web security

CAPTCHA image protection without cookies and sessions

-- Reposting my 8 years old PHP script, as this is now working on all modern browsers --

- I admit that the code is not ideal -

 

 

Usually "captcha" scripts store actual text/numbers shown on protection images in a session cookie
and check user entered code by comparing it with session stored string.

My script does not use any session/cookies. Image is generated within one script and checked against
md5 hash of a random code.

---------------------------------------------------------------
<?

// create a 100*30 image

$im = imagecreate(100, 31);  


// random colored background and text
$bg = imagecolorallocate($im, rand(0,255) , rand(0,255), rand(0,255));
$textcolor = imagecolorallocate($im, 0, 0, rand(0,255));

// write the random 4 digits number at a random locaton (x= 0-20, y=0-20),
$random=rand(1000,9999);
imagestring($im, rand(1,8), rand(0,20), rand(0,20), $random , $textcolor);

// write the image to a temporary file , in this case it is 777 chmoded tmp folder in same directory
// could be a generic /tmp folder
$filenametemp="/tmp/gif".time().".gif";

file_put_contents("/tmp/".md5($random),$random);
ImageGIF($im, $filenametemp);
$ImageData = file_get_contents($filenametemp);
$ImageDataEnc = base64_encode($ImageData);
unlink($filenametemp); // delete the file


?>

Enter number shown on image <input name="checkcode" type="text" id="checkcode" size="5">
<br>
<img src="data:image/gif;base64,<?=$ImageDataEnc?>" >
<input name="codemd5" type="hidden" id="codemd5" value="<?=md5($random)?>">
---------------------------------------------------------------


To check if a code has been entered use code like this:
<?

if (md5(trim($_REQUEST[checkcode]))!=$_REQUEST[codemd5]  ) {


die (" wrong image protection code ");

} else {

if (file_exists("/tmp/".md5(trim($_REQUEST[checkcode])) ) {

//proceed further here

 

 

} else {

 

die (" code already entered ");

}

}

?>

 

A demo is available here


 

<< Go back to the previous page

Downloads

Google authenticator for Citrix Web Interface 5.4 - First Release

Visit the project pages on Google Code for other downloads

Two-factor authentication for Citrix Web Interface 5.x – Pure ASP/C# Implementation

Captcha for Citrix Web Interface 5.x

MOTP Passtore

Feel free to contact me directly : emin --at huseynov --dot com