Leif K-Brooks wrote:
I'm using a verification code image to stop automated sign ups, but two hackers seem to be OCRing it. I've looked through the registration script, and there's definitley no security holes. Does anyone have any ideas as to making the image harder to OCR?Use two different shades of one color (ie. blue and somewhat lighter blue). You may also want to do some tricks with the form of the characters, so instead having a nice "0" on your screen, you can use dots to somewhat represent it. (Much like the color-blindness tests do).
regards,
Derick
<?php
// seed with microseconds
function make_seed() {
list($usec, $sec) = explode(' ', microtime());
return (float) $sec + ((float) $usec * 100000);
}
$seed = make_seed();
mt_srand($seed);
$dbh = mysql_connect ("", "", "") or exit;
mysql_select_db ("",$dbh) or exit;
$authimage = ImageCreate(40,15);
$bgnum = mt_rand(1,3);
switch($bgnum){
case 1:
$white = ImageColorAllocate($authimage, mt_rand(250,255), mt_rand(250,255), mt_rand(250,255));
break;
case 2:
$green = ImageColorAllocate($authimage, mt_rand(0,5), mt_rand(250,255), mt_rand(0,5));
break;
case 3:
$yellow = ImageColorAllocate($authimage, mt_rand(250,255), mt_rand(250,255), mt_rand(0,5));
break;
}
$black = ImageColorAllocate($authimage, mt_rand(0,30), 0, 0);
header("Content-type: image/png");
$getcode = mysql_fetch_array(mysql_query("select * from signupcodes where id = '$id'"));
imagestring($authimage,mt_rand(4,5),mt_rand(0,5),0,$getcode['code'],$black);
imageline($authimage,0,mt_rand(0,15),40,mt_rand(0,15),$black);
imageline($authimage,0,mt_rand(0,15),40,mt_rand(0,15),$black);
imagepng($authimage);
imagedestroy($authimage);
?>
-- ------------------------------------------------------------------------- Derick Rethans http://derickrethans.nl/ PHP Magazine - PHP Magazine for Professionals http://php-mag.net/ ------------------------------------------------------------------------- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
