Home arrow PHP arrow Page 3 - Security Images with PHP and ImageMagick

The Form - PHP

This article is intended to provide another look at Nathan Rohler's article that was recently published (the link is provided at the end of this article). His article illustrated how to use a database and PHP's image functions based on the GD library to create random security images. This article will demonstrate how to achieve the same goal (albeit with slightly different results) by using ImageMagick. I chose not to use hidden form fields and a database and instead opted for session variables, a much simpler and more efficient approach for our objective.

TABLE OF CONTENTS:
  1. Security Images with PHP and ImageMagick
  2. The Image Generator
  3. The Form
  4. Conclusion
By: David Fells
Rating: starstarstarstarstar / 45
October 05, 2004

print this article
SEARCH DEV SHED

TOOLS YOU CAN USE

advertisement

Our form is much simpler and has very little PHP code in it. It starts out quite simply and in similar fashion to the securityimage.php script except that this page is sending HTML output to the browser so we have the usual HTML up top.

<?php
ob_start(); 
session_start();
?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="
http://www.w3.org/1999/xhtml">
<head>
<title>Secure Images Demo</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
</head>
<body>

Once that's done, we can define our form function. Putting the form in a function allows us to call it selectively rather than showing the form again even after successful submittal (as was the case in the original article). The function is simple and contains a minimal form:

<?php
function Form() {
 ?>
 <form method="post">
 Please sign up for our website:<br /><br />
 Your Name: <input name="name" type="text" size="25" /> <br /><br />
 <img alt="Security Image" src="securityimage.php" /><br/ ><br/ >
 Enter what you see: <input name="securityImageValue" type="text" size="15" /><br /><br />
 <input type="submit" name="Submit" value="Signup!" />
 </form>
 <?php
}

The most notable part of the form itself is that the image points directly to the securityimage.php script. Remember, the securityimage.php script sends an image directly back to the browser, no HTML, so this works just fine. Next we will define our form handler.

if (isset($_POST['securityImageValue']) && isset($_SESSION['strSec'])) {
 if (md5($_POST['securityImageValue']) == $_SESSION['strSec']) {
  print 'You correctly enetered the security image text. Goody for you.';
 }
 else {
  print 'The text you entered does not match the security image you saw. Please try again.<br /><br />';
  Form();
 } 
}
else
 Form();

This bit of code tests to see if the form has been submitted by checking to see if we have a security string hash in our session and if we have submitted a guess at the contents of the security string. If those two conditions prove to be false, we show the form. If they are met, we process the form. We take the md5 hash of the value entered by our user and compare it to the value we stored in their session. If they match, then the user entered the text from the security string correctly. If they do not match, then the wrong text was entered and we need to tell the user and show the form again. This could be made more sophisticated by only allowing a certain number of attempts by a user, but is not necessary, as the security image itself prevents automated signup on it's own. The last few lines of code just close our HTML and flush our output buffer.

?>

</body>
</html>

<?php
ob_end_flush();
?>



 
 
>>> More PHP Articles          >>> More By David Fells
 

blog comments powered by Disqus
escort Bursa Bursa escort Antalya eskort
   

PHP ARTICLES

- Hackers Compromise PHP Sites to Launch Attac...
- Red Hat, Zend Form OpenShift PaaS Alliance
- PHP IDE News
- BCD, Zend Extend PHP Partnership
- PHP FAQ Highlight
- PHP Creator Didn't Set Out to Create a Langu...
- PHP Trends Revealed in Zend Study
- PHP: Best Methods for Running Scheduled Jobs
- PHP Array Functions: array_change_key_case
- PHP array_combine Function
- PHP array_chunk Function
- PHP Closures as View Helpers: Lazy-Loading F...
- Using PHP Closures as View Helpers
- PHP File and Operating System Program Execut...
- PHP: Effects of Wrapping Code in Class Const...

Developer Shed Affiliates

 


Dev Shed Tutorial Topics: