CAPTCHA code

[john010117]

Since I have very little experience in working with GD library, I need advice on how to improve this simple CAPTCHA code (don't worry, I have other security precautions in place, since CAPTHA aren't that secure). I've only included the page that actually displays the image.

 

<?php
session_start();

$RandomStr = md5(microtime());// md5 to generate the random string

$ResultStr = substr($RandomStr,0,5);//trim 5 digit

// Select a random background image
$dir=opendir("./images/captcha/");

$i=0;
while($imgfile=readdir($dir)) {
   if ($imgfile != "." && $imgfile!="..") {
      $imgarray[$i]=$imgfile;
      $i++;
   }
}

closedir($dir);

$rand=rand(0,count($imgarray)-1);

if($rand >= 0) {
   $RandomImage = $imgarray[$rand];
}

$NewImage =imagecreatefrompng("./images/captcha/$RandomImage");//image create by existing image and as background

$randcolR = rand(100,230);
$randcolG = rand(100,230);
$randcolB = rand(100,230);

$LineColor = imagecolorallocate($NewImage,233,239,239);//line color 
$TextColor = imagecolorallocate($NewImage, ($randcolR - 20), ($randcolG - 20), ($randcolB - 20));

imageline($NewImage,1,1,40,40,$LineColor);//create line 1 on image 
imageline($NewImage,1,100,60,0,$LineColor);//create line 2 on image 

imagestring($NewImage, 5, 20, 10, $ResultStr, $TextColor);// Draw a random string horizontally 

$_SESSION['key'] = $ResultStr;// carry the data through session

header("Content-type: image/png");// out out the image 

imagepng($NewImage);//Output image to browser
imageDestroy($NewImage);
?>

 

Before you suggest any suggestions, please not that I only have GD library available on my server (that means no FreeType). Ok, now, any suggestions please?

[skali]

The only suggestion probably will be to ask your host to recompile apache with freetype and freetype2....which is not such a huge issue.

[john010117]

Heh, I've already asked them about that, but they are too lazy. They still have PHP 4.x installed on their servers....