[Plugin: Register Plus] ERROR: Image Validation does not match. (26 posts)

  1. EyePhoto
    Posted 7 years ago #

    Just installed RP (latest) in 2.5.1 and when trying a registration it throws back:

    "ERROR: Image Validation does not match."

    and if there's an apostrophe in the 'About Yourself' field it inserts a \ before the apostrophe when it refreshes with the error message?

    FYI: I have 2 contact forms on the site that use captcha without any problems and tried it (RP) on 'local' install and 'live' install.

  2. raygene
    Posted 7 years ago #

    Same here, still a bit buggy. I also get the "ERROR: Image Validation does not match." message.

    Also, I noticed that the login panel loses the "remember me" next to the checkbox when the plugin's text is shown "Thank you Mr.X. Your account has been verified....".

    I too have a captcha on my contact form and works without a glitch.

    I'll go back to WP-Disclaimer till this is fixed.

  3. Beju
    Posted 7 years ago #

    The image bug is quite simple to solve; I think that modifying $_SESSION variable of main script with another one that is just being launched by <img src="" /> will not work... Just think about it, one link to an image and one could gain access to your whole $_SESSION.
    I've made a temporary workaround by replacing:
    $_SESSION['key'] = $ResultStr;// carry the data through session

    $plik = fopen('captcha.md5','wb');
    flock($plik, LOCK_EX);
    fputs($plik, md5($ResultStr));
    flock($plik, LOCK_UN);

    in file captcha.php, and

    $number = $_POST['captcha'];


    $key=trim(file_get_contents(trailingslashit(get_option('siteurl')) . 'wp-content/plugins/' . basename(dirname(__FILE__)) .'/captcha.md5'));
    $number = md5($_POST['captcha']);

    in file register-plus.php (both in register-plus home directory).

  4. skullbit
    Posted 7 years ago #

    The apostrophe thing is an easy fix, but the Captcha issue is odd, I have never gotten a mismatch. Can you guys give me a little more information about your servers?

    What PHP version are you running?

    Are you running on a windows or linux server?

    Any other plugins activated that may possibly interfere with this one?

    I tested the bejeebus out of it and it runs beautifully for me, so there is obviously something really different about our setups. Try it out at http://www.skullbit.com/wp-login.php?action=register

    InviteCode: skulltester


  5. skullbit
    Posted 7 years ago #

    Unfortunately, many servers have file_get_contents disabled - so that fix will just cause more issues than it fixes. Also, I'm no security expert, but I don't think using a $_SESSION variable in the image script will allow anyone to access your $_SESSION data. This will only create the $_SESSION data on the server the image is hosted on, not on a server linking to the image file. This seems to be a common practice for Captcha Scripts - so unless you can prove otherwise, I'm going to stick with it as it is the most compatible method I can find.

    I'm going to change the Session key name in case it's conflicting with something else on the server and add in md5 just cause it seems better. I'll put up the upgrade and you guys can let me know if it changes anything for you.

    Not sure what you mean by losing the "Remember Me" next to the checkbox - is the text gone and just a blank checkbox? This is another anomaly that doesn't occur for me!

    Any chance you could answer those questions I posted above? That would help me figure out the problem. Cheers!

  6. vanesta
    Posted 7 years ago #

    Hi Skulbit, i got "ERROR: Image Validation does not match." on your site too

  7. skullbit
    Posted 7 years ago #

    Plugin updated - let me know if it helped at all!

  8. EyePhoto
    Posted 7 years ago #

    Thanks for the update skullbit it's stopped the \ from appearing but still get the image validation error.

    On PHP 5 and linux server here with WP 2.5.1

    Plugins used are:

    1. Confirm User Registration 1.2.1
    2. Dagon Design Form Mailer 5.4
    3. Disable Canonical URL Redirection 1.0 (Inactive)
    4. External Links 2.12
    5. Register Plus 2.2
    6. Witty Text 1.1
    7. wp-cache 2.1.2

  9. Beju
    Posted 7 years ago #

    it's not too hard to replace file_get_contents with fopen,fread,fclose, isn't it?
    about $_SESSION var, you are right. I'm not going to prove You anything, I can only explain that, if I understand correctly, You were trying to modify the main $_SESSION variable (in wp-login.php) in a script which was called as an image! I don't think it'll work, since that "image" starts new session, and when it finishes execution, the session is destroyed and so are its session variables.
    I can prove You something else: try to var_dump($_SESSION); right before $key=substr($_SESSION['key'],0,5); in register-plus.php.
    Mine shows NULL. But I may be wrong. Maybe it somehow bases on WP or server configuration...? I'm not sure, I've installed wordpress yesterday;)

    I'll stick with my version for some time - it's ugly, but it works;)

  10. vanesta
    Posted 7 years ago #

    Hi Skullbit,

    I'm running RHEL with Litespeed webserver 3.3.11, PHP 5.2.1, APC Cache, Suhosin PHP Hardening.


