Re: [php]Problem with rand
I use verification with images.
random.php
Code:
<?php
session_start();
// make a string with all the characters that we
// want to use as the verification code
$alphanum = "abcdefghijklmnopqrstuvwxyz0123456789";
// generate the verication code
$rand = substr(str_shuffle($alphanum), 0, 5);
// create the hash for the verification code
// and put it in the session
$_SESSION['image_random_value'] = md5($rand);
// create the image
$image = imagecreate(100, 30);
// use white as the background image
$bgColor = imagecolorallocate ($image, 255, 255, 255);
// the text color is black
$textColor = imagecolorallocate ($image, 0, 0, 0);
// write the random number
imagestring ($image, 5, 25, 8, $rand, $textColor);
// send several headers to make sure the image is not cached
// taken directly from the PHP Manual
// Date in the past
header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
// always modified
header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
// HTTP/1.1
header("Cache-Control: no-store, no-cache, must-revalidate");
header("Cache-Control: post-check=0, pre-check=0", false);
// HTTP/1.0
header("Pragma: no-cache");
// send the content type header so the image is displayed properly
header('Content-type: image/jpeg');
// send the image to the browser
imagejpeg($image);
// destroy the image to free up the memory
imagedestroy($image);
?>
Script:
Code:
<?
session_start();
$number = $_POST['code'];
if(!isset($_POST['submit'])) {
?>
<div>
<form action ="<?php echo $_SERVER['PHP_SELF']; ?>" method ="post">
Name:
<br/><input name="name" size="20" type="text" align="left" maxlength="20">
<br/>
Enter the security code:
<br/><input name ="code" size="20" type="text" align="left"><img src="random.php">
<br/>
Message:
<br/>
<textarea name="message" rows="5" cols="50"> Adding comments hasn't been enabled yet.</textarea>
<input type="submit" name="submit" value="Go">
</form>
</div>
<?php
} else {
if (md5($number) == $_SESSION['image_random_value']) {
SCRIPT
} else {
echo "Wrong security code";
}
?>
Re: [php]Problem with rand
PHP Code:
<?php
$scode = rand(1,9) . rand(1,9) . rand(1,9) . rand(1,9) . rand(1,9) . rand(1,9);
if(!isset($_POST['submit'])) {
?>
<div>
<form action ="<?php echo $_SERVER['PHP_SELF']; ?>" method ="post">
Name:
<br/><input name="name" size="20" type="text" align="left" maxlength="20">
<br/>
Enter the security code:
<br/><input name ="code" size="20" type="text" align="left"><?php echo"$scode";?>
<br/>
Message:
<br/>
<textarea name="message" rows="5" cols="50"> Adding comments hasn't been enabled yet.</textarea>
<input type="submit" name="submit" value="Go">
</form>
</div>
<?php
} else {
if($_POST['code'] == $scode) { ...rest of script} else {echo "Wrong security code";)
I'm not really good at PHP, but I think the first that happens: you generate a random number, then if the user hasn't clicked on submit, the form is created (and there the echo). after het clicks on submit, the whole page gets reloaded, and the first thing that happens again is, that you create a new random number. so probably you shoud swap these lines:
PHP Code:
$scode = rand(1,9) . rand(1,9) . rand(1,9) . rand(1,9) . rand(1,9) . rand(1,9);
if(!isset($_POST['submit'])) {
-->
PHP Code:
if(!isset($_POST['submit'])) {
$scode = rand(1,9) . rand(1,9) . rand(1,9) . rand(1,9) . rand(1,9) . rand(1,9);
I might be wrong though, never really used php
EDIT: hmm but then, if the page reloads, $scode is empty again I think, so you should probably save it somewhere..
Re: [php]Problem with rand
@ Equal: That's a bit too advanced for my script really.
@ ZoopaJr: Nope, does not work.
Re: [php]Problem with rand
Ofcourse it is different. You first generate the random code, than display it in the form. The form gets submitted and the page is refreshed. Than you generate a random code AGAIN, which is not the same as what the user entered.
PHP Code:
<?php
session_start();
if(!isset($_POST['submit'])) {
$_SESSION['scode'] = rand(1,9) . rand(1,9) . rand(1,9) . rand(1,9) . rand(1,9) . rand(1,9);
?>
<div>
<form action ="<?php echo $_SERVER['PHP_SELF']; ?>" method ="post">
Name:
<br/><input name="name" size="20" type="text" align="left" maxlength="20">
<br/>
Enter the security code:
<br/><input name ="code" size="20" type="text" align="left"><?php echo $_SESSION['scode'];?>
<br/>
Message:
<br/>
<textarea name="message" rows="5" cols="50"> Adding comments hasn't been enabled yet.</textarea>
<input type="submit" name="submit" value="Go">
</form>
</div>
<?php
} else {
if($_POST['code'] == $_SESSION['scode']) { ...rest of script} else {echo "Wrong security code";)
It is best to use GD lib for this kind of verifications (bot/human). This will generate an image with the code, encrypts the code and puts m in a DB. That is much saver as bots in your script will just be able to read the code (just like users can copy paste it).
Re: [php]Problem with rand
Re: [php]Problem with rand
Yah... you could just make the bot copy and paste the code...
There's a post somewhere in here that has a few good scripts for gd catchpas.
Re: [php]Problem with rand
Yea, I know it isn't a really good protection. But I don't think anyone would write a script just to spam my comic site...
Re: [php]Problem with rand
Well, I didn't read any post but the first one, but I got 2 suggestions that might help:
1. Use mt_rand() instead. It's better and faster
2. Store the rands in a DB, and send the code as a hidden field in the form.
3. Hi Pieman, been forever ;]
[Fd]
Re: [php]Problem with rand
As a hidden field? That would be just as insecure. Javascript injection and they can even choose what code they want to fill in...
