Thread: Simple Problem with session variable - Very frustrating

I am trying to use random numbers to authenticate users to prevent robot attacks. I have experimented with the following snippet for one whole day but for the life of me I can't figure out what is going wrong because the variable $_SESSION['number'] is getting passed from session to session but the other isn't:

<?php
session_start();

//Generating two random numbers between 0 and 9
srand(time());
for ($i=0; $i < 2; $i++)
{
$random = (rand()%9);
$slot[] = $random;
}


$numberone = $slot[0];
$numbertwo = $slot[1];

//Displaying the challenge question on the screen

echo "The challenge question is $numberone + $numbertwo = ";

$number = $numberone+$numbertwo;

//Storing the challenge answer in a session variable for validation in the next page.
// This number is getting stored and is being passed along

$_SESSION['number']=$number;

//Gathering user response from the form for comparing with challenge answer
$answer = $_POST['Answer'];

//This variable is not getting passed from one session to another. FRUSTRATING!!!
$_SESSION['answer'] = $answer;

?>

Please HELP!! It is so frustrating.......

Sorry forgot to mention the page link: http://www.studykitchen.com/randomnumbercheck.php

How can it ever be passed? $answer doesn't exist!! I t will exist AFTER the user submits the form, in the recieving script (page).

You don't even need to put $answer in a session variable.
Your script, in the form page, should be:

<?php
session_start();
//Generating two random numbers between 0 and 9
$random1 = rand(1,9);
$random2 = rand(1,9);
//Displaying the challenge question on the screen
$_SESSION['answer'] = $random1 + $random2;
echo "The challenge question is = $random1 + $random2 = ?";
?>

of course, in the submitting form, add e text field named "answer" for the user to fill in.

Now, in the receiving page, you should have, as start of your code;

<?
session_start();
$answer = trim($_POST['answer']);
if ($answer != trim($_SESSION['answer']){
//code to be executed in case of error
}

// Rest of your code, if any
?>

Please note that you don't need to "seed" rand (srand) as from php 4.2 on this is done automatically.
Also, in case there are only two random numbers as in your case, using a loop is useless (5 lines of code instead of 2).

Please also note that this is a very low level antibot security check, you'd better use a captcha image, although that isn't 100% secure either.

Thank you!! Thank you!! You are THE GURU.

Can't thank you enough, Navaldesign!!. So far, every single time that I got into a hole, you got me out.

Have a wonderful day.

Regards
Skipper02