User Personalization with PHP: The Verification Code [con't]
The code is fairly easy to understand. First, we
generate a random four-digit number. Notice that we
also open a session. This is because later on in the script we will be storing
this random number in a session variable. The number
does not have to be four digits; it can be more:
Then we create a hash of the number and store it in a session variable. By
creating a hash we make it difficult for any attacker to guess the four-digit number, instead they have to work out what the
entire thirty-two characters are. Notice that we started a session at the top
of the script. We use the md5()
hash algorithm, it is suitable for this level of application security wise, if
security is more of an issue for you then the SHA1() should be adequate. Syntactically it is used
almost in the same way as you would use md5()
like:SHA1($string)
There is a slight difference between the two algorithms which is that the Md5() algorithm outputs a thirty-two
character hash and the SHA1()
outputs a forty character hash. Be sure to make the necessary changes
elsewhere:
Then we create the image and set its co-ordinates:
We set the background image and font color:
Then we write the random number to the image and set the content type:
Finally, we send the
image to the browser and free the resources that it was using:
Now that we have the image created, we need to show
it on a form, so create a HTML form like so:
I've added a php script as an image(line 14), this script called numgen.php will display the image. When
run, you should see something like this:
Figure 5.10
Now, our random number is not really written on a image as we expected, it is
rather written on a background color. What we now
have to do is to import an image and write the number on the image before it is
shown in a form. Luckily, we do not need to change
much of the code to do this. We simply use the imagecreatefromjpeg() function
to create a image object from the image that we want to use and then draw the
number on it. The function takes one parameter and has the following syntax:imagecreatefromjpeg($filename)
So if the image that you want to use as the background is called roses.jpg then your code will look
something like this:
The random number will then be written on the roses.jpg image and presented on the form. Again, this is
not my preferred method of presenting a verification code,
as it seems to slow down the rendering of the page in my browser, but for those
of you who prefer attractive images to lure more visitors this is definitely
the way to go.
Conclusion
I've modified the numgen.php
to display a mix of numbers and letters, this makes it even harder for robots
to guess the verification codes. You will notice this change in the source
files that I will include towards the end of the
authentication series of articles. The code verification script is optional and
should only be implemented if security is a serious issue. I've tested the
script on both Internet Explorer 6 and FireFox and found that page generation
is slower in IE6 when a image is used as a background. In the next article, we will explore the login and logout scripts.
These scripts are at the heart of the authentication section and acts as the doorway into our application.
Find a programming school near you