1
vinit
Image verification process before registration.
  • 2004/12/26 14:23

  • vinit

  • Just can't stay away

  • Posts: 530

  • Since: 2004/1/10


Create a user verification image like seen on sites like neopets. Now with encoded url image source for extra security...

file : image.php
<?php
require_once "encode.php";
$decid = urldecode(md5_decrypt($_REQUEST['id'], $_REQUEST['key']));
header("Content-type: image/png");
$img = imagecreatetruecolor(65, 20);
$white = imagecolorallocate($img, 255, 255, 255);
$brown = imagecolorallocate($img, 255, 51, 51);
imagefill($img, 0, 0, $brown);
imagestring($img, 3, 6, 3, $decid, $white);
imagepng($img, '', 75);
imagedestroy($img);
?>

file : encode.php ( md5 section)
<?php
function get_rnd_iv($iv_len){
$iv = '';
while ($iv_len-- > 0) {
$iv .= chr(mt_rand() & 0xff);
}
return $iv;
}
function md5_encrypt($plain_text, $password, $iv_len = 16){
$plain_text .= "\x13";
$n = strlen($plain_text);
if ($n % 16) $plain_text .= str_repeat("\0", 16 - ($n % 16));
$i = 0;
$enc_text = get_rnd_iv($iv_len);
$iv = substr($password ^ $enc_text, 0, 512);
while ($i < $n) {
$block = substr($plain_text, $i, 16) ^ pack('H*', md5($iv));
$enc_text .= $block;
$iv = substr($block . $iv, 0, 512) ^ $password;
$i += 16;
}
return base64_encode($enc_text);
}
function md5_decrypt($enc_text, $password, $iv_len = 16){
$enc_text = base64_decode($enc_text);
$n = strlen($enc_text);
$i = $iv_len;
$plain_text = '';
$iv = substr($password ^ substr($enc_text, 0, $iv_len), 0, 512);
while ($i < $n) {
$block = substr($enc_text, $i, 16);
$plain_text .= $block ^ pack('H*', md5($iv));
$iv = substr($block . $iv, 0, 512) ^ $password;
$i += 16;
}
return preg_replace('/\\x13\\x00*$/', '', $plain_text);
}
?>

file : webform.php
with this file simply do your webform as you normally would and simply include the image into the file

i.e
<?php
require_once "encode.php";
$string = md5(rand(0, microtime()*1000000));
$verify_string = substr($string, 3, 7);
$key = md5(rand(0,999));
$encid = urlencode(md5_encrypt($verify_string, $key));
echo "<img src='1.php?id=$encid&key=$key'><br>";
echo "to verify the user would hve to type in $verify_string";
?>


I wish someone could incorporate this into the XOOPS user registration process.

2
ackbarr
Re: Image verification process before registration.

I seem to remember predator having a hack that added catchpa support for the registration process.

3
Cavan
Re: Image verification process before registration.
  • 2005/1/6 13:33

  • Cavan

  • Friend of XOOPS

  • Posts: 218

  • Since: 2004/11/28


Could someone please tell me WHERE the code listed above by "vinit" needs to go? I would like to use this on our site.

4
danielh2o
Re: Image verification process before registration.
  • 2005/1/6 17:40

  • danielh2o

  • Just popping in

  • Posts: 47

  • Since: 2004/10/19


vinit,

Whether your code is same hack stated at this topic?
(or enhancement? or totally new?)

Visual verification during user registration for XOOPS

5
Dr3vil
Re: Image verification process before registration.
  • 2005/1/6 19:01

  • Dr3vil

  • Friend of XOOPS

  • Posts: 57

  • Since: 2003/5/10


Does the Hack exist for the current v2.0.9.2 core?

6
Bizzware
Re: Image verification (hack for xoops 2.0.9.2)
  • 2005/1/11 2:09

  • Bizzware

  • Friend of XOOPS

  • Posts: 36

  • Since: 2005/1/11


I have changed the files needed for XOOPS 2.0.9.2

This is from the original script 'Security check hack' made by phppp. (I only changed the files needed for XOOPS 2.0.9.2)

Send me an email if interested in the files and I'll send them to you.

You can see it in action at http://www.Bizzware.ca

USE AT YOUR OWN RISK!

Login

Who's Online

58 user(s) are online (37 user(s) are browsing Support Forums)


Members: 0


Guests: 58


more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: Aug 31
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits