Learn how to create a sign-up form for a website with a security image. The image prevents fake sign-ups and spam. In this tutorial, we will learn how to create a security image template, then put it to use.
We are now ready to write the form handler script. We will be adding another PHP block just above the <form> tag. First of all, we connect to the MySQL database. Be sure to enter your username and password. Then, we check to see if the security_refid and security_try fields are defined. If so, we define $security_refid and $security_try based on the form values. After that, we call checkSecurityImage using the reference ID and the value the user entered. Based on the value returned, we tell the user if they entered the correct code or not.
<?php if (isset($HTTP_POST_VARS["name"]) && isset($HTTP_POST_VARS["security_try"])) { //Connect to database mysql_connect("localhost", "username", "password"); mysql_select_db("dw_php"); //Set variables, and call checkSecurityImage $security_refid = $HTTP_POST_VARS["security_refid"]; $security_try = $HTTP_POST_VARS["security_try"]; $checkSecurity = checkSecurityImage($security_refid, $security_try); //Depending on result, tell user entered value was correct or incorrect if ($checkSecurity) { $validnot = "correct"; } else { $validnot = "incorrect"; } //Write output echo("<b>You entered this as the security text:</b><br>\n ".$security_try."<br>\n This is ".$validnot.".<br>\n -------------------------------<br><br>\n "); } ?>
The complete code listing for signupdemo.php should now look like this:
<?php //Define function to insert security image function insertSecurityImage($inputname) { $refid = md5(mktime()*rand()); $insertstr = "<img src=\"securityimage.php?refid=".$refid."\" alt=\"Security Image\">\n <input type=\"hidden\" name=\"".$inputname."\" value=\"".$refid."\">"; echo($insertstr); }
//Define function to check security image confirmation function checkSecurityImage($referenceid, $enteredvalue) { $referenceid = mysql_escape_string($referenceid); $enteredvalue = mysql_escape_string($enteredvalue); $tempQuery = mysql_query("SELECT ID FROM security_images WHERE referenceid='".$referenceid."' AND hiddentext='".$enteredvalue."'"); if (mysql_num_rows($tempQuery)!=0) { return true; } else { return false; } } ?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <title>Signup Demo</title> </head> <body>
<?php if (isset($HTTP_POST_VARS["name"]) && isset($HTTP_POST_VARS["security_try"])) { //Connect to database mysql_connect("localhost", "username", "password"); mysql_select_db("dw_php"); //Set variables, and call checkSecurityImage $security_refid = $HTTP_POST_VARS["security_refid"]; $security_try = $HTTP_POST_VARS["security_try"]; $checkSecurity = checkSecurityImage($security_refid, $security_try); //Depending on result, tell user entered value was correct or incorrect if ($checkSecurity) { $validnot = "correct"; } else { $validnot = "incorrect"; } //Write output echo("<b>You entered this as the security text:</b><br>\n ".$security_try."<br>\n This is ".$validnot.".<br>\n -------------------------------<br><br>\n "); } ?>
<form name="signupform" method="post" action="<?=$_SERVER["PHP_SELF"]?>"> Please sign up for our website: <br> <br> Name: <input name="name" type="text" id="name"> <br> <? insertSecurityImage("security_refid") ?> <br> Enter what you see: <input name="security_try" type="text" id="security_try" size="20" maxlength="10"> (can't see? try reloading page) <br> <br> <input type="submit" name="Submit" value="Signup!">
</body> </html>
Preview signupdemo.php in a browser. You should see something like this:
If you enter the text correctly, you should see something like this:
Note: if you receive a MySQL error, ensure that you replaced "username" and "password" with the real values.
Summary and Conclusion
In this article we have learned how to use the GD Graphics Library, creating an easy solution to prevent computers from behaving like humans. We also wrote basic functions, allowing us to reuse the Security Image file in other applications.
Designing a Captcha System with PHP and MySQL
