Ultimate security for Image Captcha - PHP (Apparently)

Download the latest version of PHP image captcha from here.

How it works

The following image illustrates how the new system works.

Fig 1. Flow Diagram

The client requests a key from server and the server returns a unique key. The server also generates random string and saves IP address and details of the client request in the database.

The client then would request again now by submitting the key the server returns an image which the client would set in the form.

After the user gives the input the client makes a 3rd request this time sending the user input and the key to the server. The server searches the database with the key and finds if captcha matches, if it matches then the server returns 1 else returns 0. In either case, the captcha cannot be used again and the client would need to do all the three steps again.

In this way, this captcha verification method is much safer and it also enables us to track the IP from which attack could be made. In the future we can also easily add function to block IPs.

The next step would be to make more complex and well packed images.

Usage (example)

Download and unzip the package which contains the following files:

1. Captcha.php - Main captcha class
2. check_captcha.php
3. get_key.php
4. get_captcha.php
5. database.php - Database class
6. test.php - Example file
7. framework.sql - DB script

after you have put your files in place and set up the db tables using the script, do the following from client side php:

//request a key from server
http://<yourhost>/get_key.php

//now using the key you can request and image captcha
<img src="http://<yourhost>/get_captcha.php?key=<key_from_request>">

//The form to submit data
<form action="check_captcha.php?key=<key_from_request>" method="post">
   <input type="text" name="captcha_string"/>
   <button type="submit">check</button>
</form>

//then process the response which is either 0 or 1

Credits

Thanks to Muntasir Azam Khan who was involved in thinking and pointing out about various problems the previous releases had and who helped test this Image Captcha code in one of his Code Dump (http://codedump.appspot.com/) sites beta versions.

Image captcha security update

The image captcha class we seen previously had a security issue when used by passing string (like <img src="captcha.php?&s=your_string" />) as it is easy to parse the html and find the value which is printed along with the tag.

It however had no problems if used from another php class. But if you wish to use the class from external Java, Perl, Python, Ruby or any other language and scripts then the image tag was the only option and was not secured.

Therefore, the new and updated captcha class uses browser cookie for storing the captcha and then for checking it.

Download the php classes from:

http://nasaralla.googlecode.com/files/captcha.zip

You will find the following files:

• Captcha.php - The main captcha class


• get_captcha.php - This file will be used to get the printed image


• check_captcha.php - This file will be used for form validation


• test.php - An example php on how it might be used.

now to print the image simply do in your form:
<img src="get_captcha.php" />

You can then validate user input by Ajax or direct form submission by posting to - check_captcha.php

Example form:

<form action="check_captcha.php" method="post">
<input type="text" name="captcha_string" />
<button type="submit">submit</button>
</form>

The file check_captcha.php responses in boolean 1 - true or 0 - false.

Database Updated Finally!

Hey Guys,

Finally I have added some nice database features which should give the class some meaning now, as previously it only ran your query (custom queries) and only did some simple validations for you.

Now it comes with some powerful mysql features and you can slowly try to build more OOP based design.

new!

You can now do the following most used features of mysql using this helper class:
1) Create Table
2) Insert data in table
3) Edit and update values
4) Remove items using a bit complex conditions
5) and last but not the least... Find!

Do the following before you attempt anything with these files:

Download database class: _here_

include("database.php");

$db = new DBConnect('host_name','database_name','user_name','password');
$con = $db->setDb();

Now to create table simply:

$db->createTable('contacts', array('name', 'address', 'phone', 'email'), array('varchar(30)', 'varchar(50)', 'varchar(12)', 'varchar(30)'), TRUE);

The function parameters are:
1) Table name - String
2) Field names - Array of String
3) Field types - Array of String
4) Overwrite - Boolean

The first three parameters are the obvious requirement for the mysql CREATE TABLE function. Make sure the number of 'Field names' and 'Field types' are equal. The final parameter is a boolean, if set true then it will overwrite any previous table with the same name. Set it to false for safety.

Now insert values to table!

$db->insert('contacts', array('name','address','phone','email'), array('Anas Nasarullah','Uttara Dhaka Bangladesh','9181819','anasrlh@hotmail.com'));

The parameters here are simple to tell. All of which is required by Mysql for INSERT function.

