One of the most common ways to stop bots and spammers from generating spam in people’s websites is using some form of image verification. This can be done very easily with just PHP and Sessions. Using image verification acts as a human detector, to make sure the viewer of that page is not a bot of some kind. Bots can cause damage to your server by overloading it with spammed content and flooding your boards with unwanted links and text.

Let’s say we have a form that submits a few fields and possibly a file:

<form action="submit.php" method="post" enctype="multipart/form-data">
Field 1: <input type="text" name="field1" size="25" /><br/>
Field 2: <input type="text" name="field2" size="25" /><br/>
File: <input type="file" name="file" size="25" />
<input type="submit" name="submit" value="Submit" />
</form>

Now, this form will submit three variables: field1, field2, and the file.

This form does not have any image verification added in. So any bot could simply process this page over and over to flood the server with crap. So we are going to add a simple image verification to the form. To do this we make image.php:

<?php
// Image.php

session_start();

$width = 73;
$height = 18;

$image = imagecreate($width,$height);

// All possible characters that the image will have.
$alphanum = "ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";

// Create the random set of characters defined above.
$rand = strtoupper(substr(str_shuffle($alphanum),0,6));

// Set the session here. We will use the session "image_verification" to hold the string, and "md5_image_verification" to hold the hash.
$_SESSION["image_verification"] = $rand;
$_SESSION["md5_image_verification"] = md5($rand);

// Here we set the colors, and text size.
$bgColor = imagecolorallocate($image, 231,231,231);
$textColor = imagecolorallocate($image, 0,0,0);
$textSize = imagefontheight(1);

// Create the image with the session "image_verification."
imagestring ($image, 5, 8, 2, $_SESSION["image_verification"], $textColor);

// Set the page headers to image.
header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
header("Cache-Control: no-store, no-cache, must-revalidate");
header("Cache-Control: post-check=0, pre-check=0", false);
header("Pragma: no-cache");
header("Content-type: image/jpeg");
imagejpeg($image);
imagedestroy($image);
return true;

?>

Now we must add the field to our form:

Verification: <input type="text" name="verification" size="6" maxlength="6" />&amp;amp;nbsp;<img src="image.php" class="imgverification" />
</form>

Notice I used the class “imgverification.” We must add this to our <head> tags of the page:

<style type="text/css">
.imgverification {
vertical-align: bottom;
text-align: left;
margin: 0;
padding: 0;
border: 1px solid #ccc;
}
</style>

We must also make sure we include our session_start() on all pages we use session variables on. So on our form page, the image page, and submit page.

Now when the form is submitted to submit.php we check the submitted input for $_POST["verification"] to $_SESSION["md5_image_verification"].

<?php
// Submit.php

session_start();

if(md5($_POST["verification"]) == $_SESSION["md5_image_verification"]){
// Continue with the form, mysql query, etc.
return true;
} else {
return false;
}

?>

Popularity: 4% [?]