Security Images in PHP - Form Handler Script

(Page 6 of 6 )

We are now ready to write the form handler script. We will be adding another PHP block just above the <form> tag. First of all, we connect to the MySQL database. Be sure to enter your username and password. Then, we check to see if the security_refid and security_try fields are defined. If so, we define $security_refid and $security_try based on the form values. After that, we call checkSecurityImage using the reference ID and the value the user entered. Based on the value returned, we tell the user if they entered the correct code or not.

<?php
if (isset($HTTP_POST_VARS["name"]) && isset($HTTP_POST_VARS["security_try"])) {
   //Connect to database
   mysql_connect("localhost", "username", "password");
   mysql_select_db("dw_php");
   //Set variables, and call checkSecurityImage
   $security_refid = $HTTP_POST_VARS["security_refid"];
   $security_try = $HTTP_POST_VARS["security_try"];
   $checkSecurity = checkSecurityImage($security_refid, $security_try);
   //Depending on result, tell user entered value was correct or incorrect
   if ($checkSecurity) {
      $validnot = "correct";
   } else {
      $validnot = "incorrect";
   }
   //Write output
   echo("<b>You entered this as the security text:</b><br>\n
   ".$security_try."<br>\n
   This is ".$validnot.".<br>\n
   -------------------------------<br><br>\n
   ");
}
?>

The complete code listing for signupdemo.php should now look like this:

<?php
//Define function to insert security image
function insertSecurityImage($inputname) {
   $refid = md5(mktime()*rand());
   $insertstr = "<img src=\"securityimage.php?refid=".$refid."\" alt=\"Security Image\">\n
   <input type=\"hidden\" name=\"".$inputname."\" value=\"".$refid."\">";
   echo($insertstr);
}

//Define function to check security image confirmation
function checkSecurityImage($referenceid, $enteredvalue) {
   $referenceid = mysql_escape_string($referenceid);
   $enteredvalue = mysql_escape_string($enteredvalue);
   $tempQuery = mysql_query("SELECT ID FROM security_images WHERE
   referenceid='".$referenceid."' AND hiddentext='".$enteredvalue."'");
   if (mysql_num_rows($tempQuery)!=0) {
      return true;
   } else {
      return false;
   }
}
?>

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<title>Signup Demo</title>
</head>
<body>

<?php
if (isset($HTTP_POST_VARS["name"]) && isset($HTTP_POST_VARS["security_try"])) {
   //Connect to database
   mysql_connect("localhost", "username", "password");
   mysql_select_db("dw_php");
   //Set variables, and call checkSecurityImage
   $security_refid = $HTTP_POST_VARS["security_refid"];
   $security_try = $HTTP_POST_VARS["security_try"];
   $checkSecurity = checkSecurityImage($security_refid, $security_try);
   //Depending on result, tell user entered value was correct or incorrect
   if ($checkSecurity) {
      $validnot = "correct";
   } else {
      $validnot = "incorrect";
   }
   //Write output
   echo("<b>You entered this as the security text:</b><br>\n
   ".$security_try."<br>\n
   This is ".$validnot.".<br>\n
   -------------------------------<br><br>\n
   ");
}
?>

<form name="signupform" method="post" action="<?=$_SERVER["PHP_SELF"]?>">
Please sign up for our website:
<br>
<br>
Name:
<input name="name" type="text" id="name">
<br>
<? insertSecurityImage("security_refid") ?>
<br>
Enter what you see:
<input name="security_try" type="text" id="security_try" size="20" maxlength="10">
(can't see? try reloading page)
<br>
<br>
<input type="submit" name="Submit" value="Signup!">

</body>
</html>

Preview signupdemo.php in a browser. You should see something like this:

If you enter the text correctly, you should see something like this:

Note: if you receive a MySQL error, ensure that you replaced "username" and "password" with the real values.

Summary and Conclusion

In this article we have learned how to use the GD Graphics Library, creating an easy solution to prevent computers from behaving like humans. We also wrote basic functions, allowing us to reuse the Security Image file in other applications.

Until next time, happy coding :-)

DISCLAIMER: The content provided in this article is not warranted or guaranteed by Developer Shed, Inc. The content provided is intended for entertainment and/or educational purposes in order to introduce to the reader key ideas, concepts, and/or product reviews. As such it is incumbent upon the reader to employ real-world tactics for security and implementation of best practices. We are not liable for any negative consequences that may result from implementing any information covered in our articles or tutorials. If this is a hardware review, it is not recommended to open and/or modify your hardware.

Comments On: Security Images in PHP

· Good article, I would cut out the hidden form fields and database and use session...    · I think the author needs to upgrade their version of php, because $HTTP_GET_VARS is...    · maybe it would be better not to store $hiddentext in mysql, but its...    · Very good article[url=http://www.virtual-interconnect.co.uk/]Visit us[/url]    · Seeing PHP3 code when PHP5 is current is a bit disappointing. The author should...    · ...need to check random word through a list of profane words so you don't get the...    · May not be supported, but it's still in use in a lot of places.    · Wouldn't it even be possible to store an md5-hash in the form itself? That way there...    · I get this error: "Fatal error: Call to undefined function: imagecreatefrompng() in...    · hi, i think changing the option from png to jpeg will work fine . though some of the...    · in function checkSecurityImage, after veirfying that row count is more then zero,...    · Only if the hash mix the string and some other text known only by the php...    · Great article! Helped me accomplish my task very quickly. Thanks for writing this...    · This is a great article! I had some issues though with the implementation of...    · I Think this article can be strengthened by the fuction imagecopyresized() where if...    · The problem with the database method used in this example is that a bot could fill...    · Only site visitors with cookies enabled would be able to use it.    · Nice article. I'm having one problem though, there's no text on the generated image....    · You can always have a small font.ttf and host the file in the same folder. but try a...    · When you don't see the text, you have to change length in $length (for ($i=0;...    · Do the support files work? I noticed things like form tags missing etc...When I...    · Or just remove the vowels to avoid spelling any english word    · It says that there are some files included, but they're not.. Handy handy    · Hi,I am unable to get this to work - has anyone ahd any luck wih it. The data...    · I'm not a php programmer.I'm carpenter.This article helped me best to put...    · Since I'm a beginner to php, it's my first time come into GD library.This article...    · This way gives you 24 hours to post, nice for people like me who leave the page open...    · I dont what happen but my text in my image security is not there..why?tell me?    · I am beginner PHP programmer. I like your article. From your article I got better...   >>> Post your comment now!