    Akismet, Viper VideoTags, Simple Tags, Brian Latest Comment, Dagon Design Form Mailer, Pagebar2, and Share This, and register plus 2.2

    I disabled all the plugins except register plus and also suhosin PHP hardening. still same result.

    Thanks for your help


  11. tinwatchman
    Posted 7 years ago #

    Hello -

    I just tried out this plugin, and I'm afraid that I'm getting the same Image Validation problem. I'm on a Linux server, Apache version 1.3.41 (Unix), PHP version 5.2.5, MySQL version 4.1.22-standard.; and I just installed the newest version of WordPress last night. Currently active plugins, other than Register Plus: Akismet, Replace WP-Version and Yawasp.

    Thank you for your help!

  12. skullbit
    Posted 7 years ago #

    The common denominator here seems to be PHP5, whereas I've been testing in a PHP4 environment. I will install it in a PHP5 server tonight and see what happens, thanks for your feedback!

  13. Wulfman
    Posted 7 years ago #

    Captcha same here and I donĀ“t get an Email Verification!
    with checked: Prevent fake email address registrations.

  14. Wulfman
    Posted 7 years ago #

    Ah forgot: This plugin full functionally is great!

  15. Wulfman
    Posted 7 years ago #

    Ah forgot: This plugin full functionally is great!

  16. DustDevil
    Posted 7 years ago #

    Same problem here, captcha dont work anymore.
    Iam on a Debian Server with PHP5, hope you can fix this issue,
    the spam bots steal my nerve :(

    Rest of the plugin is realy nice!
    thank you for that :)


  17. tmaster
    Posted 7 years ago #

    Doesn't work for me gives a Image validation error.

  18. tmaster
    Posted 7 years ago #

    Using PHP Version 4.3.11

  19. skullbit
    Posted 7 years ago #

    Still not sure why some folks are getting the Image Validation error, but I am adding support for reCAPTCHA which may work better for you folks. Look for a new release later tonight. Cheers!

  20. gofree
    Posted 7 years ago #

    Yes, we are all awaiting for the fix.

    Thanks for your great plugin.

  21. Shyzer
    Posted 7 years ago #

    Just for the record, I'm getting the same error for the basic image verification but the reCAPTCHA works perfectly! Also, I'm still getting the apostrophe converting into a slash error, but that's not a huge problem for me.

    Here are my server stats if it helps:

    Apache version 1.3.37 (Unix)
    PHP version 4.4.7
    MySQL version 4.1.22-standard
    Operating system Linux

    Thanks for the awesome tech support you're giving, though! Most plugin creators just pump something out and never touch it again.

  22. Shyzer
    Posted 7 years ago #

    You know what? I spoke too soon. The reCAPTCHA doesn't work. You can type in anything and it still accepts. it. Oh well, I don't think I'll have too many spammers hitting me for the short time I have registration open!

  23. werwiesel
    Posted 7 years ago #

    For me it helped to add an session_start() right before the use of the CAPTCHA Session Variable in register-plus.php (Line 584 in Version 2.6). Perhaps it might help to set session.auto_start in the PHP configuration file to proevent this error.

  24. ajg
    Posted 6 years ago #

    Update to WP 2.6.1 and Register Plus 3.5.1.
    The "Image Validation does not match" is back.

    Rrrr. it was a easy fix but I can not recall how.

  25. ajg
    Posted 6 years ago #

    ignore the previous comment. I must be blind or something. :)

    You may need to add the code <?php session_start(); ?> to the top line of the wp_login.php file to enable Simple CAPTCHA to work correctly.

  26. surfalot
    Posted 6 years ago #

    Having the same problem, don't know why it's happening since I'm new to WordPress and really don't have the time or a full education at the moment, but at least I know what is causing it.

    Apache version 1.3.39
    PHP version 4.3.11
    register globals: off

    When wp_unregister_GLOBALS(); in wp-settings.php executes, it wipes the captcha session var out. If I comment the line it works fine. My guess is that commenting this is bad and has some security consequences. This is my work-around for now. I'll let yall figure out a real fix.

    find wp_unregister_GLOBALS(); in wp-settings.php, and replace with this.

    // fix Register-Plus Captcha
    if (!empty($_SESSION['1k2j48djh'])) {
      $tmp_store_1k2j48djh = $_SESSION['1k2j48djh'];
    // fix Register-Plus Captcha
    if (!empty($tmp_store_1k2j48djh)) {
      $_SESSION['1k2j48djh'] = $tmp_store_1k2j48djh;
      $_SESSION['OK'] = 1;

    Great plugin, by the way. You might learn a little from this FreeCap captcha: www(dot)puremango(dot)co(dot)uk. It does basically the same thing, but a few more features and security measures. The GP has really put it through the ringer over the years.

    One more thing that is off-topic, but should be mentioned. IE reports a JS error on the register page. It's pointing to the code on line 1407 of register-plus.php. The error is the 'year:' is not getting a value (blank). So $regplus['calyear'] is empty at that point.

    year:<?php echo $regplus['calyear'];?>,

    Happy Coding!

Topic Closed

This topic has been closed to new replies.

About this Topic