I am trying to add a simple captcha to an hml form. Code is originally from here

here is the PHP script that generates the image and stores the captcha variable:

<?php

session_start();

header("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); 

header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT"); 

header("Cache-Control: no-store, no-cache, must-revalidate"); 

header("Cache-Control: post-check=0, pre-check=0", false);

header("Pragma: no-cache"); 



function _generateRandom($length=6)

{

    $_rand_src = array(

        array(48,57) //digits

        , array(97,122) //lowercase chars

//      , array(65,90) //uppercase chars

    );

    srand ((double) microtime() * 1000000);

    $random_string = "";

    for($i=0;$i<$length;$i++){

        $i1=rand(0,sizeof($_rand_src)-1);

        $random_string .= chr(rand($_rand_src[$i1][0],$_rand_src[$i1][1]));

    }

    return $random_string;

}



$im = @imagecreatefromjpeg("captcha.jpg"); 

$rand = _generateRandom(3);

$_SESSION['captcha'] = $rand;

ImageString($im, 5, 2, 2, $rand[0]." ".$rand[1]." ".$rand[2]." ", ImageColorAllocate ($im, 0, 0, 0));

$rand = _generateRandom(3);

ImageString($im, 5, 2, 2, " ".$rand[0]." ".$rand[1]." ".$rand[2], ImageColorAllocate ($im, 255, 0, 0));

Header ('Content-type: image/jpeg');

imagejpeg($im,NULL,100);

ImageDestroy($im);

?>

here is the script that validates the entered captcha:

<?php

if($_SESSION["captcha"]==$_POST["captcha"])

{

    //CAPTHCA is valid; proceed the message: save to database, send by e-mail ...

    echo 'CAPTHCA is valid; proceed the message';

}

else

{

    echo 'CAPTHCA is not valid; ignore submission';

}

?>

Problem is that the session seems to be storing only 3 chars, so the values never match – since the generated image has 6 chars.

The code above is a bit strange (I must admit I am not used the image library API). But I dont know why we call _generateRandom() with arg value of 3, and also, why imagestring is being called twice ???