[pmwiki-users] CAPTCHA looping after upgrade?

Mon Sep 16 18:36:33 PDT 2019

On 17/09/2019 03:10, Russ Jackman wrote:
> Any other quirks or changes I should watch for from adding the
> session_start line?

The session data contains login information and the captcha challenges, 
and some recipes may store other information. Usually, a session is not 
created until some function needs to store some data. People who visit 
the wiki anonymously and have not been shown a Captcha (or other 
function using sessions) normally do not need a session ID cookie.

(The browser is only sent a pseudo-random identifier of the cookie like 
"VEgxQUdNMWJsN3M" and the information is retrieved by PmWiki from the 
server when the browser opens another page and sends back the 
identifier.)

With the session_start line, visitors may receive a session id cookie, 
even when they have not logged in and haven't seen a page with a 
Captcha. This shouldn't have noticeable effects for them.

Petko

> On 2019-09-16 4:44 p.m., Petko Yotov wrote:
>> There are 4 different Captcha recipes in the cookbook by different 
>> people.
>> 
>> This is about the https://www.pmwiki.org/wiki/Cookbook/Captcha recipe.
>> 
>> It probably never worked from a sidebar by itself, you may have had a 
>> side-effect from another local customization, because at the moment 
>> the sidebar is processed, the HTTP headers, hence the session cookie, 
>> have already been sent to the browser, and any changes to the headers 
>> will have no effect.
>> 
>> It appears to work when you manually start a session in config.php, 
>> before the include_once line:
>> 
>>   @session_start();
>>   include_once("$FarmD/cookbook/captcha.php");
>> 
>> This hopefully (re)starts a session and sends the session ID to the 
>> browser. When later the captcha recipe modifies the session data, the 
>> browser already has the session ID created earlier.
>> 
>> Please report if it works with your PmWiki/PHP version (it appears to 
>> work with PmWiki 2.2.118 and PHP 7.4).
>> 
>> Petko
>> 
>> On 16/09/2019 21:13, Russ wrote:
>>> I recently upgraded an older version of PmWiki running on PHP5.4 to 
>>> PHP7.x.
>>> 
>>> The CAPTCHA recipe is used in two places - on a contact page 
>>> (required
>>> to display contact info), and on individual members' pages (also to
>>> display contact info, but in a sidebar instead of the main page).
>>> 
>>> The contact page works fine, but when the CAPTCHA is used in the
>>> sidebar it no longer displays the contact info as it did before the
>>> upgrade; now, a entering a correct CAPTCHA just displays another
>>> CAPTCHA.
>>> 
>>> Suggestions on why it no longer works within a sidebar/header/footer?
>> 