Page 2 of 2
Posted: Wed Jan 19, 2005 9:29 pm
by tired_one
You are probably sick of seeing me...lol.
Well, I changed my php.ini file to allow transparent session ids and recycled apache...turned off cookies in my browser, enabled captcha in serendipity, and guess what? I still get an error message about an invalid captcha.
I tested this in production - but had to turn it off as soon as I got that error message so I can't even give you the url (well, I can but it wouldn't do you any good).
So, then I went back to my dev. environment at
http://www.b-p-s.net/s9y/clean/serendipity/
and it didn't work either even after changing the value in php.ini
Code: Select all
[2005-01-19 15:14:36] - [REJECTED: Invalid captcha] - [#3, Name "robyn", E-Mail "", URL "", User-Agent "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 1.0.3705)", IP 69.26.249.3] - [testing trans_sid...^M ^M and it looks like the atom feed issue is an issue with the CSS that is designated.]
[2005-01-19 15:14:44] - [REJECTED: Invalid captcha] - [#3, Name "robyn", E-Mail "", URL "", User-Agent "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 1.0.3705)", IP 69.26.249.3] - [testing trans_sid...^M ^M and it looks like the atom feed issue is an issue with the CSS that is designated.]
[2005-01-19 15:14:50] - [REJECTED: Invalid captcha] - [#3, Name "robyn", E-Mail "", URL "", User-Agent "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 1.0.3705)", IP 69.26.249.3] - [testing trans_sid...^M ^M and it looks like the atom feed issue is an issue with the CSS that is designated.]
I swear I'm going to lose my job over this...lol...
Posted: Thu Jan 20, 2005 11:06 am
by garvinhicking
Please try the 0.8 bundled version of the spamblock plugin, it's debugging messages for failed captchas are much easier to comprehend.
You may also need to use the 0.8 bundled-libs directory, as the latest spamblock with SURBL support needs some PEAR-dependencies.
I'm sure we'll get this solved, don't abandon your hope!
Regards,
Garvin
Posted: Thu Jan 20, 2005 4:40 pm
by tired_one
Ok - I'll try that and keep my fingers crossed that it works.
Sorry to be such a pain in the arse.
Posted: Thu Jan 20, 2005 4:46 pm
by garvinhicking
No need to feel sorry, this is the place to ask for help! I hope we'll find a solution to this, and maybe we can improve the captchas some more if we find out there's a problem.
Good look and report back,
Garvin
Posted: Thu Jan 20, 2005 8:26 pm
by tired_one
Code: Select all
| 1106236369 | REJECTED | Invalid captcha (Entered: 7bfjp, Expected: ) | 3 | testing captcha | | | Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 1.0.3705) | 69.26.249.3 | http://www.b-p-s.net/serendipity/index.php?url=archives/3-testing-email-link-to-approve-comments.html | testing testing
will it work? |
| 1106236378 | REJECTED | Invalid captcha (Entered: 39BPV, Expected: ) | 3 | testing captcha | | | Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 1.0.3705) | 69.26.249.3 | http://www.b-p-s.net/serendipity/index.php?url=archives/3-testing-email-link-to-approve-comments.html | testing testing
will it work?
So - it seems that the phpsessid isn't being passed, even though I have use_trans_sid turned on in php.ini.
Hmmm...
Well, at least they work when cookies are on.
But, I still have to come up with a reliable solution for using it without cookies. I was actually asked what it would take to do away with the use of cookies in the app...I had to laugh - I'm not about to rewrite it from the ground up.
I give up...
Posted: Thu Jan 20, 2005 9:09 pm
by tired_one
That's it - I give up...
Code: Select all
| 1106254149 | REJECTED | Invalid captcha (Entered: dzyea, Expected: ) | 3 | robyn | | | Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 1.0.3705) | 69.26.249.3 | http://www.b-p-s.net/s9y/clean/serendipity/index.php?/archives/3-testing-entry-for-atom-0.3-RSS-feed.html | *sigh*
I'm never going to get this to work... |
No matter what I do, how I configure php, the server, the sofware I can't get this to work if someone chooses to disable cookies...
