Security Images in PHP

(Page 1 of 6 )

Learn how to create a sign-up form for a website with a security image. The image prevents fake sign-ups and spam. In this tutorial, we will learn how to create a security image template, then put it to use.

---

Support files can be found here.

---

Introduction

Computers have such amazing power today that they are able to behave almost like humans. Programs can be written to interact with many websites. Unfortunately, many of these interactions are ones we don’t want, including fake sign-ups, spam through contact forms, and stealing places in line for items such as tickets.

The best way to avoid this is to include confirmations only real humans can comprehend. One of the most popular methods of doing this is through Security Images. In a nutshell, security images are dynamically generated images containing text that is hidden within other graphics. The characters must be entered correctly in a confirmation field to continue. In this tutorial, we will learn how to create a security image template, then put it to use.

Prerequisites:

• Basic PHP skills
  
• Basic GD Graphics Library knowledge (not required, but helpful)
  
• Basic MySQL/PHP integration skills
  
• PHP with GD graphics library (included with PHP 4.3.x)
  
• MySQL database
  
• Included files - securityimage_finished.php, signupdemo_finished.php, bg1.png, bg2.png, bg3.png

Preparation

Before beginning, you will need to create a database table in your MySQL database. Use the following SQL to do so:

CREATE TABLE `security_images` (
   `ID` int(11) NOT NULL auto_increment,
   `insertdate` datetime NOT NULL default '0000-00-00 00:00:00',
   `referenceid` varchar(100) NOT NULL default '',
   `hiddentext` varchar(100) NOT NULL default '',
   PRIMARY KEY (`ID`)
) TYPE=MyISAM;

Laying Down a Plan

I believe the best first step is to create a plan. First of all, we will have a signup form, signupdemo.php. In the form, we will have a security image, a hidden field containing the unique reference ID to this image, and a confirmation field. The image will be called from another PHP page, securityimage.php.

When the security image is requested, the unique reference ID will be passed in the url as refid (i.e. securityimage.php?refid=abcdefg123hij). This page will generate a random string of a set length and output an image containing the text. Next, the reference ID and the hidden text value will be entered into the MySQL database table, security_images. Finally, any records older than one day will be deleted from the table.

When the user submits the signup form, the handler script will collect the hidden reference ID, and the entered hidden text. Then, it will check these two values against the database. If the query doesn’t return 0 records, the signup is valid. Otherwise, it is invalid, and the user will have to re-enter the security image text.

Next: Getting Started -- Securityimage.php >>
 

More PHP Articles
More By Nathan Rohler

Comments On: Security Images in PHP

· Good article, I would cut out the hidden form fields and database and use session...    · I think the author needs to upgrade their version of php, because $HTTP_GET_VARS is...    · maybe it would be better not to store $hiddentext in mysql, but its...    · Very good article[url=http://www.virtual-interconnect.co.uk/]Visit us[/url]    · Seeing PHP3 code when PHP5 is current is a bit disappointing. The author should...    · ...need to check random word through a list of profane words so you don't get the...    · May not be supported, but it's still in use in a lot of places.    · Wouldn't it even be possible to store an md5-hash in the form itself? That way there...    · I get this error: "Fatal error: Call to undefined function: imagecreatefrompng() in...    · hi, i think changing the option from png to jpeg will work fine . though some of the...    · in function checkSecurityImage, after veirfying that row count is more then zero,...    · Only if the hash mix the string and some other text known only by the php...    · Great article! Helped me accomplish my task very quickly. Thanks for writing this...    · This is a great article! I had some issues though with the implementation of...    · I Think this article can be strengthened by the fuction imagecopyresized() where if...    · The problem with the database method used in this example is that a bot could fill...    · Only site visitors with cookies enabled would be able to use it.    · Nice article. I'm having one problem though, there's no text on the generated image....    · You can always have a small font.ttf and host the file in the same folder. but try a...    · When you don't see the text, you have to change length in $length (for ($i=0;...    · Do the support files work? I noticed things like form tags missing etc...When I...    · Or just remove the vowels to avoid spelling any english word    · It says that there are some files included, but they're not.. Handy handy    · Hi,I am unable to get this to work - has anyone ahd any luck wih it. The data...    · I'm not a php programmer.I'm carpenter.This article helped me best to put...    · Since I'm a beginner to php, it's my first time come into GD library.This article...    · This way gives you 24 hours to post, nice for people like me who leave the page open...    · I dont what happen but my text in my image security is not there..why?tell me?   >>> Post your comment now!