I'm using a verification code image to stop automated sign ups, but two
hackers seem to be OCRing it. I've looked through the registration
script, and there's definitley no security holes. Does anyone have any
ideas as to making the image harder to OCR?
<?php
// seed with microseconds
function make_seed() {
list($usec, $sec) = explode(' ', microtime());
return (float) $sec + ((float) $usec * 100000);
}
$seed = make_seed();
mt_srand($seed);
$dbh = mysql_connect ("", "", "") or exit;
mysql_select_db ("",$dbh) or exit;
$authimage = ImageCreate(40,15);
$bgnum = mt_rand(1,3);
switch($bgnum){
case 1:
$white = ImageColorAllocate($authimage, mt_rand(250,255),
mt_rand(250,255), mt_rand(250,255));
break;
case 2:
$green = ImageColorAllocate($authimage, mt_rand(0,5), mt_rand(250,255),
mt_rand(0,5));
break;
case 3:
$yellow = ImageColorAllocate($authimage, mt_rand(250,255),
mt_rand(250,255), mt_rand(0,5));
break;
}
$black = ImageColorAllocate($authimage, mt_rand(0,30), 0, 0);
header("Content-type: image/png");
$getcode = mysql_fetch_array(mysql_query("select * from signupcodes
where id = '$id'"));
imagestring($authimage,mt_rand(4,5),mt_rand(0,5),0,$getcode['code'],$black);
imageline($authimage,0,mt_rand(0,15),40,mt_rand(0,15),$black);
imageline($authimage,0,mt_rand(0,15),40,mt_rand(0,15),$black);
imagepng($authimage);
imagedestroy($authimage);
?>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
- [PHP] Re: Making verification code harder to OCR? Leif K-Brooks
- [PHP] Re: Making verification code harder to OCR? Derick Rethans
- [PHP] Re: Making verification code harder to OCR? Steve Edberg
