Security Code is incorrect - with IE6

Posted: Mon Aug 06, 2007 4:40 am

Hi all,

I am having 1 x major problem with my first ever RN V2.10.01 site Shocked

It appears as tho' people who are using IExplorer 6.xx are having trouble registering and they get the following error after correctly entering the 5 x character security code..

"Security Code is incorrect, Please go back and type it exactly as given ".

I usually use FireFox and I haven't experienced any problem with it, but I can duplicate this problem when I use IE6.

I have checked thru' your forums and thru' google without much success.. although I did close all windows and delete all cookies as suggested by one thread.

A direct link to my forums is: Only registered users can see links on this board! Get registered or login! the forums are actually located in a sub directory of the Apache root i.e. ../htdocs/WADforums/...

The server is in my garage Cool

and thus I can't blame any ISP if it is setup incorrectly.

Your assistance with this problem would be appreciated.

cheers
Will Beattie
(Australia)

registered · Posted: Mon Aug 06, 2007 10:29 pm

oldfart, sorry, not sure how to help as I am getting a "Redirect Failed" error message when I try and go to your provided link.

Posted: Mon Aug 06, 2007 11:51 pm

Hi montego,

Thanks for your attempt - just unlucky that dyndns.org is doing some upgrades and their DNS was out of action ..

Pls try these alternate links:-
http://59.167.194.170/WADforums
or
http://tell-a-life-story.com.au/WADforums

I have just checked and DynDns.org now appears to be up and working again. So the original link will probably be active again.

cheers
Will Beattie aka Oldfart

registered · Posted: Tue Aug 07, 2007 9:22 am

These problems are usually 1 of two things.
1) You have to many letters and the image is going off the page and you can't see some of the letters. This doesn't appear to be the case.
2) Your session configs are incorrect and a proper session cannot be made. This seems the most likely issue. See the bottom of my post here http://www.ravenphpscripts.com/postt13073.html
This will give you a work around. If it works you need to fix where your sessions are being created.

Posted: Wed Aug 08, 2007 5:56 am

Hi technocrat,

Please excuse my ignorance but I have followed your link and altered my php.ini to this

Quote:

[Session]
; Handler used to store/retrieve data.
session.save_handler = files

; Argument passed to save_handler. In the case of files, this is the path
; where data files are stored. Note: Windows users have to change this
; variable in order to use PHP's session functions.
;
; As of PHP 4.0.1, you can define the path as:
;
; session.save_path = "N;/path"
;
; where N is an integer. Instead of storing all the session files in
; /path, what this will do is use subdirectories N-levels deep, and
; store the session data in those directories. This is useful if you
; or your OS have problems with lots of files in one directory, and is
; a more efficient layout for servers that handle lots of sessions.
;
; NOTE 1: PHP will not create this directory structure automatically.
; You can use the script in the ext/session dir for that purpose.
; NOTE 2: See the section on garbage collection below if you choose to
; use subdirectories for session storage
;
; The file storage module creates files using mode 600 by default.
; You can change that by using
;
; session.save_path = "N;MODE;/path"
;
; where MODE is the octal representation of the mode. Note that this
; does not overwrite the process's umask.
;session.save_path = "/tmp"
session.save_path= "/AAA_Session/php/session"
;session.save_path= "G:/AAA_Session/php/session"
;session.save_path = G:\AAA_session\php\session

; Whether to use cookies.
session.use_cookies = 1

;session.cookie_secure =

; This option enables administrators to make their users invulnerable to
; attacks which involve passing session ids in URLs; defaults to 0.
; session.use_only_cookies = 1

; Name of the session (used as cookie name).
session.name = PHPSESSID

; Initialize session on request startup.
session.auto_start = 0

; Lifetime in seconds of cookie or, if 0, until browser is restarted.
session.cookie_lifetime = 0

