I’m using simple-php-captcha( https://github.com/claviska/simple-php-captcha ) script on an ajax form in my wordpress theme,
it works fine when it’s on localhost but when i upload it on an online host , the captcha codes don’t match , every thing works fine , captcha image loads , sessions get created but the captcha code displayed in the image is not the same as when the form is submitted.
functions.php
require_once( get_template_directory() . '/libs/captcha/simple-php-captcha.php' );
require_once( get_template_directory() . '/inc/ajax/testimonial.php' );
header.php
session_start();
$_SESSION['captcha'] = simple_php_captcha();
The html form
<form action="<?php echo admin_url("admin-ajax.php"); ?>" class="dw-ajax-form dw-form" method="post" id="send_testimonial">
<input type="text" name="name" placeholder="name">
<input type="text" name="job" placeholder="company / job">
<input type="text" name="email" placeholder="Email address">
<textarea type="textarea" name="comment" placeholder="your opinion about us"></textarea>
<div class="block captcha-image">
<img src="<?php echo $_SESSION['captcha']["image_src"]; ?>" alt="<?php echo $_SESSION['captcha']["code"]; ?>">
</div>
<input type="text" name="captcha" placeholder="enter the code above" autocomplete="off">
<input type="hidden" name="action" value="send_testimonial">
<?php wp_nonce_field( 'send_testimonial', 'send_testimonial_nonce' ); ?>
<input type="submit" value="send"> <span class="msg" style="margin-right:15px;"></span>
</form>
The ajax function ( /inc/ajax/testimonial.php )
<?php
/**
* Testimonial Form Ajax Callbacks
*
* @package WordPress
* @subpackage Learnfiles-shop Theme
* @author Dornaweb.com
*/
add_action( 'wp_ajax_send_testimonial', 'dw_send_testimonial' );
add_action( 'wp_ajax_nopriv_send_testimonial', 'dw_send_testimonial' );
function dw_send_testimonial() {
global $wpdb;
$message = '';
$name = strip_tags( htmlspecialchars( $_POST["name"] ) );
$job = strip_tags( htmlspecialchars( $_POST["job"] ) );
$email = strip_tags( htmlspecialchars( $_POST["email"] ) );
$comment = strip_tags( htmlspecialchars( $_POST["comment"] ) );
/* captcha */
$captcha_input = strtolower( strip_tags( htmlspecialchars( $_POST["captcha"] ) ) );
$captcha_code = strtolower( $_SESSION['captcha']['code'] );
/** Validation **/
if( !$_SESSION['captcha'] || !is_array( $_SESSION['captcha'] ) )
die( '<span class="error">Somethings wrong</span>' );
/******************************* IT ALWAYS GIVES ME THIS ERROR WHEN ONLINE , BUT IT WORKS ON LOCALHOST( i also tried it with "!=" operator ) **************/
if( $captcha_code !== $captcha_input )
die( '<span class="error">The entered code doesnt match</span>' );
/**********************************************************************************************************************************************************/
if ( !isset( $_POST['send_testimonial_nonce'] ) || ! wp_verify_nonce( $_POST['send_testimonial_nonce'], 'send_testimonial' ) )
die('<span class="error">Somethings wrong</span>');
if( empty( $comment ) )
die('<span class="error">Please enter your comment</span>');
if( empty( $name ) )
die('<span class="error">please enter your name</span>');
if( !empty( $email ) && !filter_var($email, FILTER_VALIDATE_EMAIL) )
die('<span class="error">the entered email doesnt look like an email address</span>');
if( empty( $name ) && empty( $comment ) )
die('<span class="error">please fill the form</span>');
/* send testimonial */
$testimonial = array(
'post_title' => $name,
'post_status' => 'pending',
'post_type' => 'testimonials',
'post_author' => 1
);
$post_id = wp_insert_post( $testimonial );
update_field( 'job', $job, $post_id );
update_field( 'email', $email, $post_id );
update_field( 'comment', $comment, $post_id );
// form is valid
if( empty( $message ) )
$message = '<span class="success">Your comment submitted! thank you.</span>';
echo $message;
wp_die();
}
edited :
I’ve run a test here ( sorry the page is in farsi ) : http://test.dornaweb.ir/ , there is a form in the middle of the page that when you click it , it shows you a var_dump()
of $_SESSION['captcha']
, as you can see , the code shown in the image is different is from the code in var_dump
data , it’s like when the form submits the $_SESSION is one step ahead or something like that , the weird thing is when i use the exact same theme on localhost nothing goes wrong!!
It looks like there is some duplicate request (also judging from the provided access.log). This might be caused by a missing/inaccessible file on the server (which is there/accessible on localhost, thus not causing problems there). If this is requested, some rewrite-code (either within WP or mod_rewrite in .htaccess) rewrites the “failing” request and sends it to the main script. Then, in the main script, the session data gets overwritten with a new captcha…
These issues are sometimes hard to spot. Start at:
looking for differences between localhost and server
looking for requests by following each link in the generated html code and checking whether they give the expected response
Perhaps you could also write some debugging messages to either the error.log or some other logging facility. That might also help finding this.
Sorry if this doesn’t help you any further…