WordPress.org

Ready to get started?Download WordPress

Forums

SI CAPTCHA Anti-Spam
Temporary php files in captcha-temp directory (13 posts)

  1. dabloguiman
    Member
    Posted 4 years ago #

    Hi Mike,

    I use WP File Monitor and since installing the latest version of si-captcha-for-wordpress this plugin is constantly reporting that there are several php files being added to or removed from the captcha-temp directory (see example below).

    I just want to make sure that this has something to do with the new way the plugin is storing the CAPTCHA codes, and not some sort of hack. If so, I may decide to exclude the captcha-temp directory from WP File Monitor because it is sending me frequent reports about the changes.

    Thanks.

    Nick

    This is a short example of what WP File Monitor is reporting:

    ***********************
    Added:
    wp-content/plugins/si-captcha-for-wordpress/captcha-secureimage/captcha-temp/tH62zln16meClOEM.php
    wp-content/plugins/si-captcha-for-wordpress/captcha-secureimage/captcha-temp/fqbTWJq30IhAgoBi.php

    several more files
    ...

    Removed:
    wp-content/plugins/si-captcha-for-wordpress/captcha-secureimage/captcha-temp/OzLLJB5Xh7O7NCPg.php
    wp-content/plugins/si-captcha-for-wordpress/captcha-secureimage/captcha-temp/f4A5hpu0uJWMcO3O.php
    wp-content/plugins/si-captcha-for-wordpress/captcha-secureimage/captcha-temp/zVipQqs8pCLeTeuL.php

    several more files
    ...

    http://wordpress.org/extend/plugins/si-captcha-for-wordpress/

  2. Mike Challis
    Member
    Plugin Author

    Posted 4 years ago #

    The files are normal because of a new feature where PHP Sessions are no longer required for the CAPTCHA. The new method uses temporary php files in a /captcha-temp/ folder to store the CAPTCHA codes until validation.

    PHP sessions can still be reactivated by unchecking the setting: "Use CAPTCHA without PHP session". Then the temporary files will no longer be created. But the reason I have to make the optional temporary files method is because some servers have broken PHP session handling, or some other plugins that break the sessions. So this new feature makes my plugin work for many more people out of the box.

  3. dabloguiman
    Member
    Posted 4 years ago #

    Thanks Mike, I am Ok with PHP sessions so I will uncheck the setting. Great plugin by the way.

  4. pietpetoors
    Member
    Posted 4 years ago #

    Since the last upgrade, that /captcha-temp/ folder was not automatically created on any of the sites I use the plugin. I think something went wrong during the upgrade since I had to create it manually for all web sites.

    Besides that the plugin works well and is a life saver, thanx Mike

  5. Mike Challis
    Member
    Plugin Author

    Posted 4 years ago #

    pietpetoors, Your WordPress may need permissions adjustments.
    http://codex.wordpress.org/Changing_File_Permissions

  6. gindrawan
    Member
    Posted 3 years ago #

    Hi, Mike.
    I am Indra. I have triey wp-content/plugins/si-captcha-for-wordpress/captcha-secureimage/test/captcha_test.php

    Using session off, I think there is one drawback there. If the token not match, the php file under wp-content/plugins/si-captcha-for-wordpress/captcha-secureimage/captcha-temp/ will be undelete.
    So I just add code below somewhere in my program:

    foreach ( glob( $ctf_captcha_dir . '*.php' ) as $filename ) {
    @unlink ($filename);
    }

    it will delete all "zombie" token php file before new one will be generate.

  7. Mike Challis
    Member
    Plugin Author

    Posted 3 years ago #

    gindrawan,

    This is fixed in the next version (soon to be released).
    Can't use your code because it would wipe out tokens for users currently on the public site. I used a different code that saves the more recent tokens, but deletes all old ones.

  8. gindrawan
    Member
    Posted 3 years ago #

    Yeah, I realize the bug in my code and save more recent token and delete all old ones could be great solution. Anyway thx for the great plugin!

  9. gindrawan
    Member
    Posted 3 years ago #

    Hi Mike,
    just curious to know, do you already have code to fix undeleted token php files?

  10. Mike Challis
    Member
    Plugin Author

    Posted 3 years ago #

    If you download the trunk version the fix is included

  11. gindrawan
    Member
    Posted 3 years ago #

    I couldn't locate the fix. Can you tell me where?

    With quick view, I go here http://plugins.trac.wordpress.org/changeset?new=320648%40si-captcha-for-wordpress&old=165617%40si-captcha-for-wordpress

    and more specific go to trunk/captcha-secureimage/test/captcha_test.php (modified) (9 diffs)
    http://plugins.trac.wordpress.org/changeset?new=320648%40si-captcha-for-wordpress&old=165617%40si-captcha-for-wordpress#file26

    but I don't know, maybe I need more time, I can't found the fix.

    Thx in advance for your help Mike.

  12. Mike Challis
    Member
    Plugin Author

    Posted 3 years ago #

    Sorry I had forgotten to upload the changed file. If you download the install, a new captcha_test.php is included.

    http://downloads.wordpress.org/plugin/si-captcha-for-wordpress.zip

  13. gindrawan
    Member
    Posted 3 years ago #

    Thanks Mike,
    I have found the fix. I will try it.

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic