User Personalization with PHP: The Verification Code [Page 2] | 2 | WebReference

User Personalization with PHP: The Verification Code [Page 2] | 2


User Personalization with PHP: The Verification Code [con't]

The code is fairly easy to understand. First, we generate a random four-digit number. Notice that we also open a session. This is because later on in the script we will be storing this random number in a session variable. The number does not have to be four digits; it can be more:

Then we create a hash of the number and store it in a session variable. By creating a hash we make it difficult for any attacker to guess the four-digit number, instead they have to work out what the entire thirty-two characters are. Notice that we started a session at the top of the script. We use the md5() hash algorithm, it is suitable for this level of application security wise, if security is more of an issue for you then the SHA1() should be adequate. Syntactically it is used almost in the same way as you would use md5() like:


There is a slight difference between the two algorithms which is that the Md5() algorithm outputs a thirty-two character hash and the SHA1() outputs a forty character hash. Be sure to make the necessary changes elsewhere:

Then we create the image and set its co-ordinates:

We set the background image and font color:

Then we write the random number to the image and set the content type:

Finally, we send the image to the browser and free the resources that it was using:

Now that we have the image created, we need to show it on a form, so create a HTML form like so:

I've added a php script as an image(line 14), this script called numgen.php will display the image. When run, you should see something like this:

Figure 5.10

Now, our random number is not really written on a image as we expected, it is rather written on a background color. What we now have to do is to import an image and write the number on the image before it is shown in a form. Luckily, we do not need to change much of the code to do this. We simply use the imagecreatefromjpeg() function to create a image object from the image that we want to use and then draw the number on it. The function takes one parameter and has the following syntax:


So if the image that you want to use as the background is called roses.jpg then your code will look something like this:

The random number will then be written on the roses.jpg image and presented on the form. Again, this is not my preferred method of presenting a verification code, as it seems to slow down the rendering of the page in my browser, but for those of you who prefer attractive images to lure more visitors this is definitely the way to go.


I've modified the numgen.php to display a mix of numbers and letters, this makes it even harder for robots to guess the verification codes. You will notice this change in the source files that I will include towards the end of the authentication series of articles. The code verification script is optional and should only be implemented if security is a serious issue. I've tested the script on both Internet Explorer 6 and FireFox and found that page generation is slower in IE6 when a image is used as a background. In the next article, we will explore the login and logout scripts. These scripts are at the heart of the authentication section and acts as the doorway into our application.