Home
Home Page
Algorithm of calculation PageRank
Complex Denwer: Apache+PHP+MySQL+Perl for 5 minutes
Protection against automatic registration by means of a picture
PageRank from Google
Effect of smooth transition on JavaScript
Some criteria of a choice of a hosting
Definition of the size of the removed file
Loading of files on FTP
Preloading of pictures
Animation underlining
Kiberskvoting and kiberskvotery
Third type XSS: Mezhsajtovyj skripting through DOM
IPv6: expansion of report IP
Job with SQLite
Transformation of hyperlinks by means of Apache server
Animation Favicon
All about meta tegakh
Beautiful code on PHP
Links
topic
 

Protection against automatic registration by means of a picture

Recently in the Internet even more often it is possible to meet various spams - bots which not only are automatically registered, but also add spams - messages at forums, in comments, etc.


Actions of bots can as to lead to to more serious consequences. Present that you have form which will wear out the data in a database after its{her} sending and that can take place if in a flash in the form will automatically fill and will send thousand and tens thousand robots.


Very much often there is a necessity of protection against such bots. As a rule, basically protection is organized as what that in addition parameter which should be entered into one of fields of the form, and which bot cannot define{determine} in any way. It is realized by means of a picture with letters or figures (or both that and another simultaneously) through sessions or through ip visitors. I shall help with given clause{article} to you to understand as to make such picture with the help php and mysql in a few minutes.


For the beginning we shall create the small table of a database in which will be stored{kept} temporarily ip visitors and value of the figures represented in a picture:



CREATE TABLE test (

IP char (15) NOT NULL,

Number char (3),

PRIMARY KEY (IP))


The type of field Number specifies, that at us will be is deduced on three figures in each picture.


Let we have certain form, kororaja sends given to page ok.php. A part of a code of page on which the form vygljadit` as follows will be located.


Code of a file index.php:



<form action=ok.php method=post>

Name: <input type=text> <br>

The text: <input type=text> <br>

Enter figures in a picture: <input type=text size=3 name=intext>


<? php

$ip = $ _SERVER ['REMOTE_ADDR'];

for ($i=0; $i <3; $i ++) $x = $ x.mt_rand (1,9);

echo " <img src=pic.php? text = ". $ x. ">";

@mysql_connect ('localhost', 'login', 'pass') or die;

@mysql_select_db ('dbname') or die (" it was not possible will incorporate to a database ");

mysql_query (" INSERT INTO test VALUES (' ". $ip. " ' ', ". $x. " ') ");

?>

<input type=submit>

</form>


On the form two fields for data input (the Name and the Text) and a field for input of value of figures from a picture (which the name intext has) are located



$ip = $ _SERVER ['REMOTE_ADDR'];


We determine ip the visitor of page.



for ($i=0; $i <3; $i ++) $x = $ x.mt_rand (1,9);


By means of function mt_rand it is formed three random number from 1 up to 9 and it is represented them as a line $x.



echo " <img src=pic.php? text = ". $ x. ">";


Key line. We deduce{remove} actually a picture in figures. The code of a file pic.php is described below.



@mysql_connect ('localhost', 'login', 'pass') or die (" it was not possible will incorporate to a host of a database ");

@mysql_select_db ('dbname') or die (" it was not possible will incorporate to a database ");

mysql_query (" INSERT INTO test VALUES (' ". $ip. " ' ', ". $x. " ') ");


We are connected to a database and it is written down ip and a line with figures in the table test.



<input type=submit>

</form>


We draw the button of sending of the data and we close the form:)


Code of a file pic.php:



<? php

Header (" Content-type: image/gif ");

$rgb=0x1e81de;

$idest = imagecreatetruecolor (39, 20);

$textcolor = imagecolorallocate ($idest, 255,255,255);

imagefill ($idest, 0, 0, $rgb);

imagestring ($idest, 3, 9, 4, $text, $textcolor);

imagegif ($idest);

imagedestroy ($idest);

?>


From that you should know in this code: $rgb - color of a background of a picture, $textcolor - color of the figures deduced{removed} in a picture. As you have noticed, the image in format GIF will be formed.


Now there was the last, data processing received in the form in a file ok.php (where these data actually and are passed).


Code of a file ok.php:



<? php

$ip = $ _SERVER ['REMOTE_ADDR'];

@mysql_connect ('localhost', 'login', 'pass') or die;

@mysql_select_db ('work2') or die;

$res = mysql_query (" SELECT number FROM test WHERE IP = ' ". $ ip. "'");


if (mysql_num_rows ($res) == 0) echo " you have not entered figure! ";

else

{

if (mysql_result ($res, 0,0)! = $intext) echo " you have entered not right figures ";

else echo " ALL OK:) ";

mysql_query (" DELETE FROM test WHERE IP = ' ". $ ip. "'");

};

?>


Besides, we determine ip the user and whether such address in the table test is compared, written down. If yes, we check:



mysql_result ($res, 0,0)! = $intext


Whether the user has entered those figures into the form in a text field intext which have been displayed on a picture and are written down near it{him} ip addresses in a database. That's all:)


The only thing that can be added, that certainly given mechanism does not represent an ideal of protection. For example, the user can go on page with the form, the script will write down it{him} ajpi, and he will take and will overload page. But in given clause{article} I did not pursue the purpose to write a high-grade script, and only wanted to acquaint you with the basic mechanism of development of similar protection.