It's best to generate the images dynamically using GD, it isn't clear from your message if you are generating them or using a pool of images. It's pretty easy to choose some random letters and numbers and draw them, since GD does most of the work for you. To verify the codes, you can simply store the image string in a session variable, so you don't need to use a hidden field. All of this can be accomplished without using a database.
Here is a script that shows you how to do it: http://viebrock.ca/code/10/turing-protection Brandon Marian Briones wrote: >We've all seen this - in fact Yahoo Groups uses it to join its groups >now. You are registering for something and are presented with a >graphic with a combo of letters and numbers, sometimes at weird angles >and diff. fonts and you have to type in exactly what you see and it >has to match. > >Kicking this out with a random call to MySQL is how I'm doing it; but >probably doing it badly with the only method which has come clear to >me in verifying it - > >I have a database table with these fields: ID, value, and filename. >The ID is the autoincrement primary key to identify the image, the >value is the actual letters and numbers (string) which appears on the >image. So when the form is submitted, I have a hidden field (which is >what scares me) that carries that particular images ID with it to >query up the value. Are you with me? > >I don't like having the hidden field because it isn't hidden at all if >the user views the source, of course, and I'm wondering what more >secure way I could do this verification without this huge security >snafu. Someone will probably tell me and I'll bang my head against my >desk saying duh, so I'll go get my helmet... > >Thanks... > >Marian > > > > >Community email addresses: > Post message: [email protected] > Subscribe: [EMAIL PROTECTED] > Unsubscribe: [EMAIL PROTECTED] > List owner: [EMAIL PROTECTED] > >Shortcut URL to this page: > http://groups.yahoo.com/group/php-list >Yahoo! Groups Links > > > > > > > > > > > -- --------------------------------- * Brandon Smith * programmer / web designer * http://sproutworks.com Community email addresses: Post message: [email protected] Subscribe: [EMAIL PROTECTED] Unsubscribe: [EMAIL PROTECTED] List owner: [EMAIL PROTECTED] Shortcut URL to this page: http://groups.yahoo.com/group/php-list Yahoo! Groups Links <*> To visit your group on the web, go to: http://groups.yahoo.com/group/php-list/ <*> To unsubscribe from this group, send an email to: [EMAIL PROTECTED] <*> Your use of Yahoo! Groups is subject to: http://docs.yahoo.com/info/terms/