; The path for which the cookie is valid.
session.cookie_path = /

; The domain for which the cookie is valid.
session.cookie_domain =

; Whether or not to add the httpOnly flag to the cookie, which makes it inaccessible to browser scripting languages such as JavaScript.
session.cookie_httponly =

; Handler used to serialize data. php is the standard serializer of PHP.
session.serialize_handler = php

; Define the probability that the 'garbage collection' process is started
; on every session initialization.
; The probability is calculated by using gc_probability/gc_divisor,
; e.g. 1/100 means there is a 1% chance that the GC process starts
; on each request.

session.gc_probability = 1
session.gc_divisor = 1000

; After this number of seconds, stored data will be seen as 'garbage' and
; cleaned up by the garbage collection process.
session.gc_maxlifetime = 1440

; NOTE: If you are using the subdirectory option for storing session files
; (see session.save_path above), then garbage collection does *not*
; happen automatically. You will need to do your own garbage
; collection through a shell script, cron entry, or some other method.
; For example, the following script would is the equivalent of
; setting session.gc_maxlifetime to 1440 (1440 seconds = 24 minutes):
; cd /path/to/sessions; find -cmin +24 | xargs rm

; PHP 4.2 and less have an undocumented feature/bug that allows you to
; to initialize a session variable in the global scope, albeit register_globals
; is disabled. PHP 4.3 and later will warn you, if this feature is used.
; You can disable the feature and the warning separately. At this time,
; the warning is only displayed, if bug_compat_42 is enabled.

session.bug_compat_42 = 0
session.bug_compat_warn = 1

; Check HTTP Referer to invalidate externally stored URLs containing ids.
; HTTP_REFERER has to contain this substring for the session to be
; considered as valid.
session.referer_check =

; How many bytes to read from the file.
session.entropy_length = 0

; Specified here to create the session id.
session.entropy_file =

;session.entropy_length = 16

;session.entropy_file = /dev/urandom

; Set to {nocache,private,public,} to determine HTTP caching aspects
; or leave this empty to avoid sending anti-caching headers.
session.cache_limiter = nocache

; Document expires after n minutes.
session.cache_expire = 180

; trans sid support is disabled by default.
; Use of trans sid may risk your users security.
; Use this option with caution.
; - User may send URL contains active session ID
; to other person via. email/irc/etc.
; - URL that contains active session ID may be stored
; in publically accessible computer.
; - User may access your site with the same session ID
; always using URL stored in browser's history or bookmarks.
session.use_trans_sid = 0

; Select a hash function
; 0: MD5 (128 bits)
; 1: SHA-1 (160 bits)
session.hash_function = 0

; Define how many bits are stored in each character when converting
; the binary hash data to something readable.
;
; 4 bits: 0-9, a-f
; 5 bits: 0-9, a-v
; 6 bits: 0-9, a-z, A-Z, "-", ","
session.hash_bits_per_character = 5

I also tried the script in this link and it appeared to work ..
http://www.ravenphpscripts.com/postp99403.html

But still no luck ..

FireFox appears to work with no problems but IE6 has been causing grief to many of our "potential" subscribers..

(P.S. Its my birthday and I have had a couple of "Chivas Regal's" - but I hope I am still sounding sensible ..) Wink

cheers
Will Beattie aka OldFart

P.S. The time lag is a pain - but C'est la vie !

Posted: Wed Aug 08, 2007 8:58 am

I am unsure what other advice to give you. I can open the image in IE 6 and it appears to be correct, though I did not try to register. Both my package and Raven's have been downloaded many times and we both use the same captcha (I wrote parts of it and integrated it). To my knowledge your the first person to report a problem.

Posted: Wed Aug 08, 2007 5:29 pm

Hi technocrat,

The problem seems to be specific to IE6, people who use FireFox or IE7 don't seem to experience the problem.

I would be happy if you did try to register on the forum - but please try using IE6 because it is after a person enters the displayed characters and hits "Register" that the problem occurs.

A friend of mine who has already looked at this problem has posted this in the forums (which isn't much good for those who aren't members - lol).