The function parameters are:
1) Table name - String
2) Field names - Array of String
3) Field values - Array of String

Now time to do some editing to the values!

$db->edit('contacts', 'email', 'anasarulh@hotmail.com', 'email', 'anasrlh@hotmail.com');

This function should have more functionalities to handle complex conditions. For the time being it only finds the value of the given field and value and changes that value.

The function parameters are:
1) Table name - String
2) Edit field name - String
3) New value - String
4) Find field name - String
5) Find value - String

Now we will remove an element from table

$db->remove('contacts', array('email', 'name'), array('anasarulh@hotmail.com', 'Anas Nasarullah'), 'or');

This function has powerful conditioning among all the functions we discussed till now. You can give a set of fields which should have a set of values and can tell if they will have 'and' or 'or' condition to choose the correct field. Even though the disadvantage is that all the conditions will be 'and-ed' or 'or-ed' but cannot be a mixture more complex possible conditions.

The function parameters are:
1) Table name - String
2) Find field names - Array of Strings
3) Find values - Array of Strings
4) Operator - String ('and' / 'or')

Finally its time to Find!

It is a very basic and simple find function as follows:

$db->find('contacts', 'name', 'Anas', 0);

The function can only for now take table name, the field to look for and the value to look for. The final flag parameter is boolean and it means that the value we search for, whether it is an exact search or we match with all values containing value string.

Flag = 1 means find with exact value.
Flag = 0 means find with string containing the value.

The function parameters are:
1) Table name - String
2) Find field name - String
3) Find value - String
4) Flag - Boolean (0 / 1)

Thats all folks!

Image Captcha updated

I have recently added a feature in the image captcha class, which is simple to be able to generate a random string and pass it on to captcha class. The class will then create the captcha image which could be used for human verification. This feature makes it easier to use the captcha class from external files.

the file could be downloaded from http://nasaralla.googlecode.com/files/captcha.php

and the simple to use instructions are as follows:

//create a random string
$md5 = md5(microtime() * mktime());
$captcha_str = substr($md5,0,8);
//then simply include the captcha file
include('captcha.php');
$captcha = new Captcha();
$_get['s'] = $captcha_str;
$captcha->printGivenString();

The above example will print the image on whole page. To add it in a part of you page simple add this bit of the code in a php file:

include('captcha.php');
$captcha = new Captcha();
$captcha->printGivenString();

and supposed you name the file as image_captcha.php

now simply from you html or form do
<img src = "<any base path>/image_captcha.php?s=yourString" />

Tabulation updated

We have slightly upgraded the tabulation function but the function is both important and comes very handy these days, in most e-commerce sites which gives user the control over they wish to see the results sort their prices etc.

So our new tabulation with pagination now has the sort function where you simply need to state which row needs to be sorted and in what order, i.e. Ascending or descending order.

The tabulation class can be downloaded from here:

http://nasaralla.googlecode.com/files/tabulation.php

and how to use the class is defined in this post:

http://phphelperfunctions.blogspot.com/2010/01/simple-php-tabulation-helper-class.html

You only need to call the following function in order to call a page in a required sorted order.

_______________________________________________________

Example:

$results = $tab->getResultSorted(3, 'Hotel', 'DESC');

where the signature is

getResultSorted($page_number, $row_name, $sort_order);

for ascending order simply keep the order blank (default order)
_______________________________________________________

Simple shopping cart class using php

Hello,

My cart class manages the shopping cart facility which almost every e-commerce site requires these days. This class does not do checkout with paypal, google check out or with any such similar services. But you can very easily manage the items being put into and taken away from the cart.

you can download the file from here:
http://nasaralla.googlecode.com/files/shopping_cart.php

And like in the following example can start managing your items:

___________________________________________________
//include the file
include("shopping_cart.php");
//start a session
session_start();
//initialize session variables
$_SESSION["item_list"] = array();
$_SESSION["item_total"] = 0;
//creating some items
$itm1 = new item("1","T-shirt","clothing","fcuk", "10.00", "cotton t-shirt", "image_url_not_available");
$itm2 = new item("2","Trouser","clothing","fcuk", "15.00", "Khaki trouser", "image_url_not_available");
$itm3 = new item("3","Cap","clothing","Next", "5.00", "all size cap", "image_url_not_available");
$itm4 = new item("4","jacket","formal","Austin reed", "100.00", "bond casino royal style", "image_url_not_available");
$itm5 = new item("5","Shoes","formal","Aldo", "50.00", "black naughty boy", "image_url_not_available");

