At the same time, you should embed the value of the token in another hidden field, like this: Taking all this into account, the following example code creates a Captcha, and then disp
Trang 1You also need to embed the image URL in a hidden form field so that it can be passed
to the following function where it will be erased from the hard disk when no longer needed At the same time, you should embed the value of the token in another hidden field, like this:
<input type="hidden" name="token" value="$result[1]" />
<input type="hidden" name="image" value="$result[2]" />
Taking all this into account, the following example code creates a Captcha, and then displays the Captcha image along with a form for requesting the Captcha word to be entered:
<?php
$result = PIPHP_CreateCaptcha(26, 8, 'captcha.ttf', '', '!*a&K', '.fs£!+');
echo <<<_END
<img src="$result[2]" /><br />
Please enter the word shown<br />
<form method="post" action="checkcaptcha.php">
<input type="hidden" name="token" value="$result[1]" />
<input type="text" name="captcha" />
<input type="submit" />
</form>
_END;
You may wish to save this example (giving it a filename such as testcaptcha.php) as you’ll
be able to test it with an example from the following plug-in Or you can download the file
using the Download link at pluginphp.com—look in the folder named 6 in the plug-ins.zip file.
If you would like to have random length words in your Captchas, you can achieve this
by modifying the function call to use the rand() function as in the following, which will generate a Captcha of between four and ten letters in length:
$result = PIPHP_CreateCaptcha(26, rand(4,10), 'captcha.ttf', '', '!*a&K', '.fs£!+');
Note that this plug-in relies on the plug-ins PIPHP_GifText(), PIPHP_GD_FN1(), and PIPHP_ImageAlter(), so they should also appear in the same program file as this one, or
be otherwise included in it
TIP If you ever find your Captchas are not preventing all bots anymore, perhaps because their image recognition has improved, I suggest you upload a different TrueType font and start using that
You could also modify PIPHP_CreateCaptcha() itself and introduce a few more (or use different) image manipulations.
The Plug-in
function PIPHP_CreateCaptcha($size, $length, $font, $folder, $salt1, $salt2)
{
Trang 2$file = file_get_contents('dictionary.txt');
$temps = explode("\r\n", $file);
$dict = array();
foreach ($temps as $temp)
if (strlen($temp) == $length) $dict[] = $temp;
$captcha = $dict[rand(0, count($dict) - 1)];
$token = md5("$salt1$captcha$salt2");
$fname = $folder $token ".gif";
PIPHP_GifText($fname, $captcha, $font, $size, "444444", "ffffff", $size / 10, "666666");
$image = imagecreatefromgif($fname);
$image = PIPHP_ImageAlter($image, 2);
$image = PIPHP_ImageAlter($image, 13);
for ($j = 0 ; $j < 3 ; ++$j) $image = PIPHP_ImageAlter($image, 3);
for ($j = 0 ; $j < 2 ; ++$j) $image = PIPHP_ImageAlter($image, 5);
imagegif($image, $fname);
return array($captcha, $token, $fname);}
Check Captcha
Once you have created a Captcha image and asked a user to type it in you can use this
plug-in to verify their plug-input, and determplug-ine whether they entered the correct word Figure 6-4 shows the plug-in being used
F IGURE 6-4 This plug-in verifies a Captcha word entered by a user.
