Security Images in PHP - Creating the Sign-up Demo -- Signupdemo.php

(Page 5 of 6 )

Now we are ready to create the sign-up demo. To begin, start with the following PHP file:

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<title>Signup Demo</title>
</head>
<body>

</body>
</html>

Now, we need to create two functions in a PHP block at the top of the file -- insertSecurityImage, a function to insert a unique security image, and checkSecurityImage, a function to check the user entered value.

In this function, we have one parameter, $inputname. We first of all create a unique reference ID by hashing the current UTC time times a random number. Then, we generate a string that will insert an image with the reference ID passed in the querystring. It also inserts a hidden input named whatever was passed in $inputname, and a value of the reference ID. Finally, we write it to the browser.

<?php
//Define function to insert security image
function insertSecurityImage($inputname) {
   $refid = md5(mktime()*rand());
   $insertstr = "<img src=\"securityimage.php?refid=".$refid."\" alt=\"Security Image\">\n
   <input type=\"hidden\" name=\"".$inputname."\" value=\"".$refid."\">";
   echo($insertstr);
}

In checkSecurityImage, we have two parameters -- the reference ID ($referenceid), and the value the user entered ($enteredvalue). First, we prepare the two strings by escaping them for database use. Then, we select the record(s) containing the reference ID and the hiddentext that were passed to the function. Finally, we return true (indicating valid) if there are more than zero records, and otherwise return false (indicating invalid) if there are zero records. You must have already opened a MySQL connection to use this function.

//Define function to check security image confirmation
function checkSecurityImage($referenceid, $enteredvalue) {
   $referenceid = mysql_escape_string($referenceid);
   $enteredvalue = mysql_escape_string($enteredvalue);
   $tempQuery = mysql_query("SELECT ID FROM security_images WHERE
   referenceid='".$referenceid."' AND hiddentext='".$enteredvalue."'");
   if (mysql_num_rows($tempQuery)!=0) {
      return true;
   } else {
      return false;
   }
}
?>

Now, we are ready to create the signup form within the <body> tags. The form will post to itself. Because this is a demonstration, we will only have one field (name) in addition to the security image. Then, we simply call the insertSecurityImage function, specifying the hidden form field name to be security_refid. Finally we add a confirmation field named security_try, and a submit button.

<form name="signupform" method="post" action="<?=$_SERVER["PHP_SELF"]?>">
Please sign up for our website:
<br>
<br>
Name:
<input name="name" type="text" id="name">
<br>
<? insertSecurityImage("security_refid") ?>
<br>
Enter what you see:
<input name="security_try" type="text" id="security_try" size="20" maxlength="10">
(can't see? try reloading page)
<br>
<br>
<input type="submit" name="Submit" value="Signup!">
</form>

Open signupdemo.php in a browser. If you view the source, you should see something like the code listing below. Note the hidden field and the security image reference ID.

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<title>Signup Demo</title>
</head>
<body>
<form name="signupform" method="post" action="/php/signupdemo.php">
Please sign up for our website:<br>
<br>
Name:
<input name="name" type="text" id="name">
<br>
<img src="securityimage.php?refid=0ed393101d240092186f47c3dc80c84e" alt="Security Image">
<input type="hidden" name="security_refid" value="0ed393101d240092186f47c3dc80c84e"> <br>
Enter what you see:
<input name="security_try" type="text" id="security_try" size="20" maxlength="10">
(can't see? try reloading page)
<br>
<br>
<input type="submit" name="Submit" value="Signup!">
</form>
</body>
</html>

Next: Form Handler Script >>
 

More PHP Articles
More By Nathan Rohler

Comments On: Security Images in PHP

· Good article, I would cut out the hidden form fields and database and use session...    · I think the author needs to upgrade their version of php, because $HTTP_GET_VARS is...    · maybe it would be better not to store $hiddentext in mysql, but its...    · Very good article[url=http://www.virtual-interconnect.co.uk/]Visit us[/url]    · Seeing PHP3 code when PHP5 is current is a bit disappointing. The author should...    · ...need to check random word through a list of profane words so you don't get the...    · May not be supported, but it's still in use in a lot of places.    · Wouldn't it even be possible to store an md5-hash in the form itself? That way there...    · I get this error: "Fatal error: Call to undefined function: imagecreatefrompng() in...    · hi, i think changing the option from png to jpeg will work fine . though some of the...    · in function checkSecurityImage, after veirfying that row count is more then zero,...    · Only if the hash mix the string and some other text known only by the php...    · Great article! Helped me accomplish my task very quickly. Thanks for writing this...    · This is a great article! I had some issues though with the implementation of...    · I Think this article can be strengthened by the fuction imagecopyresized() where if...    · The problem with the database method used in this example is that a bot could fill...    · Only site visitors with cookies enabled would be able to use it.    · Nice article. I'm having one problem though, there's no text on the generated image....    · You can always have a small font.ttf and host the file in the same folder. but try a...    · When you don't see the text, you have to change length in $length (for ($i=0;...    · Do the support files work? I noticed things like form tags missing etc...When I...    · Or just remove the vowels to avoid spelling any english word    · It says that there are some files included, but they're not.. Handy handy    · Hi,I am unable to get this to work - has anyone ahd any luck wih it. The data...    · I'm not a php programmer.I'm carpenter.This article helped me best to put...    · Since I'm a beginner to php, it's my first time come into GD library.This article...    · This way gives you 24 hours to post, nice for people like me who leave the page open...    · I dont what happen but my text in my image security is not there..why?tell me?    · I am beginner PHP programmer. I like your article. From your article I got better...   >>> Post your comment now!