Jump to content


Photo

DaDaBIK with CAPTCHA login


  • Please log in to reply
6 replies to this topic

#1 quasiman

quasiman
  • Members
  • PipPipPip
  • Advanced Member
  • 194 posts
  • LocationPortland, Oregon

Posted 10 August 2006 - 06:17 PM

I'm working in DaDaBIK, and I need to increase the security a bit for this project.  So one of my changes I'm adding on CAPTCHA authentication to the login.  My problem is the number $_POST doesn't seem to be passing through the session correctly, and won't validate with the the image.

This modification uses two of the DaDaBIK files and a captcha.php:

include/forms/login.php (the displayed login form)
<table summary="login" class="table_login_form" align="center">
<tr class="tr_header_login_form">
<td valign=top>
<b><?php echo $login_messages_ar['please_authenticate']; ?></b>
</td>
</tr>
<tr>
<td valign="top" align="center">
<br>
<form method="post" action="<?php echo $dadabik_login_file; ?>?function=check_login">
<table>
<tr><td><?php echo $login_messages_ar['username']; ?></td><td><input type="text" name="username_user" class="input_login_form"></td></tr>
<tr><td><?php echo $login_messages_ar['password']; ?></td><td><input type="password" name="password_user" class="input_login_form"></td></tr>
<tr><td>&nbsp;</td><td><img src="captcha.php"></td></tr>
<tr><td><?php echo $login_messages_ar['captcha']; ?></td><td><input type="text" name="number" class="input_login_form"></td></tr>
<tr><td colspan="2" align="center"><input type="submit" value="<?php echo $login_messages_ar['login']; ?>"></td></tr>
</table>

</form>
</tr>
</td>
</table>

login.php
$key = $_SESSION['key'];
$_SESSION['number'] = $_POST['number'];
$number = $_SESSION['number'];

$show_record_numbers_change_table = 0;

switch($function){
	case 'check_login':

		if ( $_POST['username_user'] === '' || $_POST['password_user'] === '' || $_POST['number'] === '') {
			txt_out('<p align="center">'.$login_messages_ar['username_password_are_required'].'</p>', 'error_messages_form');
			include './include/forms/login.php';
		} // end if
		elseif ($number!=$key) {	//CHECK CAPTCHA
			txt_out('<p align="center">'.$login_messages_ar['captcha_auth'].'</p>', 'error_messages_form');
			include './include/forms/login.php';
		} // end if
		else{
			$_SESSION['logged_user_infos_ar'] = get_user_infos_ar_from_username_password($_POST['username_user'], $_POST['password_user']);

			//var_dump ($_SESSION['logged_user_infos_ar']);
			//exit;
			if ( $_SESSION['logged_user_infos_ar'] !== false){
				//header ('Location: '.$site_url.'index.php');
				header ('Location: '.$site_url.$dadabik_main_file);
				die();
			} // end if
			else{
				unset($_SESSION['logged_user_infos_ar']);
				txt_out('<p align="center">'.$login_messages_ar['incorrect_login'].'</p>', 'error_messages_form');
				include './include/forms/login.php';
			} // end else
		} // end else
		break; // case 'check_login'
	case 'logout':
		unset($_SESSION['logged_user_infos_ar']);
		header ('Location: '.$site_url.$dadabik_login_file);
		die();
		break; // case 'logout'
	case 'show_login_form':
		include './include/forms/login.php';
		break; // case 'show_login_form'
} // end swtich ($function)

// include footer
include ("./include/footer.php");

And finally - captcha.php
session_start();

$RandomStr = md5(microtime());// md5 to generate the random string

$ResultStr = substr($RandomStr,0,5);//trim 5 digit 

$NewImage =imagecreatefromjpeg("img.jpg");//image create by existing image and as back ground 

$LineColor = imagecolorallocate($NewImage,233,239,239);//line color 
$TextColor = imagecolorallocate($NewImage, 255, 255, 255);//text color-white

imageline($NewImage,1,1,40,40,$LineColor);//create line 1 on image 
imageline($NewImage,1,100,60,0,$LineColor);//create line 2 on image 


imagestring($NewImage, 5, 20, 10, $ResultStr, $TextColor);// Draw a random string horizontally 

$_SESSION['key'] = $ResultStr;// carry the data through session

header("Content-type: image/jpeg");// out out the image 

imagejpeg($NewImage);//Output image to browser 


#2 quasiman

quasiman
  • Members
  • PipPipPip
  • Advanced Member
  • 194 posts
  • LocationPortland, Oregon

Posted 10 August 2006 - 06:23 PM

oh, and 'captcha_auth' above just points to the language file as "Text from image incorrect"

#3 xAtlas

xAtlas
  • Members
  • PipPip
  • Member
  • 18 posts

Posted 11 August 2006 - 03:25 PM

What happens if you try this:

//removed a third = in the IF contruct


		if ( $_POST['username_user'] == '' || $_POST['password_user'] == '' || $_POST['number'] == '') {
			txt_out('<p align="center">'.$login_messages_ar['username_password_are_required'].'</p>', 'error_messages_form');
			include './include/forms/login.php';
		} // end if
		elseif ($number != $key) {	//CHECK CAPTCHA
			txt_out('<p align="center">'.$login_messages_ar['captcha_auth'].'</p>', 'error_messages_form');
			include './include/forms/login.php';
		} // end if
		else{
			$_SESSION['logged_user_infos_ar'] = get_user_infos_ar_from_username_password($_POST['username_user'], $_POST['password_user']);

			//var_dump ($_SESSION['logged_user_infos_ar']);
			//exit;

//changed the !==false to != false 

			if ( $_SESSION['logged_user_infos_ar'] != false){
				//header ('Location: '.$site_url.'index.php');
				header ('Location: '.$site_url.$dadabik_main_file);
				die();



#4 quasiman

quasiman
  • Members
  • PipPipPip
  • Advanced Member
  • 194 posts
  • LocationPortland, Oregon

Posted 11 August 2006 - 05:44 PM

Thank you for the suggestion, but it doesn't change anything...

#5 xAtlas

xAtlas
  • Members
  • PipPip
  • Member
  • 18 posts

Posted 11 August 2006 - 05:52 PM

can you post any errors you're getting?

#6 quasiman

quasiman
  • Members
  • PipPipPip
  • Advanced Member
  • 194 posts
  • LocationPortland, Oregon

Posted 11 August 2006 - 07:42 PM

The only error I'm getting is "Text from image incorrect" coming out of my language file for the elseif statement.

If I echo $_SESSION['key'] it does show the correct number, but echoing $_SESSION['number'] returns blank.

Sorry I can't give more info...maybe there's something else I need to test for?

#7 quasiman

quasiman
  • Members
  • PipPipPip
  • Advanced Member
  • 194 posts
  • LocationPortland, Oregon

Posted 17 August 2006 - 11:50 PM

**bump**




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users