Home arrow PHP arrow Page 6 - Security Images in PHP

Form Handler Script - PHP

Learn how to create a sign-up form for a website with a security image. The image prevents fake sign-ups and spam. In this tutorial, we will learn how to create a security image template, then put it to use.

TABLE OF CONTENTS:
  1. Security Images in PHP
  2. Getting Started -- Securityimage.php
  3. Set Other Text Variables
  4. Code for securityimage.php
  5. Creating the Sign-up Demo -- Signupdemo.php
  6. Form Handler Script
By: Nathan Rohler
Rating: starstarstarstarstar / 113
September 08, 2004

print this article
SEARCH DEV SHED

TOOLS YOU CAN USE

advertisement

We are now ready to write the form handler script. We will be adding another PHP block just above the <form> tag. First of all, we connect to the MySQL database. Be sure to enter your username and password. Then, we check to see if the security_refid and security_try fields are defined. If so, we define $security_refid and $security_try based on the form values. After that, we call checkSecurityImage using the reference ID and the value the user entered. Based on the value returned, we tell the user if they entered the correct code or not.

<?php
if (isset($HTTP_POST_VARS["name"]) && isset($HTTP_POST_VARS["security_try"])) {
   //Connect to database
   mysql_connect("localhost", "username", "password");
   mysql_select_db("dw_php");
   //Set variables, and call checkSecurityImage
   $security_refid = $HTTP_POST_VARS["security_refid"];
   $security_try = $HTTP_POST_VARS["security_try"];
   $checkSecurity = checkSecurityImage($security_refid, $security_try);
   //Depending on result, tell user entered value was correct or incorrect
   if ($checkSecurity) {
      $validnot = "correct";
   } else {
      $validnot = "incorrect";
   }
   //Write output
   echo("<b>You entered this as the security text:</b><br>\n
   ".$security_try."<br>\n
   This is ".$validnot.".<br>\n
   -------------------------------<br><br>\n
   ");
}
?>

The complete code listing for signupdemo.php should now look like this:

<?php
//Define function to insert security image
function insertSecurityImage($inputname) {
   $refid = md5(mktime()*rand());
   $insertstr = "<img src=\"securityimage.php?refid=".$refid."\" alt=\"Security Image\">\n
   <input type=\"hidden\" name=\"".$inputname."\" value=\"".$refid."\">";
   echo($insertstr);
}

//Define function to check security image confirmation
function checkSecurityImage($referenceid, $enteredvalue) {
   $referenceid = mysql_escape_string($referenceid);
   $enteredvalue = mysql_escape_string($enteredvalue);
   $tempQuery = mysql_query("SELECT ID FROM security_images WHERE
   referenceid='".$referenceid."' AND hiddentext='".$enteredvalue."'");
   if (mysql_num_rows($tempQuery)!=0) {
      return true;
   } else {
      return false;
   }
}
?>

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<title>Signup Demo</title>
</head>
<body>

<?php
if (isset($HTTP_POST_VARS["name"]) && isset($HTTP_POST_VARS["security_try"])) {
   //Connect to database
   mysql_connect("localhost", "username", "password");
   mysql_select_db("dw_php");
   //Set variables, and call checkSecurityImage
   $security_refid = $HTTP_POST_VARS["security_refid"];
   $security_try = $HTTP_POST_VARS["security_try"];
   $checkSecurity = checkSecurityImage($security_refid, $security_try);
   //Depending on result, tell user entered value was correct or incorrect
   if ($checkSecurity) {
      $validnot = "correct";
   } else {
      $validnot = "incorrect";
   }
   //Write output
   echo("<b>You entered this as the security text:</b><br>\n
   ".$security_try."<br>\n
   This is ".$validnot.".<br>\n
   -------------------------------<br><br>\n
   ");
}
?>

<form name="signupform" method="post" action="<?=$_SERVER["PHP_SELF"]?>">
Please sign up for our website:
<br>
<br>
Name:
<input name="name" type="text" id="name">
<br>
<? insertSecurityImage("security_refid") ?>
<br>
Enter what you see:
<input name="security_try" type="text" id="security_try" size="20" maxlength="10">
(can't see? try reloading page)
<br>
<br>
<input type="submit" name="Submit" value="Signup!">

</body>
</html>

Preview signupdemo.php in a browser. You should see something like this:

Security Images in PHP


If you enter the text correctly, you should see something like this:

Security Images in PHP

Note: if you receive a MySQL error, ensure that you replaced "username" and "password" with the real values.

Summary and Conclusion

In this article we have learned how to use the GD Graphics Library, creating an easy solution to prevent computers from behaving like humans. We also wrote basic functions, allowing us to reuse the Security Image file in other applications.

Until next time, happy coding :-)



 
 
>>> More PHP Articles          >>> More By Nathan Rohler
 

blog comments powered by Disqus
escort Bursa Bursa escort Antalya eskort
   

PHP ARTICLES

- Hackers Compromise PHP Sites to Launch Attac...
- Red Hat, Zend Form OpenShift PaaS Alliance
- PHP IDE News
- BCD, Zend Extend PHP Partnership
- PHP FAQ Highlight
- PHP Creator Didn't Set Out to Create a Langu...
- PHP Trends Revealed in Zend Study
- PHP: Best Methods for Running Scheduled Jobs
- PHP Array Functions: array_change_key_case
- PHP array_combine Function
- PHP array_chunk Function
- PHP Closures as View Helpers: Lazy-Loading F...
- Using PHP Closures as View Helpers
- PHP File and Operating System Program Execut...
- PHP: Effects of Wrapping Code in Class Const...

Developer Shed Affiliates

 


Dev Shed Tutorial Topics: