Re: Security Needed!

---

• From: "Jim Michaels" <NOSPAMFORjmichae3@xxxxxxxxx>
• Date: Wed, 1 Mar 2006 15:50:31 -0800

---

<Blackhawk@xxxxxxxxxxxxxxx> wrote in message
news:ucqev1hir4m830uk43r17vec3k7a2a0nhf@xxxxxxxxxx

On Sat, 18 Feb 2006 05:29:22 -0000, Jasen Betts <jasen@xxxxxxxxxxx>
wrote:

On 2006-02-17, Blackhawk@xxxxxxxxxxxxxxxx <Blackhawk@xxxxxxxxxxxxxxxx>
wrote:

I have a guest book and someone is raising hell with me on it. I must
receive 50 entries a day and all bogus. Don't know why they have
picked my site but I have to do something now to correct the on going
problem.

I need a security feature for my guest book. I have seen some on other
boards where there is a series a letters and or numbers only the human
eye can pick out and enter in order to submit an entry into the guest
book. Can someone direct me to the source of this security script in
php, please!

here's one I wrote this afternoon, just to see if it could be done
efficently enough in PHP...

all the trig (sin()) calls had me worried, but my fears were unfounded
trig
is much faster on a pentium than it is on an 80386 which was the last time
I played with trig-intensive code.

when it comes time to validate you may need to map 0 to O and I to 1

this code needs the GD library and a TTF font for the text, I used one
that
was already installed here, but you may need to upload one to your web
server.


<?php // human passgate version 1.0
// generate a random text image and store the code in $_SESSION['code']
session_start();
$iw=500; // width of the text
$ih=100; // height of the text
$r=30; //distortion radius - final image is this much larger in all
directions
$f=100; //fraggedness amount of distortion

$str=strtoupper(base_convert(rand(1679616,60466176),10,36));

just eliminate the possibility of user confusion.
code fix here:
do {
$str=strtoupper(base_convert(rand(1679616,60466176),10,36));
} while (preg_match("/[OI10]/",$str)); //eliminate user confusion

I had to set the frag to 60 to make it readable. depending on your font and
frag value used, you may also need to eliminate S and 5.

$_SESSION['code']=$str;

$im = @imagecreate($iw+4*$r,$ih+4*$r)
or die("Cannot Initialize new GD image stream");
$background_color = imagecolorallocate($im, 0, 0,0);
$box_color = imagecolorallocate($im,255,255,255);
imagefilledrectangle($im,$r*2,$r*2,$r*2+$iw,$r*2+$ih,$box_color);
$tc = imagecolorallocate($im, 233, 14, 91);
imagefttext ($im,$ih, 0, 2*$r,$ih+2*$r, $tc,
"/var/lib/defoma/gs.d/dirs/fonts/FreeSans.ttf" ,
$str );

$fr=$f/$r/20000
$pxx0=rand(0,360)/180*pi();
$pxy0=rand(0,360)/180*pi();
$pyx0=rand(0,360)/180*pi();
$pyy0=rand(0,360)/180*pi();
$fxx=rand(150,200)*$fr;
$fxy=rand(150,200)*$fr;
$fyx=rand(150,200)*$fr;
$fyy=rand(150,200)*$fr;

$maxx=$iw+2*$r;
$maxy=$ih+2*$r;

$img=imagecreate($maxx,$maxy);

$pxx=$pxx0;
$pxy=$pxy0;

$ga = imagecolorallocate($img, 0, 0,0);
$go = imagecolorallocate($img,255,255,255);
$gf = imagecolorallocate($img, 233, 14, 91);

for($x=0;$x<$maxx;$x++)
{
$pyx=$pyx0;
$pyy=$pyy0;
$oxx=sin($pxx+=$fxx);
$oyy=sin($pxy+=$fxy);
for($y=0;$y<$maxy;$y++)
{
$px=$oxx*sin($pyx+=$fyx)*$r+$r;
$py=$oyy*sin($pyy+=$fyy)*$r+$r;
$p=imagecolorat($im,$x+$px,$y+$py);
imagesetpixel($img,$x,$y,$p);
}
}
header("Content-type: image/png");
imagepng($img);
imagedestroy($im);
imagedestroy($img);
?>

Bye.
Jasen

Jasen,
Nicely done, would never had thought of this script. What is the GD
library?

You got me thinking with this information of pre-designed series of
individual graphic blocks images with alpha and numeric symbols,
slightly askew and miss shaped. These image blocks can be randomly
called side by side to form a series of alpha and numeric symbols the
human would then have to enter on a line to be tested in order to
submit the entry to the guest book. That would be another way of
doing what you are doing here but for the simple minded ones like me.
LOL

I need to try your script but the GD library has me stumped!

Thank you so much for this help.

.

---

• Prev by Date: Re: replace all occurrences of a substring in a string (RE)
• Next by Date: Re: Security Needed!
• Previous by thread: Re: replace all occurrences of a substring in a string (RE)
• Next by thread: Re: Security Needed!
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: Security Needed! ... I need a security feature for my guest book. ... efficently enough in PHP... ... would never had thought of this script. ... called side by side to form a series of alpha and numeric symbols the ... (alt.php) Re: Security Needed! ... would never had thought of this script. ... individual graphic blocks images with alpha and numeric symbols, ... called side by side to form a series of alpha and numeric symbols the ... (alt.php) Re: Script to add new records based on incremental serial numbers? ... My first loop. ... WorkOrder table, and>> then I'd like the script to loop through ... user> specify the alpha component of the Machine Serial? ... (comp.databases.filemaker) Re: Script to add new records based on incremental serial numbers? ... The next work order that's entered might be ... and>> then I'd like the script to loop through ... user> specify the alpha component of the Machine Serial? ... The only problem I see is that new hardware records will sometimes ... (comp.databases.filemaker) XSS in JAB Guest Book ... Script Name: JAB Guest Book ... Website: James Barnsley ... JAB Guest Book is a free guest book written in PHP, ... (Bugtraq)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(13)