PHP
  Home arrow PHP arrow Page 6 - Security Images in PHP
Dev Shed Forums 
Administration  
AJAX  
Apache  
BrainDump  
DHTML  
Flash  
Java  
JavaScript  
Multimedia  
MySQL  
Oracle  
Perl  
PHP  
Practices  
Python  
Reviews  
Security  
Style-Sheets  
Web Services  
XML  
Zend  
Zope  
Forums Sitemap 
IBM® developerWorks 
Sun Developer Network 
Dedicated Servers 
E-Commerce Hosting 
Linux Web Hosting 
Managed Hosting 
Small Business Hosting 
Moblin 
JMSL Numerical Library 
VPS Hosting 
Weekly Newsletter

 
Developer Updates  
Free Website Content 
 RSS  Articles
 RSS  Forums
 RSS  All Feeds
Write For Us Get Paid 
Request Media Kit
Contact Us 
Site Map 
Privacy Policy 
Support 
 USERNAME
 
 PASSWORD
 
 
  >>> SIGN UP!  
  Lost Password? 
PHP

Security Images in PHP
By: Nathan Rohler
  • Search For More Articles!
  • Disclaimer
  • Author Terms
  • Rating: 5 stars5 stars5 stars5 stars5 stars / 104
    2004-09-08

    Table of Contents:
  • Security Images in PHP
  • Getting Started -- Securityimage.php
  • Set Other Text Variables
  • Code for securityimage.php
  • Creating the Sign-up Demo -- Signupdemo.php
  • Form Handler Script

  • Rate this Article: Poor Best 
      ADD THIS ARTICLE TO:
      Del.ici.ous Digg
      Blink Simpy
      Google Spurl
      Y! MyWeb Furl
    Email Me Similar Content When Posted
    Add Developer Shed Article Feed To Your Site
    Email Article To Friend
    Print Version Of Article
    PDF Version Of Article
     
     
    ADVERTISEMENT


    Security Images in PHP - Form Handler Script


    (Page 6 of 6 )

    We are now ready to write the form handler script. We will be adding another PHP block just above the <form> tag. First of all, we connect to the MySQL database. Be sure to enter your username and password. Then, we check to see if the security_refid and security_try fields are defined. If so, we define $security_refid and $security_try based on the form values. After that, we call checkSecurityImage using the reference ID and the value the user entered. Based on the value returned, we tell the user if they entered the correct code or not.

    <?php
    if (isset($HTTP_POST_VARS["name"]) && isset($HTTP_POST_VARS["security_try"])) {
       //Connect to database
       mysql_connect("localhost", "username", "password");
       mysql_select_db("dw_php");
       //Set variables, and call checkSecurityImage
       $security_refid = $HTTP_POST_VARS["security_refid"];
       $security_try = $HTTP_POST_VARS["security_try"];
       $checkSecurity = checkSecurityImage($security_refid, $security_try);
       //Depending on result, tell user entered value was correct or incorrect
       if ($checkSecurity) {
          $validnot = "correct";
       } else {
          $validnot = "incorrect";
       }
       //Write output
       echo("<b>You entered this as the security text:</b><br>\n
       ".$security_try."<br>\n
       This is ".$validnot.".<br>\n
       -------------------------------<br><br>\n
       ");
    }
    ?>

    The complete code listing for signupdemo.php should now look like this:

    <?php
    //Define function to insert security image
    function insertSecurityImage($inputname) {
       $refid = md5(mktime()*rand());
       $insertstr = "<img src=\"securityimage.php?refid=".$refid."\" alt=\"Security Image\">\n
       <input type=\"hidden\" name=\"".$inputname."\" value=\"".$refid."\">";
       echo($insertstr);
    }

    //Define function to check security image confirmation
    function checkSecurityImage($referenceid, $enteredvalue) {
       $referenceid = mysql_escape_string($referenceid);
       $enteredvalue = mysql_escape_string($enteredvalue);
       $tempQuery = mysql_query("SELECT ID FROM security_images WHERE
       referenceid='".$referenceid."' AND hiddentext='".$enteredvalue."'");
       if (mysql_num_rows($tempQuery)!=0) {
          return true;
       } else {
          return false;
       }
    }
    ?>

    <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
    <html>
    <head>
    <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
    <title>Signup Demo</title>
    </head>
    <body>

