"Monil Chheda" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > I want to create an php system that prevents automated > registrations. > > I have come up with the script in which users come > over and need to enter a random key displayed on the > images while submitting their info. If the number > entered is correct, the post is submitted, else, the > same form is displayed with another random key. > > Now, any one doing a "View Source" gets to know the > image source as "myscript.php". What I want to do is > to save the .jpeg image on my disc with the name as > "randomnumber.jpeg" , where randomnumber is generated > randomly for that page. > > Then, I would put an <IMG SRC="randomnumber.jpeg"> tag > and no one will be able to get the name of my php file > creating the image.
Why should it matter whether they know the generating script's name? The only important thing is that they can't easily read off (or generate) the password-value passed to the image-creation script. You could store the passcode as a session variable, or send it as an encrypted get- variable, or hash into a stored dictionary. -- Hugh Bothwell [EMAIL PROTECTED] Kingston ON Canada v3.1 GCS/E/AT d- s+: a- C+++ L++>+++$ P+ E- W+++$ N++ K? w++ M PS+ PE++ Y+ PGP+ t-- 5++ !X R+ tv b++++ DI+++ D-(++) G+ e(++) h-- r- y+ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php