PHP
  Home arrow PHP arrow Page 6 - Security Images in PHP
Dev Shed Forums  
Administration  
AJAX  
Apache  
BrainDump  
DHTML  
Flash  
Java  
JavaScript  
Multimedia  
MySQL  
Oracle  
Perl  
PHP  
Practices  
Python  
Reviews  
Security  
Smartphone Development  
Style-Sheets  
Web Services  
XML  
Zend  
Zope  
Mobile Linux  
App Generation ROI  
IBM® developerWorks  
Forums Sitemap  
E-Commerce Hosting  
Linux Web Hosting  
Managed Hosting  
Small Business Hosting  
VPS Hosting  
Weekly Newsletter

 
Developer Updates  
Free Website Content 
 RSS  Articles
 RSS  Forums
 RSS  All Feeds
Write For Us Get Paid  
Request Media Kit
Contact Us  
Site Map  
Privacy Policy  
Support  
 USERNAME
 
 PASSWORD
 
 
  >>> SIGN UP!  
  Lost Password? 
PHP

Security Images in PHP
By: Nathan Rohler
  • Search For More Articles!
  • Disclaimer
  • Author Terms
  • Rating: starstarstarstarstar / 109
    2004-09-08


    Table of Contents:
  • Security Images in PHP
  • Getting Started -- Securityimage.php
  • Set Other Text Variables
  • Code for securityimage.php
  • Creating the Sign-up Demo -- Signupdemo.php
  • Form Handler Script

  • Rate this Article: Poor Best 
      ADD THIS ARTICLE TO:
      error-file:tidyout.log Del.ici.ous error-file:tidyout.log Digg
      error-file:tidyout.log Blink error-file:tidyout.log Simpy
      error-file:tidyout.log Google error-file:tidyout.log Spurl
      error-file:tidyout.log Y! MyWeb error-file:tidyout.log Furl
    Email Me Similar Content When Posted
    Add Developer Shed Article Feed To Your Site
    Email Article To Friend
    Print Version Of Article
    PDF Version Of Article

     
     
    ADVERTISEMENT


    Security Images in PHP - Form Handler Script
    ( Page 6 of 6 )

    We are now ready to write the form handler script. We will be adding another PHP block just above the <form> tag. First of all, we connect to the MySQL database. Be sure to enter your username and password. Then, we check to see if the security_refid and security_try fields are defined. If so, we define $security_refid and $security_try based on the form values. After that, we call checkSecurityImage using the reference ID and the value the user entered. Based on the value returned, we tell the user if they entered the correct code or not.

    <?php
    if (isset($HTTP_POST_VARS["name"]) && isset($HTTP_POST_VARS["security_try"])) {
       //Connect to database
       mysql_connect("localhost", "username", "password");
       mysql_select_db("dw_php");
       //Set variables, and call checkSecurityImage
       $security_refid = $HTTP_POST_VARS["security_refid"];
       $security_try = $HTTP_POST_VARS["security_try"];
       $checkSecurity = checkSecurityImage($security_refid, $security_try);
       //Depending on result, tell user entered value was correct or incorrect
       if ($checkSecurity) {
          $validnot = "correct";
       } else {
          $validnot = "incorrect";
       }
       //Write output
       echo("<b>You entered this as the security text:</b><br>\n
       ".$security_try."<br>\n
       This is ".$validnot.".<br>\n
       -------------------------------<br><br>\n
       ");
    }
    ?>

    The complete code listing for signupdemo.php should now look like this:

    <?php
    //Define function to insert security image
    function insertSecurityImage($inputname) {
       $refid = md5(mktime()*rand());
       $insertstr = "<img src=\"securityimage.php?refid=".$refid."\" alt=\"Security Image\">\n
       <input type=\"hidden\" name=\"".$inputname."\" value=\"".$refid."\">";
       echo($insertstr);
    }

    //Define function to check security image confirmation
    function checkSecurityImage($referenceid, $enteredvalue) {
       $referenceid = mysql_escape_string($referenceid);
       $enteredvalue = mysql_escape_string($enteredvalue);
       $tempQuery = mysql_query("SELECT ID FROM security_images WHERE
       referenceid='".$referenceid."' AND hiddentext='".$enteredvalue."'");
       if (mysql_num_rows($tempQuery)!=0) {
          return true;
       } else {
          return false;
       }
    }
    ?>

    <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
    <html>
    <head>
    <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
    <title>Signup Demo</title>
    </head>
    <body>

    <?php
    if (isset($HTTP_POST_VARS["name"]) && isset($HTTP_POST_VARS["security_try"])) {
       //Connect to database
       mysql_connect("localhost", "username", "password");
       mysql_select_db("dw_php");
       //Set variables, and call checkSecurityImage
       $security_refid = $HTTP_POST_VARS["security_refid"];
       $security_try = $HTTP_POST_VARS["security_try"];
       $checkSecurity = checkSecurityImage($security_refid, $security_try);
       //Depending on result, tell user entered value was correct or incorrect
       if ($checkSecurity) {
          $validnot = "correct";
       } else {
          $validnot = "incorrect";
       }
       //Write output
       echo("<b>You entered this as the security text:</b><br>\n
       ".$security_try."<br>\n
       This is ".$validnot.".<br>\n
       -------------------------------<br><br>\n
       ");
    }
    ?>

    <form name="signupform" method="post" action="<?=$_SERVER["PHP_SELF"]?>">
    Please sign up for our website:
    <br>
    <br>
    Name:
    <input name="name" type="text" id="name">
    <br>
    <? insertSecurityImage("security_refid") ?>
    <br>
    Enter what you see:
    <input name="security_try" type="text" id="security_try" size="20" maxlength="10">
    (can't see? try reloading page)
    <br>
    <br>
    <input type="submit" name="Submit" value="Signup!">

    </body>
    </html>

    Preview signupdemo.php in a browser. You should see something like this:

    Security Images in PHP


    If you enter the text correctly, you should see something like this:

    Security Images in PHP

    Note: if you receive a MySQL error, ensure that you replaced "username" and "password" with the real values.

    Summary and Conclusion

    In this article we have learned how to use the GD Graphics Library, creating an easy solution to prevent computers from behaving like humans. We also wrote basic functions, allowing us to reuse the Security Image file in other applications.

    Until next time, happy coding :-)



     
     
    >>> More PHP Articles          >>> More By Nathan Rohler
     

       

    PHP ARTICLES

    - Building Dynamic Queries with Chainable Meth...
    - PHP Encryption and Decryption Methods
    - Building a MySQL Abstraction Class with Meth...
    - Completing a Sample String Processor with Me...
    - Mastering WHILE Loops for PHP and MySQL
    - Method Chaining: Adding More Methods to the ...
    - Method Chaining in PHP 5
    - The Role of Interfaces in Applying the Depen...
    - Dependency Injection: Using a Setter Method ...
    - Using a Model Class with the Dependency Inje...
    - Injecting Objects Using Setter Methods with ...
    - Injecting Objects by Constructor with the De...
    - The Dependency Injection Design Pattern in P...
    - Performing Inferential Statistical Analysis ...
    - Performing Descriptive Statistical Analysis ...





    © 2003-2009 by Developer Shed. All rights reserved. DS Cluster 6 Hosted by Hostway
    Stay green...Green IT