Human Input Validation

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
RayQ
Forum Newbie
Posts: 2
Joined: Mon Jul 12, 2004 7:35 pm

Human Input Validation

Post by RayQ »

Ok, I have a random image maker script, at http://www.hostinganime.com/rayquazza/randimage.php (EDIT: http://www.hostinganime.com/rayquazza/r ... ot13'dword
It creates a random set of characters and makes it an image. I would like to use this in a registrtion, but I can't figure out how to make the registration page know what image is being displayed. I tried includes, and I couldn't do it because I had sent the headers of an image, I tried an img src, and it couldn't possibly know what string the image was displaying. Could anyone help me?

Thanks.

I'm trying to:
generate a random word in form.php
pass that as randimage.php?w=jf93j
randimage.php encrypts it (in rot13) and that becomes the password. form.php would encrypt the w value with the same algorythm, so they would be getting the same. Sound right?


EDIT:Ok. Did it. But still isn't working ;_;
The code seems perfect....

Code: Select all

<?php
function randomPassword($length) { 
        mt_srand((double)microtime() * 1000000); 
        $possible = 'abcdefghijklmnopqrstuvwxyz' . 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' . '!"%$'; 
        $randompass =""; 
        while(strlen($randompass) < $length) { 
                $randompass .= substr($possible, mt_rand(0, strlen($possible) -1), 1); 
        } 
        return($randompass); 
} 

$test = randomPassword(8); 
$validuser = str_rot13($test);
?>
Then I write this form:

Code: Select all

<img src="randimage.php?w=<?php echo $validuser; ?>" border=0><br>Please input the security code.
<input type="text" name="valid"><br>
And then check that the user¡s submission is the correct one:

Code: Select all

<?php
$valid = $_POST['valid']; 
if ($test == $valid){ mycodehere, long
?>




Then, at the image creation:

Code: Select all

<?php
$passwd = str_rot13($_GET['w']); 
?>
And it prints the registration code.


What am I doing wrong?
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

hmm, you could store the password in a session, so it's not visible even "encrypted" anywhere on the page.. this would allow it to change every call as well...
RayQ
Forum Newbie
Posts: 2
Joined: Mon Jul 12, 2004 7:35 pm

Post by RayQ »

Store the password as an unencrypted plaintext on the session?
User avatar
John Cartwright
Site Admin
Posts: 11470
Joined: Tue Dec 23, 2003 2:10 am
Location: Toronto
Contact:

Post by John Cartwright »

sure why not?
Post Reply