Secured Login Building

The fix is in the code:

<?php 
session_start();
//Settings: You can customize the captcha here
$image_width = 120;
$image_height = 40;
$characters_on_image = 6;
$font = './monofont.ttf';

//The characters that can be used in the CAPTCHA code.
//avoid confusing characters (l 1 and i for example)
$possible_letters = '23456789bcdfghjkmnpqrstvwxyz';
$random_dots = 0;
$random_lines = 20;
$captcha_text_color="0x142864";
$captcha_noice_color = "0x142864";

$code = '';


$i = 0;
while ($i < $characters_on_image) { 
$code .= substr($possible_letters, mt_rand(0, strlen($possible_letters)-1), 1);
$i++;
}

///////////////////////////////////////////   LINE ADDED
$_SESSION['code'] = $code;
//////////////////////////////////////////


$font_size = $image_height * 0.75;
$image = @imagecreate($image_width, $image_height);


/* setting the background, text and noise colours here */
$background_color = imagecolorallocate($image, 255, 255, 255);

$arr_text_color = hexrgb($captcha_text_color);
$text_color = imagecolorallocate($image, $arr_text_color['red'], 
		$arr_text_color['green'], $arr_text_color['blue']);

$arr_noice_color = hexrgb($captcha_noice_color);
$image_noise_color = imagecolorallocate($image, $arr_noice_color['red'], 
		$arr_noice_color['green'], $arr_noice_color['blue']);


/* generating the dots randomly in background */
for( $i=0; $i<$random_dots; $i++ ) {
imagefilledellipse($image, mt_rand(0,$image_width),
 mt_rand(0,$image_height), 2, 3, $image_noise_color);
}


/* generating lines randomly in background of image */
for( $i=0; $i<$random_lines; $i++ ) {
imageline($image, mt_rand(0,$image_width), mt_rand(0,$image_height),
 mt_rand(0,$image_width), mt_rand(0,$image_height), $image_noise_color);
}


/* create a text box and add 6 letters code in it */
$textbox = imagettfbbox($font_size, 0, $font, $code); 
$x = ($image_width - $textbox[4])/2;
$y = ($image_height - $textbox[5])/2;
imagettftext($image, $font_size, 0, $x, $y, $text_color, $font , $code);


/* Show captcha image in the page html page */
header('Content-Type: image/jpeg');// defining the image type to be shown in browser widow
imagejpeg($image);//showing the image
imagedestroy($image);//destroying the image instance
$_SESSION['6_letters_code'] = $code;

function hexrgb ($hexstr)
{
  $int = hexdec($hexstr);

  return array("red" => 0xFF & ($int >> 0x10),
               "green" => 0xFF & ($int >> 0x8),
               "blue" => 0xFF & $int);
}
?>

Close to line 30, I added a session variable which contains the code generated. Now, after they go to the next stage of authentication, you can compare their input to the session variable

$_SESSION['code'].

Hope this helped.

Hello Thankyou,
i am already having that code in line 72. But when i takes session variables. the image displaying the different code and $_SESSION showing the different one. And how can i compare those two?

You mean that the image is displaying 6 different letters/numbers than the $code variable contains?

Ya for eg: when the page loads at first, the image shows jkls45 and the $_SESSION shows something different, When i again load the page, the shows some other captcha and now the SESSION shows the previous captcha jkls45

Hmmm... Try doing a double compare. Insert the line of code where I placed it at the top, and during the comparison against the image, also compare the two session variables.

ok i will try...

Hi now this time its not at all outputting the values from the session. Here's my code.

<?PHP
echo ("Hello");
$code1 = $_SESSION['code'];
$code = $_SESSION['6_letters_code'];

echo ($code1);
echo ($code);
?>

The script you originally posted creates an image for another page, the password form. On the page with the password form and capcha, redirect the form temporarily to a page with the code below in it. It should reveal the magic codes then...

<?php

$code1 = $_SESSION['code'];
$code2 = $_SESSION['6_letters_code'];
$code3 = $_POST['password'];  // rename to fit your form method and form variable name.

$line = "CODE: ".$code1." 6_letters_code: ".$code2." POST: ".$code3;
echo $line;
?>

I used recaptcha, i added to my, i am having already javascript validation, i also want this to be validated. I dont know how to proceed from this step. Now i am able to see captcha in my page. But i dont know how to display error message. When the user register, he must be checked with every fields that he has return correctly and also checks with captcha, then the page must redirect to the next page. Here is my coding,

<html>
 <head>
 <title>Register Page</title>
 <script type="text/javascript" language="javascript">
 function validate_register()
 {
     alert('hi');
     var usrname = document.getElementById('regusrname').value;
     var usrpwd = document.getElementById('regusrpwd').value;
     var cusrpwd = document.getElementById('regcusrpwd').value;
     if (usrname=="")
     {
         document.getElementById('v1').innerHTML = "Enter Username";
         return false;
     }
     elseif (usrpwd=="")
     {
         document.getElementById('v2').innerHTML = "Enter Password";
         return false;
     }
     elseif (usrpwd != cusrpwd)
     {
         document.getElementById('v3').innerHTML = "Password Missmatch";
         return false;   
     }   
     else
     {
     return true;
     }
 }
 </script>
</head>
 <body>
 <table width="100%" border="1">
 <form method="POST"   action="chkregister.php">
 <tr>
 <td>Enter Username:</td>
 <td><input type="text" id="regusrname" name="regusrname" /></td>
 <td id="v1">&nbsp;</td>
 </tr>
 <tr>
 <td>Enter Password:</td>
 <td><input type="text" id="regusrpwd" name="regusrpwd" /></td>
 <td id="v2">&nbsp;</td>
 </tr>
 <tr>
 <td>Confirm Password:</td>
 <td><input type="text" id="regcusrpwd" /></td>
 <td id="v3">&nbsp;</td>
 </tr>
 <tr>
 <td>Enter Email Address:</td>
 <td><input type="text" id="email" name="email" /></td>
 <td id="v4">&nbsp;</td>
 </tr>
 <tr>
 <td>Enter Captcha Verification</td>
 <td>
 <?php
  
 require_once('recaptchalib.php');
  
 // Get a key from http://recaptcha.net/api/getkey
 $publickey = "6LePbAoAAAAAALvKwRXXsD8fhSCCqR_yKTHq4wfQ";
 $privatekey = "6LePbAoAAAAAAGG3kNPiaSUfiHx0mexGYwOueBrt";
  
// the response from reCAPTCHA
 $resp = null;
 //the error code from reCAPTCHA, if any
 $error = null;
  
 //was there a reCAPTCHA response?
 if ($_POST["recaptcha_response_field"]) {
         $resp = recaptcha_check_answer ($privatekey,
                                         $_SERVER["REMOTE_ADDR"],
                                         $_POST["recaptcha_challenge_field"],
                                         $_POST["recaptcha_response_field"]);
  
         if ($resp->is_valid) {
                 echo "You got it!";
         } else {
                 # set the error code so that we can display it
                 $error = $resp->error;
         }
}
 echo recaptcha_get_html($publickey, $error);
 ?>
 </td>
 </tr>
 <tr>
 <td colspan="3"><input type="submit" value="Register" onsubmit="validate_register()" /></td>
 </tr>
 </form>
 </table>
 </body>
 <html>