Verification image security

~~Independent~~ · 24-01-2008, 10:41 PM

Code:

<?php
session_start();
$host = "localhost";
$user = "REMOVED";
$pass = "REMOVED";
$db    = "REMOVED";
$ms = mysql_connect($host, $user, $pass);
if(!$ms) { echo "Error connecting to database.\n"; }
mysql_select_db($db);
 
if($_GET['login'] == "login") {
$user1_post = addslashes($_POST["username_post"]);
$pass1_post = addslashes($_POST["password_post"]);
$pass1_post = ($pass1_post);
if($user1_post == "" or $pass1_post == "") { echo "<center>
<table style=\"BORDER-COLLAPSE: collapse\" borderColor=\"#ffaaaa\" width=\"50%\" bgColor=\"#ffdddd\" border=\"1\" id=\"table1\">
 <tr>
  <td align=\"middle\"><font size=\"2\" face=\"Verdana\"><b>Login Error:</b><br>
  <br>
  <font size=\"1\">Unfortunatley, you have entered an incorrect username or 
  password.<br>
  <br>
  Please, Click one of the following links:<br>
  <font color=\"black\"><a href=\"index.php\">Login again</a><br>
  </font><a href=\"<A href="http://HabboMedia.net\"><font">http://HabboMedia.net\"><font color=\"black\">Return to 
  HabboMedia</font></a><br>
  <br>
  HabboMedia© Copyright 2006</font></font></td>
 </tr>
</table>
</center>"; exit; }
 
list($user) = mysql_fetch_array(mysql_query("SELECT `username` FROM `staff` WHERE username='$user1_post'"));
list($pass) = mysql_fetch_array(mysql_query("SELECT `password` FROM `staff` WHERE password='$pass1_post'"));
 
if($user1_post == "$user" and $pass1_post == "$pass") {
$sql = mysql_query("SELECT * FROM `staff` WHERE username='$user' AND password='$pass'");
if(mysql_num_rows($sql)!= 1) { exit; }
$result = mysql_fetch_array($sql);
 
$_SESSION['session_username'] = $result['username'];
$_SESSION['session_level'] = $result['level'];
$_SESSION['session_ip'] = $_SERVER['REMOTE_ADDR'];
 
echo "Please wait, you are being redirected.<meta http-equiv=\"refresh\" content=\"0;url=user.php\">";
        exit;
} else { echo "<center>
<table style=\"BORDER-COLLAPSE: collapse\" borderColor=\"#ffaaaa\" width=\"50%\" bgColor=\"#ffdddd\" border=\"1\" id=\"table1\">
 <tr>
  <td align=\"middle\"><font size=\"2\" face=\"Verdana\"><b>Login Error:</b><br>
  <br>
  <font size=\"1\">You have entered an incorrect password.<br>
  <br>
  Please, Click one of the following links:<br>
  <font color=\"black\"><a href=\"index.php\">Login again</a><br>
  </font><a href=\"<A href="http://HabboMedia.net\"><font">http://HabboMedia.net\"><font color=\"black\">Return to 
  HabboMedia</font></a><br>
  <br>
  HabboMedia.net© Copyright 2006</font></font></td>
 </tr>
</table>
</center>"; }
} else { ?>
 
<body bgcolor="#F45000" bgproperties="fixed" style="background-image: url('http://images.habbohotel.co.uk/c_images//backgrounds/HC_royal.gif')">
 
 
 
