random numbers

[acidglitter]

i have a form at my website and i don't want it to get abused by spam. i was thinking maybe i should have a verification thing where you have to enter the 5 or 6 random numbers that show up. how could i do that?

[AndyB]

Search for captcha to find something you like. I have a downloadable script set at [a href=\"http://www.digitalmidget.com/php_noob/captcha.php\" target=\"_blank\"]http://www.digitalmidget.com/php_noob/captcha.php[/a] that might be useful.

[underparnv]

Since I'm in a good mood...and it's Friday! :)

image.php
[code]<?php
session_start();

// make a string with all the characters that we
// want to use as the verification code
$alphanum  = "ABCDEFGHJKLMNPQRTWXYZ2345689";

// generate the verication code
// change the last digit in this function for the length of string you would like
$rand = substr(str_shuffle($alphanum), 0, 4);

// create an image object using the chosen background
// email me at [email protected] for this background image
$image = imagecreatefrompng("background3.png");

$textColor = imagecolorallocate ($image, 0, 0, 0);

// write the code on the background image
imagestring ($image, 5, 5, 8,  $rand, $textColor);


// create the hash for the verification code
// and put it in the session
$_SESSION['image_random_value'] = md5($rand);

// send several headers to make sure the image is not cached
// taken directly from the PHP Manual

// Date in the past
header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");

// always modified
header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");

// HTTP/1.1
header("Cache-Control: no-store, no-cache, must-revalidate");
header("Cache-Control: post-check=0, pre-check=0", false);

// HTTP/1.0
header("Pragma: no-cache");


// send the content type header so the image is displayed properly
header('Content-type: image/jpeg');

// send the image to the browser
imagejpeg($image);

// destroy the image to free up the memory
imagedestroy($image);
?>[/code]

register.php (or whatever the name of your page with the registration form on it would be)
[code]<?php
session_start();
echo "<form action=\"form_handler.php\" method=\"post\">
<b>Human Verification:</b><br />
Input the text you see in this image.  <b>This is case sensitive</b>!<br />
<img src=\"image.php\" alt=\"Verification Image\" title=\"Verification Image\" /><br />
<input type=\"text\" name=\"human\" size=\"5\" /><br /><br />

<h2>Submit Form</h2>
<hr><br />
<input type=\"submit\" value=\"Submit\" />

</form>";
?>[/code]

form_handler.php
[code]<?php
$human = $_POST["human"];
if (md5($human) != $_SESSION["image_random_value"]) {
     echo "Invalid human verification image entry!";
} else {
     echo "Validation passes";
}
?>[/code]

[acidglitter]

thats awesome. thanks! :)

i shortened it all to one page and it works, but im wondering if spammers could get through it because of how i changed it? and where should the $rand be md5'd? on page 1 or 2?

[code]<?php
if(!$_GET['p']==2){

$alphanum="ABCDEFGHJKLMNPQRTWXYZ2345689";
$rand=substr(str_shuffle($alphanum), 0, 4);
$random=md5($rand);

echo "<form action=\"kk.php?p=2\" method=\"post\">
$rand<br />
<input type=\"text\" name=\"human\" size=\"5\" />
<input type=\"hidden\" name=\"random\" value=\"$random\">
<input type=\"submit\" value=\"Submit\" /></form>";

} else {

$random=$_POST['random'];
$human = $_POST["human"];
if (md5($human) != $random) {
     echo "Invalid human verification image entry!";
} else {
     echo "Validation passes";
}
} ?>[/code]