At 9:11 PM -0400 22/4/02, Leif K-Brooks wrote:

At 9:11 PM -0400 22/4/02, Leif K-Brooks wrote:

>I have a site where users can sign up.  I have had huge problems with people
>using auto-signups, so I tried to stop them with an authentication image.
>Someone has since gotten around that.  I highly doubt he is using OCR.  Can
>someone try to figure out what's wrong with my code?

I can't see anything wrong with it. Maybe the hacker is smarter than
you give him credit for.

>$authimage = ImageCreate(40,15);

Try randomising the size of the image. That'll stuff up any hash tables
he's built.


and try varying the offset of the string in the image.

>$code = mt_rand(1000,9999);

Only 8999 possible codes? Is he brute-forcing it?
Check the server logs for thousands of verification attempts.

>if($code != $getcode[code]){
>die("<b>Error:</b> wrong code");

And consider deleting the code after 3 incorrect attempts.


PHP General Mailing List (
To unsubscribe, visit:

Reply via email to