Jump to content
xisto Community
Sign in to follow this  
8ennett

Image Verification Script Add A Security Image To Your Web Forms Easily

Recommended Posts

I use this script in most of my sites and find it to be a very reliable yet simple to implement at the same time. Ill run you through how the script works and also how to implement it. First this is a seperate php file from which ever one you want to add the image verification to. This should remain as is and not be modified with any additional code. randomImage.php

// First start the session        session_start();                // Next we test if the form has been submitted or not        if (isset($_POST['Submit'])){                	// Now we test to see if the users entered image code matches the real image        	if (md5($_POST['ranval']) == $_SESSION['ranval']){        		        		// If the entered code matches go to success page        		header('Location: success.htm');        		exit;        	}        	else {        		// If the entered code was incorrect go to wrong code page        		header('Location: wrong.htm');        		exit;        	}        }      <*form id="form1" name="form1" method="post" action="">          Enter Image Code:        <*input name="ranval" id="ranval" size="5" maxlength="5" type="text">        <*img src="randomImage.php" align="absmiddle" height="30" width="60">        <*input name="Submit" value="Submit" type="submit">

PLEASE REMEMBER TO REMOVE THE FOUR *'s FROM THE HTML TAGS, I HAD TO PUT THEM IN SO THEY WOULDN'T DISPLAY AS ACTUAL PAGE ELEMENTS! Now this is an example php file which the image will appear on. If you copy and paste the code in to a new php file you can call it what ever you like. The first part is commented so you know what each section does in the code, this will only run IF the form has been submitted. The rest is the html. There is a form with a box for entering the code and an image, however note the source of the image is our randomImage.php and not a jpg or whatever. When we call the randomImage.php file we are also writing the value of the images code to the session, however to ensure that nobody is monitoring the site traffic it is md5 encrypted before writing to the session. Now when we enter the code and submit it, the code we entered is md5 encrypted and then compared to md5 encrypted session variable, if it matches you are redirected to the success page, if not then you are redirected to the incorrect page. You can have any code run in the event of success or failure, such as a login page or so on, this is just a secure little add-on to prevent people from either brute forcing a password or bots from creating new accounts automatically. Enjoy!

Share this post


Link to post
Share on other sites

Just realised I forgot to add the background images, however you can get a copy of them and a more detailed description of how to implement this script here http://forums.xisto.com/topic/97648-topic/?findpost=1064408457

Actually looking over the code above the whole thing has gone mental, the php tags have dissapeared etc. Just use the above link for a more up to date example.

Edited by 8ennett (see edit history)

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×
×
  • Create New...

Important Information

Terms of Use | Privacy Policy | Guidelines | We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.