out all of the header functions and test again. You will be able to see the errors if you have error handling turned on.

Step Three:
I did some cleaning up of the code, a little commenting and now I’m ready to load the image into the form. Go ahead and take a second to do that yourself.

Here’s the code:
<img src="http://path/to/your/captcha_image.php" />

The next step is to open your functions.php file and add this code to the top:
if (!session_id()) session_start();

Now, test again, reloading the contact form or other page that you’ve called the image at. If you find that your image is broken, then comment out the “header” functions in your image file and look at it again.

Add the input field to your site and head to step four.
<input type="text" name="captcha" class="captchainput" />

Step Four:
In this step we’ll catch the submitted data and verify it against the session. Go ahead and try a test, printing out both variables at the top of your contact page:

echo $_POST['captcha'].'<BR/>';
echo $_SESSION['captcha'].'<BR/>';

Note: If your session variable is coming out empty, then it’s probably because something is changing the default session name. Call
echo session_name();
inside of your contact page and your image page to verify that the session names are the same.

I hope this helped.
-Jonathon

Share this

About the Author

Written by Jonathon

My name is Jonathon Byrd, I'm a Apache, PHP, MySql and Javascript expert. Although I invest a considerable amount of time in these languages, I also enjoy researching other areas in order broaden my knowledge and understanding of programming and development.

Leave a Comment