34
Trang 3About the Plug-in
This plug-in verifies the Captcha word input by a user, in response to a request made using
a Captcha created with plug-in 33, PIPHP_CreateCaptcha() It takes these arguments:
• $captcha The Captcha as typed in by a user
• $token The token representing the current Captcha
• $salt1 The first salt string
• $salt2 The second salt string
Variables, Arrays, and Functions
• None
How It Works
The first thing this function does is remove the Captcha GIF image from the hard disk, if it still exists, and then returns the result of recreating the md5() hash from plug-in 33, based
on the user string provided in $captcha, and the two salts in $salt1 and $salt2
As long as the salts are the same as when the Captcha was created, if the user has typed
in the correct hash word, then the result of concatenating all three and passing them to the md5() function will be the same as the value stored in $token In which case a value of TRUE is returned Otherwise, the correct word was not entered and FALSE is returned
How to Use It
After a Captcha has been created using the previous plug-in, you will have been provided with the location of a GIF image and a token representing the Captcha Using these you will then have displayed the image and provided a web form requesting that the user type in the word in the Captcha image This form will now have been posted to your server and the two items of data received will be:
• $_POST['captcha'] The Captcha text entered by the user
• $_POST['token'] The token embedded in the hidden form field
Using these values, the following example code will verify the Captcha word as entered
by the user
if (PIPHP_CheckCaptcha($_POST['captcha'], $_POST['token'], '!*a&K', '.fs£!+')) echo "Captcha verified";
else echo "Captcha failed";
Note that the two salts are not passed as arguments because they are a secret and only your code should know them Just ensure that you use the same salts for both PIPHP_
CreateCaptcha() and PIPHP_CheckCaptcha() or the plug-ins won’t work
If you wish to test the example code (testcaptcha.php) in the previous plug-in, type in the preceding example and save it as checkcaptcha.php and it will verify the result of using the Captcha Both of these programs can be found in a folder named 6 of plug-ins.zip available using the Download link at pluginphp.com By the way, the file plugin34.php, which is in the
Trang 4same folder of the zip file, simulates creating a Captcha, posting it, and verifying it, all in a single program
After a while you will find that your folder of Captcha images gets quite full You may therefore wish to use code, such as the following, to clear these files out every now and then: foreach (glob("*.gif") as $file)
if (time() - filectime($file) > 300) unlink($file);
What the code does is use the glob() function to search for all files with a gif extension
and then, if they are more than 5 minutes (300 seconds) old, they are removed using the unlink() function If the files are in a different folder then you should ensure that you have first assigned that name to a variable called $folder, and that it has a trailing /, for example,
using a value such as images/ if your folder is called images Then you can use the following
code instead:
foreach (glob($folder "*.gif") as $file)
if (time() - filectime($file) > 300) unlink($file);
The Plug-in
function PIPHP_CheckCaptcha($captcha, $token, $salt1, $salt2)
{ return $token == md5("$salt1$captcha$salt2");
}
Validate Text
Processing user input takes a lot of work, especially when you need data to be in a certain format or to fit within various constraints Using this plug-in you can check user input to ensure it is the right length and contains the right types of data, whether alphabetical, numeric, or something else
It’s also highly versatile, allowing you to specify the allowed characters (and therefore those that are disallowed), as well as types of characters that must be used Figure 6-5 shows two different strings being validated
About the Plug-in
This plug-in accepts a string to be validated, along with parameters describing what is and isn’t allowed in the string The function returns a two-element array on failure The first of which is the value FALSE; the second is an array of error messages On success, it returns a single element with the value TRUE It takes these arguments:
• $text The text to be validated
• $minlength The minimum acceptable length
• $maxlength The maximum acceptable length
35
Trang 5• $allowed The characters that are allowed in the text Any characters can be
entered here, including ranges indicated by using a - character, such as a-zA-Z
• $required Types of characters of which at least one of each must be in the text,
out of a, l, u, d, w, and p which, in order, stand for any letter, lowercase, uppercase, digit, word (any letter or number), or punctuation
Variables, Arrays, and Functions
$len Integer containing the length of $text
$error Array of all error message strings
$result Integer result of matching the $allowed characters
$caught String containing matched characters from $allowed
$plural String with the value “ is”, or “s are” if there is more than one match
How It Works
This plug-in sets the value of $len to the length of $text, and after initializing the array
$error ready to hold any error messages, it checks whether $len is smaller or larger than the required minimum and maximum lengths If either is the case, a suitable error message
is added to the $error array
Next the preg_match_all() function is called to check for the existence of any
characters not in the string $allowed, which contains a list of all allowed characters,
including supporting ranges created using the - character Thus, instead of having to use the string abcde, the equivalent of a-e is allowed; so, for example, to accept all upper- and lowercase letters, the string a-zA-Z could be used
F IGURE 6-5 Processing form input is now easier than ever using this plug-in.