I have a site where users can sign up.  I have had huge problems with people
using auto-signups, so I tried to stop them with an authentication image.
Someone has since gotten around that.  I highly doubt he is using OCR.  Can
someone try to figure out what's wrong with my code?  Here it is:
Contents of auth_image.php:
$dbh = mysql_connect ("MYSERVER", "MYUSER", "MYPASS");
mysql_select_db ("MYDB",$dbh);
$authimage = ImageCreate(40,15);
$white = ImageColorAllocate($authimage, 255, 255, 255);
$black = ImageColorAllocate($authimage, 0, 0, 0);
header("Content-type: image/jpeg");
$getcode = mysql_fetch_array(mysql_query("select * from signupcodes where id
= '$id'"));

Some code from signup.php:
//I do seed the random number in the header
$code = mt_rand(1000,9999);
mysql_query("insert into signupcodes(code) values('$code')");
$codeid = mysql_insert_id();
<input type=hidden name=codeid value=$codeid><img
<b>Code from above:</b> <input type=text name=code><br>

At top of proccess_signup.php:
$getcode = mysql_fetch_array(mysql_query("select * from signupcodes where id
= '$codeid'"));
if($code != $getcode[code]){
die("<b>Error:</b> wrong code");

In the middle of process_signup.php, after I've done checks of a few other
 echo "You're a member! :D<br><a href='/'>Back to homepage</a>";
mysql_query("delete from signupcodes where id='$codeid'") or print 

Reply via email to