Image Verification Script Add A Security Image To Your Web Forms Easily

[8ennett 0]

I use this script in most of my sites and find it to be a very reliable yet simple to implement at the same time. Ill run you through how the script works and also how to implement it. First this is a seperate php file from which ever one you want to add the image verification to. This should remain as is and not be modified with any additional code. randomImage.php

// First start the session        session_start();                // Next we test if the form has been submitted or not        if (isset($_POST['Submit'])){                	// Now we test to see if the users entered image code matches the real image        	if (md5($_POST['ranval']) == $_SESSION['ranval']){        		        		// If the entered code matches go to success page        		header('Location: success.htm');        		exit;        	}        	else {        		// If the entered code was incorrect go to wrong code page        		header('Location: wrong.htm');        		exit;        	}        }      <*form id="form1" name="form1" method="post" action="">          Enter Image Code:        <*input name="ranval" id="ranval" size="5" maxlength="5" type="text">        <*img src="randomImage.php" align="absmiddle" height="30" width="60">        <*input name="Submit" value="Submit" type="submit">

PLEASE REMEMBER TO REMOVE THE FOUR *'s FROM THE HTML TAGS, I HAD TO PUT THEM IN SO THEY WOULDN'T DISPLAY AS ACTUAL PAGE ELEMENTS! Now this is an example php file which the image will appear on. If you copy and paste the code in to a new php file you can call it what ever you like. The first part is commented so you know what each section does in the code, this will only run IF the form has been submitted. The rest is the html. There is a form with a box for entering the code and an image, however note the source of the image is our randomImage.php and not a jpg or whatever. When we call the randomImage.php file we are also writing the value of the images code to the session, however to ensure that nobody is monitoring the site traffic it is md5 encrypted before writing to the session. Now when we enter the code and submit it, the code we entered is md5 encrypted and then compared to md5 encrypted session variable, if it matches you are redirected to the success page, if not then you are redirected to the incorrect page. You can have any code run in the event of success or failure, such as a login page or so on, this is just a secure little add-on to prevent people from either brute forcing a password or bots from creating new accounts automatically. Enjoy!

[HannahI 0]

I didn't try this out, but I looked over the code and it looked like it would work. Great script.

[8ennett 0]

Just realised I forgot to add the background images, however you can get a copy of them and a more detailed description of how to implement this script here http://forums.xisto.com/topic/97648-topic/?findpost=1064408457

Actually looking over the code above the whole thing has gone mental, the php tags have dissapeared etc. Just use the above link for a more up to date example.

Edited August 12, 2010 by 8ennett (see edit history)