On 3/20/07, Alain Roger <[EMAIL PROTECTED]> wrote:
Hi,
There is a trend on internet that when you want to change your password, you
need to type :
1. the former password.
2. the new one
3. a 2nd time the new one to confirm that no mistake has been done on step
2.
however, several website also propose an additional security to avoid
hacking/brute force, they display a 4 digit image with a "random" string
including number and letters... something like A3P23.
if user do not respect case and string, password is not changed.
I would like to know how such system works and if a tutorial exist about
that ?
thanks a lot,
The program itself is called CAPTCHA, you can of course look at their source.
But in simple i can tell you how it works, it just creates the image
with the PHP image functions, and saves a reference to which code used
in session variable. Later this reference is checked with the code
entered. In most cases the code in the image is MD5 encrypted and
stored in the session. Then after submitting, the code entered is also
MD5 encrypted and checked with the one in the session.
Tijnema
--
Alain
------------------------------------
Windows XP SP2
PostgreSQL 8.1.4
Apache 2.0.58
PHP 5
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
