Security Code Verification Using PHP

Security code Verification is used for security test to determine whether or not the user is human. Here is a simple security code Verification Script that Generate the code Dynamically.

<?php
$im = ImageCreate(120, 30);  //create image
$white = ImageColorAllocate($im, 255, 255, 255);  //Allocate color for  image
$black = ImageColorAllocate($im, 50, 50, 50);
$string = md5(rand(0,9999));  //Generate a random value and Calculate the md5 hash of the string
//echo $string;
$string=substr($string,1,7); //Return part of a string
$verification = $string;
ImageFill($im, 0, 0, $black); //Fill the Image
ImageString($im, 5, 30, 10, $verification, $white); //Draw the string
Imagejpeg($im, “verify.png”); //Create the Image as ‘png’ format
ImageDestroy($im);  //Destroy the image
?>
<form method=”post” action=”image_verification.php”>
<input type=’hidden’ name=’secretcode’ value=’<?=$verification?>’>
Type Code from Image:
<input type=’text’ name=’code’>
<img src=’verify.png’ border=’1′>
<input type=’submit’ name=’submit’ value=’Submit’>
</form>

<?php
if(isset($_POST['submit']))
{
$code = $_POST['code'];
$secretcode = $_POST['secretcode'];

if($code!=$secretcode){
print “<font color=’red’>Verification failed</font>”;
}
else{
print “<font color=’green’>Verification Success</font>”;
}
}
?>

My 5th Semester Project

My Project advisor Md. Boshir Ahmed (Assistant Professor, Dept. of CSE ) advice me to develop our rental library’s website. Then I start my work and finaly I complete this project. I have developed this Site using HTML, PHP, Mysql and Java Script.

Here is the Link:
http://pollobcse05.ueuo.com/project1

Login Script

//Create Table

CREATE TABLE `login` (
`username` varchar(16) NOT NULL,
`password` varchar(100) NOT NULL,
PRIMARY KEY (`username`)
) ENGINE=MyISAM;

INSERT INTO `login` VALUES (‘alamin’, md5(‘053038′)),
INSERT INTO `login` VALUES (‘pollob’, md5(‘053031′));

//login.php
<center>
<table border=’1′>
<form method=”POST” action=”authenticate.php”>
<tr><td colspan=”2″ align=”center”>Log In</td></tr>
<tr>
<td><b>Username:</b></td>
<td><input type=”text” name=”username” size=”15″></td>
</tr>
<tr>
<td><b>Password:</b></td>
<td><input type=”password” name=”password” size=”15″></td>
</tr>
<tr>
<td colspan=”2″ align=”center”>
<input type=”submit” value=”submit” name=”submit”>
</td>
</tr>
</form>
</table>
</center>

//authenticate.php
<?php
ob_start();

mysql_connect(“localhost”, “root”) or die (“Couldn’t Connect to the server”);
mysql_select_db(“db_name”) or die (“Couldn’t Connect to database”);

// Define username and password
$username=$_POST['username'];
$password=$_POST['password'];
$crypt_pwd = md5($password);

$sql=”SELECT * FROM login WHERE username=’$username’ and password=’$crypt_pwd’”;
$result=mysql_query($sql);

$count=mysql_num_rows($result);

if($count==1){
session_register(“username”);
session_register(“password”);
$_SESSION['username'] = $username;

print “<center>”;
print “<font face=’Arial’ size=’4′ color=’red’>logged in successfully.”;
print “Redirecting ….. <META HTTP-EQUIV = ‘Refresh’ Content = ‘2; URL=sucess.php’>”;
print “</font></center>”;
}
else {
print “<center>”;
print “<font face=’Arial’ size=’4′ color=’red’>Wrong username or password, redirecting back to login page…..
<META HTTP-EQUIV = ‘Refresh’ Content = ‘2; URL =login.php’></font></center>”;
}

ob_end_flush();
?>
//sucess.php

<?php
session_start();
$get = $_SESSION['username'];
print “<center>”;
print “<font face=’Arial’ size=’4′ color=’red’>Welcome $get</font>”;
print “</center>”;
?>

Comment BOX

//Create Table

CREATE TABLE `comments` (
`id` int(11) auto_increment,
`name` varchar(30) NOT NULL,
`email` varchar(30) NOT NULL,
`comment` varchar(200) NOT NULL,
`date` timestamp NOT NULL default CURRENT_TIMESTAMP on update CURRENT_TIMESTAMP,
PRIMARY KEY (`id`)
) ENGINE=MyISAM;

//comment.php

<?php
if(isset($_POST['posted'])){
$coment = add_to_database();
if(!$coment){
print “Eror: Databases Error”;
}
}

//show get data to browser
mysql_connect(“localhost”,”root”) or die(“Could not Connect”);
mysql_select_db(“cse_rental”) or die(“Could not Select Datadase”);

$result = mysql_query(“SELECT * FROM comments”);
$count = mysql_num_rows($result);
print “There R Currently $count Comments”;
while($q = mysql_fetch_array($result)){
?>
<style type=”text/css”>
* {
font-family:Verdana, Sans-serif;
color; #000000;
font-size: 12px
}
input,textarea{
color : #000000;
font: normal 12px;
border-collapse: collapse; border: 1px solid #000000;
}
</style>
<table width=”50%”>
<tr>
<td rowspan=’3′ valign=’top’ width=”1%”>
<?php echo $q[id]; ?>.
</td>
<td bgcolor=”#009966″>Comments:</td>
</tr>
<tr><td bgcolor=”#FFFFCC”>
<?php echo $q[comment]; ?>
</td></tr>
<tr><td bgcolor=”#CCCCCC”>This Comment is posted by <b><?php echo $q[name]; ?></b> on <?php echo $q[date]; ?></td></tr>
</table>

<?php
}
mysql_close();
?>

<!– Input from user –>
<form action=”comment.php” method=”post” enctype=”multipart/form-data”>
<input type=”hidden” name=”posted”>
<b>Add Your Comments</b><br />
Name:<br />
<input type=”text” name=”name” maxlength=”30″ size=”32″><br />
Email:<br />
<input type=”text” name=”email” maxlength=”30″ size=”32″><br />
Comments:<br />
<textarea cols=”40″ rows=”6″ name=”comment”></textarea><br />

<input type=”submit” value=”Add Comments”><input type=”reset” value=”Reset”>
</form>

<?php
//add to database
function add_to_database()
{
$name = trim($_POST['name']);
$email = trim($_POST['email']);
$comment = trim($_POST['comment']);

mysql_connect(“localhost”,”root”) or die(“Could not Connect”);
mysql_select_db(“cse_rental”) or die(“Could not Select Datadase”);

$sql = “INSERT INTO comments (`id`,`name`,`email`,`comment`)
VALUES(”,’$name’,'$email’,'$comment’)”;
mysql_query($sql);
mysql_close();
return true;
}

?>