Jump to content

DaDaBIK with CAPTCHA login


quasiman

Recommended Posts

I'm working in DaDaBIK, and I need to increase the security a bit for this project.  So one of my changes I'm adding on CAPTCHA authentication to the login.  My problem is the number $_POST doesn't seem to be passing through the session correctly, and won't validate with the the image.

This modification uses two of the DaDaBIK files and a captcha.php:

include/forms/login.php (the displayed login form)
[code=php:0]
<table summary="login" class="table_login_form" align="center">
<tr class="tr_header_login_form">
<td valign=top>
<b><?php echo $login_messages_ar['please_authenticate']; ?></b>
</td>
</tr>
<tr>
<td valign="top" align="center">
<br>
<form method="post" action="<?php echo $dadabik_login_file; ?>?function=check_login">
<table>
<tr><td><?php echo $login_messages_ar['username']; ?></td><td><input type="text" name="username_user" class="input_login_form"></td></tr>
<tr><td><?php echo $login_messages_ar['password']; ?></td><td><input type="password" name="password_user" class="input_login_form"></td></tr>
<tr><td>&nbsp;</td><td><img src="captcha.php"></td></tr>
<tr><td><?php echo $login_messages_ar['captcha']; ?></td><td><input type="text" name="number" class="input_login_form"></td></tr>
<tr><td colspan="2" align="center"><input type="submit" value="<?php echo $login_messages_ar['login']; ?>"></td></tr>
</table>

</form>
</tr>
</td>
</table>
[/code]

login.php
[code=php:0]
$key = $_SESSION['key'];
$_SESSION['number'] = $_POST['number'];
$number = $_SESSION['number'];

$show_record_numbers_change_table = 0;

switch($function){
case 'check_login':

if ( $_POST['username_user'] === '' || $_POST['password_user'] === '' || $_POST['number'] === '') {
txt_out('<p align="center">'.$login_messages_ar['username_password_are_required'].'</p>', 'error_messages_form');
include './include/forms/login.php';
} // end if
elseif ($number!=$key) { //CHECK CAPTCHA
txt_out('<p align="center">'.$login_messages_ar['captcha_auth'].'</p>', 'error_messages_form');
include './include/forms/login.php';
} // end if
else{
$_SESSION['logged_user_infos_ar'] = get_user_infos_ar_from_username_password($_POST['username_user'], $_POST['password_user']);

//var_dump ($_SESSION['logged_user_infos_ar']);
//exit;
if ( $_SESSION['logged_user_infos_ar'] !== false){
//header ('Location: '.$site_url.'index.php');
header ('Location: '.$site_url.$dadabik_main_file);
die();
} // end if
else{
unset($_SESSION['logged_user_infos_ar']);
txt_out('<p align="center">'.$login_messages_ar['incorrect_login'].'</p>', 'error_messages_form');
include './include/forms/login.php';
} // end else
} // end else
break; // case 'check_login'
case 'logout':
unset($_SESSION['logged_user_infos_ar']);
header ('Location: '.$site_url.$dadabik_login_file);
die();
break; // case 'logout'
case 'show_login_form':
include './include/forms/login.php';
break; // case 'show_login_form'
} // end swtich ($function)

// include footer
include ("./include/footer.php");
[/code]

And finally - captcha.php
[code=php:0]
session_start();

$RandomStr = md5(microtime());// md5 to generate the random string

$ResultStr = substr($RandomStr,0,5);//trim 5 digit

$NewImage =imagecreatefromjpeg("img.jpg");//image create by existing image and as back ground

$LineColor = imagecolorallocate($NewImage,233,239,239);//line color
$TextColor = imagecolorallocate($NewImage, 255, 255, 255);//text color-white

imageline($NewImage,1,1,40,40,$LineColor);//create line 1 on image
imageline($NewImage,1,100,60,0,$LineColor);//create line 2 on image


imagestring($NewImage, 5, 20, 10, $ResultStr, $TextColor);// Draw a random string horizontally

$_SESSION['key'] = $ResultStr;// carry the data through session

header("Content-type: image/jpeg");// out out the image

imagejpeg($NewImage);//Output image to browser
[/code]
Link to comment
https://forums.phpfreaks.com/topic/17160-dadabik-with-captcha-login/
Share on other sites

What happens if you try this:

[code]
//removed a third = in the IF contruct


if ( $_POST['username_user'] == '' || $_POST['password_user'] == '' || $_POST['number'] == '') {
txt_out('<p align="center">'.$login_messages_ar['username_password_are_required'].'</p>', 'error_messages_form');
include './include/forms/login.php';
} // end if
elseif ($number != $key) { //CHECK CAPTCHA
txt_out('<p align="center">'.$login_messages_ar['captcha_auth'].'</p>', 'error_messages_form');
include './include/forms/login.php';
} // end if
else{
$_SESSION['logged_user_infos_ar'] = get_user_infos_ar_from_username_password($_POST['username_user'], $_POST['password_user']);

//var_dump ($_SESSION['logged_user_infos_ar']);
//exit;

//changed the !==false to != false

if ( $_SESSION['logged_user_infos_ar'] != false){
//header ('Location: '.$site_url.'index.php');
header ('Location: '.$site_url.$dadabik_main_file);
die();

[/code]
The only error I'm getting is "Text from image incorrect" coming out of my language file for the elseif statement.

If I echo $_SESSION['key'] it does show the correct number, but echoing $_SESSION['number'] returns blank.

Sorry I can't give more info...maybe there's something else I need to test for?

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.