Use this script to protect your contact form, your whois query tool or just a form where some extra validation is needed. How does it work?
A session will be created inside a dynamic image file (requires GD library). The random value of this image appears inside the generated CAPTCHA image. The user has to enter this value into a form field. While processing the form, the entered value get checked against the session value. Without entering the correct string a form will not be processed. This mechanism is very useful to protect your form again (spam) bots.
Create a php file with that code an call it "random.php"
session_start();
if (empty($_SESSION['rand_code'])) {
$str = "";
$length = 0;
for ($i = 0; $i < 4; $i++) {
// this numbers refer to numbers of the ascii table (small-caps)
$str .= chr(rand(97, 122));
}
$_SESSION['rand_code'] = $str;
}
$imgX = 60;
$imgY = 20;
$image = imagecreatetruecolor(60, 20);
$backgr_col = imagecolorallocate($image, 238,239,239);
$border_col = imagecolorallocate($image, 208,208,208);
$text_col = imagecolorallocate($image, 46,60,31);
imagefilledrectangle($image, 0, 0, 60, 20, $backgr_col);
imagerectangle($image, 0, 0, 59, 19, $border_col);
$font = "VeraSe.ttf"; // it's a Bitstream font check www.gnome.org for more
$font_size = 10;
$angle = 0;
$box = imagettfbbox($font_size, $angle, $font, $_SESSION['rand_code']);
$x = (int)($imgX - $box[4]) / 2;
$y = (int)($imgY - $box[5]) / 2;
imagettftext($image, $font_size, $angle, $x, $y, $text_col, $font, $_SESSION['rand_code']);
header("Content-type: image/png");
imagepng($image);
imagedestroy ($image);
?>
How-to use it?
Use this HTML code in your form:
This is the code to test the entered value:
// process your form here
// at least destroy the session
unset($_SESSION['rand_code']);
}
?>
A session will be created inside a dynamic image file (requires GD library). The random value of this image appears inside the generated CAPTCHA image. The user has to enter this value into a form field. While processing the form, the entered value get checked against the session value. Without entering the correct string a form will not be processed. This mechanism is very useful to protect your form again (spam) bots.
The PHP code snippet
Create a php file with that code an call it "random.php"
session_start();
if (empty($_SESSION['rand_code'])) {
$str = "";
$length = 0;
for ($i = 0; $i < 4; $i++) {
// this numbers refer to numbers of the ascii table (small-caps)
$str .= chr(rand(97, 122));
}
$_SESSION['rand_code'] = $str;
}
$imgX = 60;
$imgY = 20;
$image = imagecreatetruecolor(60, 20);
$backgr_col = imagecolorallocate($image, 238,239,239);
$border_col = imagecolorallocate($image, 208,208,208);
$text_col = imagecolorallocate($image, 46,60,31);
imagefilledrectangle($image, 0, 0, 60, 20, $backgr_col);
imagerectangle($image, 0, 0, 59, 19, $border_col);
$font = "VeraSe.ttf"; // it's a Bitstream font check www.gnome.org for more
$font_size = 10;
$angle = 0;
$box = imagettfbbox($font_size, $angle, $font, $_SESSION['rand_code']);
$x = (int)($imgX - $box[4]) / 2;
$y = (int)($imgY - $box[5]) / 2;
imagettftext($image, $font_size, $angle, $x, $y, $text_col, $font, $_SESSION['rand_code']);
header("Content-type: image/png");
imagepng($image);
imagedestroy ($image);
?>
How-to use it?
Use this HTML code in your form:
This is the code to test the entered value:
// process your form here
// at least destroy the session
unset($_SESSION['rand_code']);
}
?>
0 comments:
Post a Comment