At 9:11 PM -0400 22/4/02, Leif K-Brooks wrote:
At 9:11 PM -0400 22/4/02, Leif K-Brooks wrote:
>I have a site where users can sign up. I have had huge problems with people
>using auto-signups, so I tried to stop them with an authentication image.
>Someone has since gotten around that. I highly doubt he is using OCR. Can
>someone try to figure out what's wrong with my code?
I can't see anything wrong with it. Maybe the hacker is smarter than
you give him credit for.
>$authimage = ImageCreate(40,15);
Try randomising the size of the image. That'll stuff up any hash tables
he's built.
>imagestring($authimage,5,0,0,$getcode[code],$black);
and try varying the offset of the string in the image.
>$code = mt_rand(1000,9999);
Only 8999 possible codes? Is he brute-forcing it?
Check the server logs for thousands of verification attempts.
>if($code != $getcode[code]){
>die("<b>Error:</b> wrong code");
And consider deleting the code after 3 incorrect attempts.
...R.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
