I have a site where users can sign up. I have had huge problems with people
using auto-signups, so I tried to stop them with an authentication image.
Someone has since gotten around that. I highly doubt he is using OCR. Can
someone try to figure out what's wrong with my code? Here it is:
Contents of auth_image.php:
<?php
$dbh = mysql_connect ("MYSERVER", "MYUSER", "MYPASS");
mysql_select_db ("MYDB",$dbh);
$authimage = ImageCreate(40,15);
$white = ImageColorAllocate($authimage, 255, 255, 255);
$black = ImageColorAllocate($authimage, 0, 0, 0);
header("Content-type: image/jpeg");
$getcode = mysql_fetch_array(mysql_query("select * from signupcodes where id
= '$id'"));
imagestring($authimage,5,0,0,$getcode[code],$black);
imagejpeg($authimage);
imagedestroy($authimage);
?>
Some code from signup.php:
//I do seed the random number in the header
$code = mt_rand(1000,9999);
mysql_query("insert into signupcodes(code) values('$code')");
$codeid = mysql_insert_id();
<input type=hidden name=codeid value=$codeid><img
src='authimage.php?id=$codeid'><br>
<b>Code from above:</b> <input type=text name=code><br>
At top of proccess_signup.php:
$getcode = mysql_fetch_array(mysql_query("select * from signupcodes where id
= '$codeid'"));
if($code != $getcode[code]){
die("<b>Error:</b> wrong code");
}
In the middle of process_signup.php, after I've done checks of a few other
things:
echo "You're a member! :D<br><a href='/'>Back to homepage</a>";
mysql_query("delete from signupcodes where id='$codeid'") or print
