securimage.php を解析してみる。
L:618行目付近 ”function check($code)”
function check($code)
{
// 考えながら検証する
// $code: POSTしたデータ
// echo $code; // ←POSTしたデータ
$this->code_entered = $code;
$this->validate();
return $this->correct_code;
}
L:1170付近 ”function validate()”
function validate()
{
// retrieve code from session, if no code exists check sqlite database if supported.
$code = '';
if (isset($_SESSION['securimage_code_value']) && trim($_SESSION['securimage_code_value']) != '') {
if ($this->isCodeExpired($_SESSION['securimage_code_ctime']) == false) {
$code = $_SESSION['securimage_code_value'];
}
} else if ($this->use_sqlite_db == true && function_exists('sqlite_open')) { // no code in session - may mean user has cookies turned off
$this->openDatabase();
$code = $this->getCodeFromDatabase();
} else { /* session code invalid or non-existant and code not found in sqlite db or sqlite is not available */ }
$code = trim(strtolower($code));
$code_entered = trim(strtolower($this->code_entered));
$this->correct_code = false;
// echo '----------------'.$code_entered .'------------------';
//$code_entered: 入力したデータを小文字にしたもの
// echo $_SESSION['securimage_code_value'];
// echo '===================';
// echo $_SESSION['securimage_code_ctime'];
if ($code != '') {
if ($code == $code_entered) {
$this->correct_code = true;
$_SESSION['securimage_code_value'] = ''; // ← 照合する元データ
$_SESSION['securimage_code_ctime'] = ''; // ← 照合する元データの生成時刻
$this->clearCodeFromDatabase();
}
}
}