Quote:

Hey Guys,

found some people have had some issues connecting to the forums. When they log in it doesn't seem to hold the cookie information you need to view and post on the forums. That being said there are few things you can try:
...

and

Quote:

from SnOwY

lol.... IE7 works fine at work and for other pc's using XP and or a novell server... dunno what its like for other operating systems as it may cause more bugs than its worth.

with the help of Alfie and my friend in gelong i've come to the conclusion the the medium privacy settings block certian functions of this website thus causing the loggin in problems... My suggestion to you is the following

Quote:

2) Check your privacy Settings
- Click Tools
- Click Internet Options
- Click Privacy Tab
Special Note: (Make Sure your privacy tab if set to meduim try setting it to low this sometimes fixes the issue)
- Click Ok
- Click Ok

I you do register - here is a link to the thread http://wad.tell-a-life-story.com/modules.php?name=Forums&file=viewtopic&t=33

Our old forums had about 100+ subscribers but this one only has about 25 and I am sure its because the IE6 users can't register.

cheers
Will Beattie
aka OldFart

Posted: Wed Aug 08, 2007 5:47 pm

Well it doesn't work for me either but I am again unsure what to suggest. I tired it just to be sure on my package and it works fine. Again thousands of sites now use either Evo or RN and both use this system. As I said before to my knowledge your the only person that has had this problem where only IE 6 doesn't work. This leads me to believe that it has to be something on your server side.

Unfortunately I am unable to give you an answer. My best guess would be that since this captcha uses sessions to store the code, and its saying that the code does not match, it must be something with your server and how the sessions are handled. Something that IE 6 is sensitive too. Maybe because of the was your url is setup or the session domain is configured. I am sorry but that's all I have to suggest.

Posted: Wed Aug 08, 2007 7:02 pm

Hi technocrat,

Thank you very much for your help - I think that you have eliminated quite a number of possible problem areas.

This has now narrowed down the places that I must look at. Especially that suggestion with the URL's as I may well have set them up incorrectly (I had ported them from a Dynamic IP over to a new static IP and I don't think I did it correctly).

Thanks for your prompt attention and well done with a "bloody" good product ! Wink

cheers
Will Beattie
aka OldFart

Posted: Sat Aug 11, 2007 7:32 pm

Hi guys,

I am convinced that it is a session/cookie problem .. so if anyone can assist I would appreciate it.

AND Yes - I have a new manifestation of what is probably the same problem ..
I cannot set up a Download in the "Download Module" - no matter what I do I end up getting this (and yes - I hunted the net for similar problems)
"There are 0 Downloads in our Database".

Is anyone using these scripts on a Win2003 Server - 'cos that is my host ..

One other thing is these phpnuke forums run in a sub-directory of my server i.e. Apache/httdocs/wadforums but I am them accessing via a DNS "re-direct" ?? (wad.tell-a-life-story.com)

Something else I have noticed is .. when I ported some of my "root level" php scripts to a phpnuke module, I was using $_SESSION variables and they no longer worked when used in the module. I am not all too sure on setting up sessions, cookies - can I have named them incorrectly - are they treated differently in sub-directories etc?

cheers guys - I hope you can help
Will Beattie aka OldFart

Posted: Sun Aug 12, 2007 1:00 am

Hi guys,

I have found out what I was doing wrong with the "downloads module" ...
I am using :-

Apache: Apache/2.2.4 (Win32) mod_ssl/2.2.4 OpenSSL/0.9.8e
PHP: PHP Version 5.2.0
MySQL: MySQL Version 5.0.27 community

I have managed to get the "downloads module" to work by ensuring the numeric fields were filled in (after debugging the scripts) ..
i.e.
Filesize and
Hits

They now both have numeric values in them - I had problems using this version of MySQL with version 7.xx of Nuke originally and its why I moved to RavenNuke. It appears as though this version of MySQL doesn't allow "default" values in the numeric fields - sigh ...

cheers
Will Beattie aka OldFart