//create your cart
$cart = new shopping_cart();

//add items to your cart
$cart->add_to_cart($itm1);
$cart->add_to_cart($itm2);
$cart->add_to_cart($itm3);
$cart->add_to_cart($itm4);
$cart->add_to_cart($itm5);

//print xml based status of the cart
$cart->print_cart_status();

//remove item in 3rd position (4th item)
$cart->remove_element(3);

//print xml based status of the cart
$cart->print_cart_status();
//end session
session_destroy();
___________________________________________________

And the xml output is like the following:
___________________________________________________


___________________________________________________

PHP mail helper class

Hello,

todays post is about a very simple to use php helper class for mail sending.

The class is easy to use and can serve the purpose of multiple mail sending using one function call.

Remember you need to do all your validation yourself... until I build the php helper class for all possible sorts of required validations.

Simply get the mail class from http://nasaralla.googlecode.com/files/mail.php

________________________________________
//include the mail class in your code
include("mail.php");

//instantiate the Mailer class with the
$mail = new Mailer('receiver@example.com','sender@example.com','subject','message');

//or you can also instanciate with cc and Bcc
$mail = new Mailer('receiver@example.com','sender@example.com','subject','message','cc@example.com','bcc@example.com');

//then simple call the send mail function
$mail->send_mail();

//you can also send mail to a list of people
$mail = new Mailer('','sender@example.com','subject','message');
$array = new array('receiver1@example.com','receiver2@example.com','receiver3@example.com');
$mail->send_mail_list($array);
________________________________________

Simple php Image Captcha

Hello all,

my next work is a very simple image captcha php class which simple prints a random image with string on it which is very useful for security purposes.

the file could be downloaded from http://nasaralla.googlecode.com/files/captcha.php

and the simple to use instructions are as follows:
_________________________________________
//include the class file
include("captcha.php");
//instanciate the class
$c = new Captcha();
//generate the random string with this function
$c->generateCaptcha();
//print the image
$c->printCaptcha();
_________________________________________

Simple php tabulation helper class

This class would allow you to grab your required 'view' of data from a given query by simply providing the query and changing your page number each time. The function does not provides any view it only has one print function which could be used for testing or could be overwritten to serve your purpose.

The helper class requires the database class in my previous post.

The tabulation class file could be downloaded from http://nasaralla.googlecode.com/files/tabulation.php

and you also need this database.php: http://nasaralla.googlecode.com/files/database.php
____________________________________________
//in your code you need to include tabulation.php as follows
include("tabulation.php");
//next you call the constructor and set the query only once and also the page limit
$tab = new Tabulation("select * from cutpriceh", 10);
//make sure you do not put a semi-colon (;) at the end
//then you need to set from which database (MySQL) you are bringing in the data
$tab->setDBParam("localhost","cutprice","root","");
//and you run the getResults function which given the page number would return the result set //as well as store the result set in a private variable ...
$results = $tab->getResults(3);
//Finally you could use the build in print table function to print your page of values
$tableIndex = array('Hotel','City');
$tab->printResults($tableIndex);
//the function takes in an array of database field names and prints only those fields
____________________________________________

Simple php database helper function

the following PHP class has been written to simplify database usage in PHP and make it more of an object oriented way of performing tasks.

This function will also allow you to use mysql from php without having to bother about the php functions for SQL.

You can download the .php file from http://nasaralla.googlecode.com/files/database.php

The following example shows how you could use this file:
________________________________________
//Include the file
include("database.php");
//provide parameters for connecting to the MySQL server
//the functions needs to be provided with the host, database_name, username and password in //order
$db = new DBConnect('localhost', 'jobdb','root','');
$con = $db->setDB();
//then simply run any query using the following function
$result = $db->makeQuery("select * from candidate;");
//and finally terminate connection with server
$db->closeConnection($con);

________________________________________

Yes you are not totally independent of writing queries in this version which I hope to add in the future but this does gives you the flexibility of 'selecting' with a wider and more complex queries.