User Personalization with PHP: The Verification Code

This article is Part 2 of User Personalization with PHP: Beginning the Application.

In this article, we will be looking at user authentication. User authentication simply means verifying that a particular user has the right to access a part of our application. Because our application deals with user preferences, access control is even more pertinent especially since multiple users are going to try to access this application at any given time. To ensure that each user is treated as individual with their preferences loaded when they access the application, we are going to require some login information from the user. This information includes a username and password, which will be unique to each user. To track user activity we will make use of PHP's session management functionality. The authentication section of the application consists of about six scripts:

• login.php - This script is responsible for verifying a users login credentials. It presents the user with an HTML form that requires, among other things, a username and password, which must be entered in the form for validation. The script also starts or opens a session for the user upon successful login.
• logout.php - Simply logs a user out of the application and terminates any sessions that were created for the user.
• register.php - Adds new users to our site.
• activate.php - This script activates a new user's account.
• numgen.php - Generates a verification code for the login form.
• forgot_pass.php - Resets a forgotten password.

Access control in most cases, exists to make your application or resource more secure and to keep unwanted guests (such as hackers) out. As part of overall access control, we are going to add code to our login script, which will require the user to enter a code in addition to their username and password. This code will be contained in a script called numgen.php, which will be included on the login page. We've already mentioned previously that this is a pretty effective way of stopping automated logon by means of robots. The rest of the article will look at how to implement this functionality in this application

The Verification Code

As an added bonus, I've mentioned that there will be a verification code line on the login form so that we prevent automatic login by robots. Best of all, this script does not require any database interaction thus saving you resources and giving fast execution. We are going to implement it but I want to show two ways in which it is done. First, you can create your own image, print the number on it and then display it in the login form. This way of doing things slows your script somewhat. Alternatively, you can simply create a function that displays a random number and display it. This way is faster and my preferred way. The difference (apart from speed) is that with the first method, you can add pictures to your verification code and make it look nice. So to be fair, we will look at how to create a verification code using this method. Since the second method is my preferred method, I've already implemented it in the application. Whichever method you chose to use, each time you refresh your browser a new code will be generated.

To use the first method, you will need to check if the GD library is enabled in your version of PHP. I'm using PHP 5 and it is automatically enabled. To test if the library is enabled, run the following code:

<?php if (function_exists('imagecreate')) { echo "GD Library is enabled <br>\r\n<pre>"; var_dump(gd_info()); echo "</pre>"; } else { echo 'Sorry, you need to enable GD library first'; } ?>

The script basically checks if a function called imagecreate() is loaded. This function is part of the GD library and should be loaded and accessible if the library is loaded. Depending on your version of PHP, and whether the GD library is enabled, you should get a result similar to the one below:

GD Library is enabled array(12) { ["GD Version"]=> string(27) "bundled (2.0.34 compatible)" ["FreeType Support"]=> bool(true) ["FreeType Linkage"]=> string(13) "with freetype" ["T1Lib Support"]=> bool(true) ["GIF Read Support"]=> bool(true) ["GIF Create Support"]=> bool(true) ["JPG Support"]=> bool(true) ["PNG Support"]=> bool(true) ["WBMP Support"]=> bool(true) ["XPM Support"]=> bool(false) ["XBM Support"]=> bool(true) ["JIS-mapped Japanese Font Support"]=> bool(false) }

If you don't get a similar result then simply open up your PHP configuration file and go to the section that list all your extensions; it should look something like this:

Be sure to appropriately set the extension_dir directive. ;extension=php_bz2.dll ;extension=php_curl.dll ;extension=php_dba.dll ;extension=php_dbase.dll ;extension=php_exif.dll ;extension=php_fdf.dll extension=php_gd2.dll ;extension=php_gettext.dll ;extension=php_gmp.dll ;extension=php_ifx.dll ;extension=php_imap.dll ;extension=php_interbase.dll ;extension=php_ldap.dll ;extension=php_mbstring.dll ;extension=php_mcrypt.dll ;extension=php_mhash.dll extension=php_mime_magic.dll ;extension=php_ming.dll ;extension=php_msql.dll ;extension=php_mssql.dll extension=php_mysql.dll extension=php_mysqli.dll ;extension=php_oci8.dll ;extension=php_openssl.dll extension=php_pdo.dll ;extension=php_pdo_firebird.dll ;extension=php_pdo_mssql.dll ;extension=php_pdo_mysql.dll ;extension=php_pdo_oci.dll ;extension=php_pdo_oci8.dll ;extension=php_pdo_odbc.dll ;extension=php_pdo_pgsql.dll ;extension=php_pdo_sqlite.dll ;extension=php_pgsql.dll ;extension=php_pspell.dll ;extension=php_shmop.dll ;extension=php_snmp.dll ;extension=php_soap.dll ;extension=php_sockets.dll ;extension=php_sqlite.dll ;extension=php_sybase_ct.dll ;extension=php_tidy.dll ;extension=php_xmlrpc.dll ;extension=php_xsl.dll ;extension=php_zip.dll

and uncomment the following line:

extension=php_gd2.dll

Depending on what version of PHP you have, the extensions list might look different; either way, look for the GD library. Also, make sure that the DLL file is actually in your extensions folder. Once you've enable the GD library and all is well, the first thing we need to do is to create the verification image. Below is the code that does this:

<?php session_start(); // generate 4 digit random number $rndval = rand(1000, 9999); // create the hash for the random number and put it in the session $_SESSION['rndnum'] = md5($rndval); // create the image $img = imagecreate(60, 30); // set background image $bgc = imagecolorallocate ($img, 255, 251, 205); // the text color is black $fontcolor = imagecolorallocate ($img, 0, 0, 0); // write the random number imagestring ($img, 5, 5, 8, $rndval, $fontcolor); // send the content type header so the image is displayed properly header('Content-type: image/jpeg'); // send the image to the browser imagejpeg($img); // destroy the image to free up the memory imagedestroy($img); ?>

Find a programming school near you

Zip Code:

Subject: - Select All Subjects - Computer Applications Computer Engineering Computer Science Computer Prog. - Software Dev. Computer Game Programming Web Design Web Development Internet Systems Internet Certification Database Design and Development Information Systems Management Information Technology Project Management Network Design - Development Systems Analyst

Degree: - Select All Degrees - Associate's Bachelor's Master's Doctoral Certificates Diplomas Coursework MBA

Online Campus Both