Garvin - thank you for all of your help.
If you have any big brainstorms about this just send me a pm or something...I hate to waste space on your forum for this issue any more...especially since i'm the only nutter trying to make it do something it wasn't designed to do...
Inconsistent Captcha Functionality
Posted: Mon Oct 31, 2005 4:17 am
by sasha
I've had this same problem and it is as the first poster stated an eratic issue. I've had it happen when testing it and it won't work then suddenly will work. I don't have this issue on ANY other blogs.
We've had numerous users also write and complain to us about the same issue. Some can't get it to work at all even if they have low security settings and others have the eratic behavior.
As much as we like S9y we are going to have to consider moving to a different blog software that has more consistent and reliable spam prevention. We've had to resort to disabling captchas and now have to wade through an ever growing number of spam commenting to get to the real comments.
Re: Inconsistent Captcha Functionality
Posted: Mon Oct 31, 2005 1:25 pm
by garvinhicking
Sasha, did you check your PHP session installation? This error can happen if sessions sproadicaly timeout or are written to bad diskspace.
Are you running any other software which uses sessions and is accessed as frequent as your blog?
I am sorry for your experience, but I believe it is unrelated to Serendipity. We would love to do more against spam, but there's only so much you can do against it. Captchas are the best way, the only other effective mean is allowing comments for registered users only. Have you thought of that?
Regards,
Garvin
php session
Posted: Fri Nov 04, 2005 5:05 pm
by sasha
The session seemed to be installed fine. the blog is our only app running the session. this is the session part in phpinfo(). does it give you some insights?
Code: Select all
session
Session Support enabled
Registered save handlers files user
Directive Local Value Master Value
session.auto_start Off Off
session.bug_compat_42 On On
session.bug_compat_warn On On
session.cache_expire 18000 180
session.cache_limiter nocache nocache
session.cookie_domain no value no value
session.cookie_lifetime 0 0
session.cookie_path / /
session.cookie_secure Off Off
session.entropy_file no value no value
session.entropy_length 0 0
session.gc_divisor 100 100
session.gc_maxlifetime 864000 1440
session.gc_probability 1 1
session.name CPSESSION PHPSESSID
session.referer_check no value no value
session.save_handler files files
session.save_path - /tmp
session.serialize_handler php php
session.use_cookies On On
session.use_only_cookies Off Off
session.use_trans_sid Off Off
Re: php session
Posted: Fri Nov 04, 2005 5:24 pm
by garvinhicking
Are you maybe using a clustered apache/PHP setup?
Regards,
Garvin
Re: php session
Posted: Mon Nov 07, 2005 7:08 am
by Guest
No clustered apache/PHP setup. We double checked with our hosting co. and they also checked on diff. browsers and varioous setups which allowed cookies but could not get the captchas to work.
garvinhicking wrote:Are you maybe using a clustered apache/PHP setup?
Regards,
Garvin
Re: php session
Posted: Mon Nov 07, 2005 10:13 am
by garvinhicking
Can you give me an URL to your blog to see the missing captchas?
What could happen is that the GDlib image functions fail - I would suggest to get a "broken" captcha image via WGet and see if there's PHP error output in the binary file?
Regards,
Garvin
Thanks Garvin!
Posted: Mon Nov 07, 2005 3:43 pm
by Guest
Just wanted to post a thanks to Garvin who helped us troubleshoot and find the probelm.
He pointed out that the URL we give our and the one set up in our blog configuation were different. The config had
http://oursite.com but the URL we give out typically is
http://www.oursite.com/.
Notice the extra 'www'. The captchas are fetched from a different URL and thus the cookie would not match!
That means you either need to enable the "autodetect HTTP host" setting within serendipity, or you need to decide to only use one URL name!