Solved

Stop Mass Signups? PHP Form Security Checks?

Posted on 2003-10-29
4
324 Views
Last Modified: 2008-02-26
Hi,

I was wondering where anyone can advise me how I would go about stopping automated signups for in PHP. I have seen systems where the script generates an image and the user types in the code that can be seen in the image.

I have searched the 'net but cant seem to find anything...

How do I do this?

TIA
Paul
0
Comment
Question by:pnh73
  • 2
4 Comments
 
LVL 2

Expert Comment

by:scully00000
ID: 9641289
If you are running PHP on Linux:

1. Get Zlib from wherever you get your libraries from (e.g. www.redhat.com). Install it.

2. Get libpng and install it.

3. Get Freetype and install it.

4. Compile the GD library.

5. Recompile PHP with the following options:
--with-gd=/usr/local --with-png-dir=/usr/local --with-freetype-dir=/usr/local --with-zlib-dir=/usr/local (replace /usr/local with wherever you installed the libraries)

Check PHP works.

Add a function like this:
function randomimg($numstring)

{
$im = ImageCreate (300, 40);
$grey = ImageColorAllocate ($im, 230, 230, 230);
$black = ImageColorAllocate ($im, 0, 0, 0);

ImageTTFText ($im, 20, 0, 10, 25, $black, "arial.ttf", $numstring);

ImagePng ($im);
ImageDestroy ($im);
}

Generate a random number string by your choice of method and pass it to this function.

Cheers
0
 
LVL 1

Author Comment

by:pnh73
ID: 9641749
I need a way of doing that doesnt require a linux base or a recompile of PHP as I will probably be serving the site from shared hosting and maybe not even off Linux (much to my dislike, but its the choice of my client).
0
 
LVL 11

Accepted Solution

by:
shmert earned 50 total points
ID: 9643063
Do a google search for "CAPTCHA".  http://www.captcha.net/

Note to scully:  I think a good captcha system will distort the images some, so OCR (Optical Character Recognition) systems can't decipher the image.  One low-tech way to do it would be to create your own alphabet of scrambled images, and then assemble them using <img> tags.  Just don't name the images anything obvious like 's.gif' or something.

Then, display a string of these images which spell out a word, and have the user registering type in the text to authenticate that he is, in fact, human.
0
 
LVL 1

Author Comment

by:pnh73
ID: 9645329
After a little bit more searching with the aid of the post from shmert i found the follwing which looks like it will work :D

http://www.planet-source-code.com/vb/scripts/ShowCode.asp?txtCodeId=739&lngWId=8

Thanks

Paul
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Build an array called $myWeek which will hold the array elements Today, Yesterday and then builds up the rest of the week by the name of the day going back 1 week.   (CODE) (CODE) Then you just need to pass your date to the function. If i…
Password hashing is better than message digests or encryption, and you should be using it instead of message digests or encryption.  Find out why and how in this article, which supplements the original article on PHP Client Registration, Login, Logo…
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…
The viewer will learn how to create a basic form using some HTML5 and PHP for later processing. Set up your basic HTML file. Open your form tag and set the method and action attributes.: (CODE) Set up your first few inputs one for the name and …

948 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now