473,327 Members | 2,055 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,327 software developers and data experts.

md5 - message digest encryption

118 100+
Hi all,

I am making a captcha image for my site to stop bots and such.

Expand|Select|Wrap|Line Numbers
  1. //captcha.php
  2. <?php
  3. session_start();
  4.  
  5. class CaptchaSecurityImages {
  6.  
  7.    var $font = 'calibri.ttf';
  8.  
  9.    function generateCode($characters) {
  10.       // list all possible characters, similar looking characters and vowels have been removed 
  11.       $possible = '23456789bcdfghjkmnpqrstvwxyz';
  12.       $code = '';
  13.       $i = 0;
  14.       while ($i < $characters) { 
  15.          $code .= substr($possible, mt_rand(0, strlen($possible)-1), 1);
  16.          $i++;
  17.       }
  18.       return $code;
  19.    }
  20.  
  21.    function CaptchaSecurityImages($width='200',$height='80',$characters='4') {
  22.       $code = $this->generateCode($characters);
  23.       // font size will be 75% of the image height 
  24.       $font_size = $height * 0.45;
  25.       $image = imagecreate($width, $height) or die('Cannot initialize new GD image stream');
  26.       // set the colours 
  27.      $background_color = imagecolorallocate($image, 155, 155, 200);
  28.       $text_color = imagecolorallocate($image, 215, 205, 255);
  29.       $noise_color = imagecolorallocate($image, 0, 0, 0);
  30.       /* generate random dots in background */
  31.       for( $i=0; $i<($width*$height)/3; $i++ ) {
  32.          imagefilledellipse($image, mt_rand(0,$width), mt_rand(0,$height), 1, 1, $noise_color);
  33.       }
  34.       // generate random lines in background 
  35.       for( $i=0; $i<($width*$height)/150; $i++ ) {
  36.          imageline($image, mt_rand(0,$width), mt_rand(0,$height), mt_rand(0,$width), mt_rand(0,$height), $noise_color);
  37.       }
  38.       // create textbox and add text
  39.       $textbox = imagettfbbox($font_size, 0, $this->font, $code) or die('Error in imagettfbbox function');
  40.       $x = ($width - $textbox[4])/2;
  41.       $y = ($height - $textbox[5])/2;
  42.       imagettftext($image, $font_size, -15, $x, $y, $text_color, $this->font , $code) or die('Error in imagettftext function');
  43.       // output captcha image to browser
  44.       header('Content-Type: image/jpeg');
  45.       imagejpeg($image);
  46.       imagepng($image, "captcha.png");
  47.       imagedestroy($image);
  48.       $_SESSION['security_code'] = $code;
  49.    }
  50.  
  51. }
  52.  
  53. $width = isset($_GET['width']) && $_GET['height'] < 600 ? $_GET['width'] : '200';
  54. $height = isset($_GET['height']) && $_GET['height'] < 200 ? $_GET['height'] : '80';
  55. $characters = isset($_GET['characters']) && $_GET['characters'] > 2 ? $_GET['characters'] : '4';
  56.  
  57. $captcha = new CaptchaSecurityImages($width,$height,$characters);
  58.  
  59. ?>
  60.  
Expand|Select|Wrap|Line Numbers
  1. //submission page
  2. <?php 
  3.    session_start();
  4.    if(($_SESSION['security_code'] == $_POST['security_code']) && (!empty($_SESSION['security_code'])) ) {
  5.       // Your code for processing the form here, e.g emailing the submission, entering it into a database. 
  6.       unset($_SESSION['security_code']);
  7.    } else {
  8.       // Your code for showing an error message here
  9.    }
  10. ?>
  11.  
But that is pretty basic in terms of being hackable. The code string can probably be read easily by an image analyzer.

How would I use (if I can at all) md5 or other encryption to encrypt the code string for the image to read but have normal characters in the captcha image?

Hope that makes sense,

Thanks,
Sam
Oct 11 '07 #1
1 1752
nathj
938 Expert 512MB
Hi,

First of all you could use hash('sha256', ...) as it is strnger than MD% and no more work for you.

I would think it possible to simply generate the text, run it throught the hash alogrithm and store that to the $_SESSION. Then take what the user enters, run it through the same algorithm and check it against the $_SESSION. If there's a match then great, if not then get them to do it again.

Does that answer the question?

Cheers
nathj
Oct 11 '07 #2

Sign in to post your reply or Sign up for a free account.

Similar topics

0
by: Jp Calderone | last post by:
I've been trying to implement support for this authentication scheme for a little while now, and in the last couple days I've been completely stumped. I know about the digest authentication code...
3
by: John Reese | last post by:
Hello there. I've run into some missing functionality with HTTP Digest authentication in the 2.3 library and I was wondering if I'm just missing something. Missing functionality the first:...
2
by: john | last post by:
I'm trying to access the XML version of my Tivo now playing list with python. It uses auth digest HTTP authentication. I could really use some help! I'm able to get this page using curl: curl...
2
by: trapeze.jsg | last post by:
Hi. Is there anybody who have tried to use python to access Microsofts MapPoint soap services? I am trying hard but I have run into a big thick wall called md5 digest authentication. The...
0
by: paul | last post by:
I must (as a client application) connect via HTTP, authenticate using DIGEST authentication, and then make subsequent HTTP requests. The Problem: If I use System.Net.WebClient or...
1
by: Thomas Liesner | last post by:
Hi all, this may have been asked before, but as a newbie with xmlrpc i can't find any suitable info on that. Sorry. I am trying to write a simple xmlrpc-client in python and the server i am...
5
by: mofoloom | last post by:
java program that will tae as input,an arbitrary block of plaintext and genere a message digest using MD-5. show that with high probability, about halve bits are on.also show that no different...
2
by: poolboi | last post by:
hey guys, I've stored password in mysql using SHA1 encryption do i need the module digest::SHA1 when i'm verifying password for user put in?
0
by: embeddedbob | last post by:
Hi there, I appreciate any help on the following issue. I can't seem to find any other similar topic. (CS4, ActionScript 3.0, Flash 10) I have a SWF embedded within a page that is protected by...
0
by: DolphinDB | last post by:
Tired of spending countless mintues downsampling your data? Look no further! In this article, you’ll learn how to efficiently downsample 6.48 billion high-frequency records to 61 million...
0
by: ryjfgjl | last post by:
ExcelToDatabase: batch import excel into database automatically...
0
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
1
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
1
by: PapaRatzi | last post by:
Hello, I am teaching myself MS Access forms design and Visual Basic. I've created a table to capture a list of Top 30 singles and forms to capture new entries. The final step is a form (unbound)...
1
by: CloudSolutions | last post by:
Introduction: For many beginners and individual users, requiring a credit card and email registration may pose a barrier when starting to use cloud servers. However, some cloud server providers now...
1
by: Shællîpôpï 09 | last post by:
If u are using a keypad phone, how do u turn on JavaScript, to access features like WhatsApp, Facebook, Instagram....
0
by: Faith0G | last post by:
I am starting a new it consulting business and it's been a while since I setup a new website. Is wordpress still the best web based software for hosting a 5 page website? The webpages will be...
0
isladogs
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 3 Apr 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome former...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.