Preventing Automated Registrations

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
Cokeman
Forum Newbie
Posts: 1
Joined: Wed Jun 05, 2002 10:08 pm

Preventing Automated Registrations

Post by Cokeman »

I was wondering if anyone has or has come across a script that would prevent automated registrations. A lot of the larger sites are now using this method where during signup a random code is generated on the fly and displayed as small graphic images. You would then enter what you see into a text box and complete the registration process.

Has anyone come across any PHP code for something like this?

Thanks!
MattF
Forum Contributor
Posts: 225
Joined: Sun May 19, 2002 9:58 am
Location: Sussex, UK

Post by MattF »

The best way I think of doing it would be to assign each potential visitor a session ID and save it in a database along with a timestamp and a random code. Then they have to type the code in and if the code matches their session ID then they are allowed to register. If the user doesn't register and goes away then the timestamp can be used to delete old records that have not been used. What do you think of that?
User avatar
volka
DevNet Evangelist
Posts: 8391
Joined: Tue May 07, 2002 9:48 am
Location: Berlin, ger

Post by volka »

I have seen this on t-online SMS page but -sorry- no script yet.
a basic approach is

Code: Select all

<?php
function idImage()
&#123;
	if (!isset($_SESSION&#1111;'code']))
		$_SESSION&#1111;'code'] = sprintf("%04d", rand(0,9999));
	$img = @imagecreate (50, 20) or die ("Cannot Initialize new GD image stream");
	$background_color = imagecolorallocate ($img, 200, 200, 200);
	$text_color = imagecolorallocate ($img, 40, 40, 40);
	imagestring($img, 5, 5, 3,  $_SESSION&#1111;'code'], $text_color);
	header ("Content-type: image/png");
	imagepng ($img);
&#125;
function doRegister()
&#123;
	print('<html><body>your registration has been accepted<br>');
	while(list($key,$value)=each($_POST))
		print("$key : $value <br>");
	print('</body></html>');
&#125;

session_start();
if (strcmp($_SERVER&#1111;'QUERY_STRING'], 'id')==0)
	idImage();
elseif(isset($_POST&#1111;'register']))
&#123;
	if (!isset($_POST&#1111;'code']) || !isset($_SESSION&#1111;'code']) || strcmp($_SESSION&#1111;'code'], $_POST&#1111;'code']))
		die('<html><body>code not accepted</body></html>');
	else
	&#123;
		doRegister();
		unset($_SESSION&#1111;'code']);
	&#125;
&#125;
else &#123;
?><html><body>
<form method="POST">
	<table>
		<tr><td>name:</td><td><input type="text" name="name" /></td></tr>
		<tr><td>First name:</td><td><input type="text" name="fname" /></td></tr>
		<tr><td>email:</td><td><input type="text" name="email" /></td></tr>
		<tr><td>enter <img src="<?php print($_SERVER&#1111;'PHP_SELF']); ?>?id"/></td><td><input type="text" name="code" /></td></tr>
		<tr><td><input type="submit" name="register"/></td><td></td></tr>
	</table>
</form>
</body></html>
<?php &#125; ?>
Post Reply