    <?php
    if (isset($HTTP_POST_VARS["name"]) && isset($HTTP_POST_VARS["security_try"])) {
       //Connect to database
       mysql_connect("localhost", "username", "password");
       mysql_select_db("dw_php");
       //Set variables, and call checkSecurityImage
       $security_refid = $HTTP_POST_VARS["security_refid"];
       $security_try = $HTTP_POST_VARS["security_try"];
       $checkSecurity = checkSecurityImage($security_refid, $security_try);
       //Depending on result, tell user entered value was correct or incorrect
       if ($checkSecurity) {
          $validnot = "correct";
       } else {
          $validnot = "incorrect";
       }
       //Write output
       echo("<b>You entered this as the security text:</b><br>\n
       ".$security_try."<br>\n
       This is ".$validnot.".<br>\n
       -------------------------------<br><br>\n
       ");
    }
    ?>

    <form name="signupform" method="post" action="<?=$_SERVER["PHP_SELF"]?>">
    Please sign up for our website:
    <br>
    <br>
    Name:
    <input name="name" type="text" id="name">
    <br>
    <? insertSecurityImage("security_refid") ?>
    <br>
    Enter what you see:
    <input name="security_try" type="text" id="security_try" size="20" maxlength="10">
    (can't see? try reloading page)
    <br>
    <br>
    <input type="submit" name="Submit" value="Signup!">

    </body>
    </html>

    Preview signupdemo.php in a browser. You should see something like this:

    Security Images in PHP


    If you enter the text correctly, you should see something like this:

    Security Images in PHP

    Note: if you receive a MySQL error, ensure that you replaced "username" and "password" with the real values.

    Summary and Conclusion

    In this article we have learned how to use the GD Graphics Library, creating an easy solution to prevent computers from behaving like humans. We also wrote basic functions, allowing us to reuse the Security Image file in other applications.

    Until next time, happy coding :-)


    DISCLAIMER: The content provided in this article is not warranted or guaranteed by Developer Shed, Inc. The content provided is intended for entertainment and/or educational purposes in order to introduce to the reader key ideas, concepts, and/or product reviews. As such it is incumbent upon the reader to employ real-world tactics for security and implementation of best practices. We are not liable for any negative consequences that may result from implementing any information covered in our articles or tutorials. If this is a hardware review, it is not recommended to open and/or modify your hardware.

       · Good article, I would cut out the hidden form fields and database and use session...
       · I think the author needs to upgrade their version of php, because $HTTP_GET_VARS is...
       · maybe it would be better not to store $hiddentext in mysql, but its...
       · Very good article[url=http://www.virtual-interconnect.co.uk/]Visit us[/url]
       · Seeing PHP3 code when PHP5 is current is a bit disappointing. The author should...
       · ...need to check random word through a list of profane words so you don't get the...
       · May not be supported, but it's still in use in a lot of places.
       · Wouldn't it even be possible to store an md5-hash in the form itself? That way there...
       · I get this error: "Fatal error: Call to undefined function: imagecreatefrompng() in...
       · hi, i think changing the option from png to jpeg will work fine . though some of the...
       · in function checkSecurityImage, after veirfying that row count is more then zero,...
       · Only if the hash mix the string and some other text known only by the php...
       · Great article! Helped me accomplish my task very quickly. Thanks for writing this...
       · This is a great article! I had some issues though with the implementation of...
       · I Think this article can be strengthened by the fuction imagecopyresized() where if...
       · The problem with the database method used in this example is that a bot could fill...
       · Only site visitors with cookies enabled would be able to use it.
       · Nice article. I'm having one problem though, there's no text on the generated image....
       · You can always have a small font.ttf and host the file in the same folder. but try a...
       · When you don't see the text, you have to change length in $length (for ($i=0;...
       · Do the support files work? I noticed things like form tags missing etc...When I...
       · Or just remove the vowels to avoid spelling any english word
       · It says that there are some files included, but they're not.. Handy handy
       · Hi,I am unable to get this to work - has anyone ahd any luck wih it. The data...
       · I'm not a php programmer.I'm carpenter.This article helped me best to put...
       · Since I'm a beginner to php, it's my first time come into GD library.This article...
       · This way gives you 24 hours to post, nice for people like me who leave the page open...
       · I dont what happen but my text in my image security is not there..why?tell me?
       · I am beginner PHP programmer. I like your article. From your article I got better...
     

       

    PHP ARTICLES

    - Validating Web Forms with the Code Igniter P...
    - Output Buffering
    - Paginating Database Records with the Code Ig...
    - HTTP Headers in Web Development
    - Project Management: Administration
    - Building a Database-Driven Application with ...
    - User Authentication for a Project Management...
    - Introduction to the CodeIgniter PHP Framework
    - Adding Users for a Project Management Applic...
    - Migrating Class Code for a MIME Email to PHP...
    - Login and Logout Authentication for a Projec...
    - Composing Messages in HTML for MIME Email wi...
    - Project Management: Authentication
    - A Better Way to Determine MIME Types for MIM...
    - Project Management Overview





    © 2003-2008 by Developer Shed. All rights reserved. DS Cluster 4 hosted by Hostway