[RESOLVED] Picutre authentification

**NoteMe** · Jun 6th, 2006, 12:03 PM

I have made a nice picture with random letters popping up. But I have a questions. When you do this, how do you compare what they write with the picture it self.

I mean you have to store it somewhere as plain text don't you? And if you store it in the HTML then any bot can just read it. So what is the common practice for this kind of stuff?

- ØØ -

**irregular** · Jun 6th, 2006, 01:42 PM

i dont understand please explanation ?

**sunburnt** · Jun 6th, 2006, 01:53 PM

I suppose the answer is you need to remember it somehow on the server. If you have started a session with session_start(), session_register(), etc, then you can simply add the correct response to the $_SESSION assoc. array:

Code:

$_SESSION['correct_answer'] = 'abfj124';


// ....
if ($_GET['correct_answer'] == $_SESSION['correct_answer'])
{
   // ...
}

**penagate** · Jun 6th, 2006, 09:36 PM

We used a session var - another way would be to store the md5 of the code in the HTML. Session var is tidier though.

**NoteMe** · Jun 7th, 2006, 02:31 AM

Ahhh, heard about that. NEver tried it before. Will try it out, and tell you if I fail misserably..

- ØØ -

**visualAd** · Jun 7th, 2006, 07:01 AM

Using sesisons is the only bot proof way, an MD5 can be forged easy enough. Simply add the session ID to one of the form variables or append it to the query string. No need to use a session cookie.

I have a session handler which I will upload later.

**NoteMe** · Jun 7th, 2006, 10:11 AM

No need, I got it working. Even if the performance of my server these days is like someone is stuck on the F5 button on my front page.....

- ØØ -

Thread: [RESOLVED] Picutre authentification

Thread Tools

Display

[RESOLVED] Picutre authentification

Re: Picutre authentification

Re: Picutre authentification

Re: Picutre authentification

Re: Picutre authentification

Re: Picutre authentification

Re: [RESOLVED] Picutre authentification

Posting Permissions