<p align="center">
&nbsp;</p>
 
<center>
<div align="center">
 <table width="329" height="3" style="border-collapse: collapse" cellpadding="0" cellspacing="0" id="table2">
<tr>
    <td width="330" height="11" align="center">
                </td>
   </tr>
<tr>
    <td align="center" width="400" background="hk_middle.gif" height="342">
    <form action="<?php echo "$PHP_SELF"; ?>?login=login" method="POST">
                  <font size="1" face="Verdana"><br>
     &nbsp;<br>
&nbsp;</font><table border="0" id="table3" width="252" height="87">
 <tr>
  <td>
  <tr>
  <td>
  <p align="right"><b><font size="1" face="Verdana">Username:</font></b></td>
  <td>
  <p align="center">
  <span style="font-size: 10px"><font face="Verdana">
  <input class="boarder" size="25" name="username_post" style="float: left; border: 1px dashed #000000"></font></span></td>
  </tr>
  <tr>
  <td>
  <font face="Verdana"><span style="font-size: 10px; font-weight: 700">PIN</span></font></td>
  <td>
  <font face="Verdana" style="font-size: 10px"> <img width="175" src="securityimage.php"><br><input name="security_try" type="text" id="security_try" size="25" maxlength="25" style="border: 1px dashed #000000"></font></td>
  </tr>
 <tr>
  <td>
  <p align="center"><font size="1" face="Verdana"><b>Password:</b></font></td>
  <td>
  <p align="center"><font face="Verdana" size="1" color="#FFFFFF"> 
  <span style="font-size: 10px"><font face="Verdana"> 
  <input type="password" name="password_post" size="25" style="border-style:dashed; border-width:1px; float: left"></font></span></font></td>
 </tr>
 <font face="Verdana"><span style="font-size: 10px">
<br>
 </span></font>
</table>
     <span style="font-size: 10px"><font face="Verdana">
<br><input type="submit" value="Send" class="submit" />
     </font></span>
     <p><font face="Verdana" size="1" color="black"><b>This area is for HabboMedia staff only!</b></font></p>
</form></td>
</tr>
</table>
 
</div>
 
 
 
 
 
 
<p align="center">&nbsp;</p>
 
 
 
 
 
 
 
<?php } ?>

Right, I need someones help making the image verification script work, I think I have to include something from signup_demo.php (Code listed below)

Code:

<?php
//Define function to insert security image
function insertSecurityImage($inputname) {
   $refid = md5(mktime()*rand());
   $insertstr = "<img src=\"securityimage.php?refid=".$refid."\" alt=\"Security Image\">\n
   <input type=\"hidden\" name=\"".$inputname."\" value=\"".$refid."\">";
   echo($insertstr);
}
//Define function to check security image confirmation
function checkSecurityImage($referenceid, $enteredvalue) {
   $referenceid = mysql_escape_string($referenceid);
   $enteredvalue = mysql_escape_string($enteredvalue);
   $tempQuery = mysql_query("SELECT ID FROM security_images WHERE 
   referenceid='".$referenceid."' AND hiddentext='".$enteredvalue."'");
   if (mysql_num_rows($tempQuery)!=0) {
      return true;
   } else {
      return false;
   }
}
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<title>Signup Demo</title>
</head> 
<body>
<?php
if (isset($HTTP_POST_VARS["name"]) && isset($HTTP_POST_VARS["security_try"])) {
   //Connect to database
mysql_connect("localhost", "REMOVED", "REMOVED") or die(mysql_error());
mysql_select_db("REMOVED");
   //Set variables, and call checkSecurityImage
   $security_refid = $HTTP_POST_VARS["security_refid"];
   $security_try = $HTTP_POST_VARS["security_try"];
   $checkSecurity = checkSecurityImage($security_refid, $security_try);
   //Depending on result, tell user entered value was correct or incorrect
   if ($checkSecurity) {
      $validnot = "correct";
   } else {
      $validnot = "incorrect";
   }
   //Write output F
   echo("<b>You entered this as the security text:</b><br>\n
   ".$security_try."<br>\n
   This is ".$validnot.".<br>\n
   -------------------------------<br><br>\n
   ");
}
?>
<form name="signupform" method="post" action="<?=$_SERVER["PHP_SELF"]?>">
Please sign up for our website:
<br>
<br>
Name: 
<input name="name" type="text" id="name">
<br>
<? insertSecurityImage("security_refid") ?>
<br>
Enter what you see: 
<input name="security_try" type="text" id="security_try" size="20" maxlength="10"> 
(can't see? try reloading page) 
<br>
<br>
<input type="submit" name="Submit" value="Signup!">
</body>
</html>

Any help pls? (its the same one that Clubhabbo and Hffm use)

http://www.php-mysql-tutorial.com/us...rification.php
If that link may help, idk. It didnt for me

The image displays but, idk how to put it in the form so it makes sure your typing a correct code

Thread: Verification image security

Thread Tools

Verification image security

Posting Permissions