Hi,

There is a trend on internet that when you want to change your p***word, you
need to type :
1. the former p***word.
2. the new one
3. a 2nd time the new one to confirm that no mistake has been done on step
2.

however, several website also propose an additional security to avoid
hacking/brute force, they display a 4 digit image with a "random" string
including number and letters... something like A3P23.
if user do not respect case and string, p***word is not changed.

I would like to know how such system works and if a tutorial exist about
that ?

thanks a lot,

--
Alain
------------------------------------
Windows XP SP2
PostgreSQL 8.1.4
Apache 2.0.58
PHP 5

On 3/20/07, Alain Roger <EMAIL REMOVED> wrote:
> Hi,
>
> There is a trend on internet that when you want to change your p***word, you
> need to type :
> 1. the former p***word.
> 2. the new one
> 3. a 2nd time the new one to confirm that no mistake has been done on step
> 2.
>
> however, several website also propose an additional security to avoid
> hacking/brute force, they display a 4 digit image with a "random" string
> including number and letters... something like A3P23.
> if user do not respect case and string, p***word is not changed.
>
> I would like to know how such system works and if a tutorial exist about
> that ?
>
> thanks a lot,
>

The program itself is called CAPTCHA, you can of course look at their source.
But in simple i can tell you how it works, it just creates the image
with the PHP image functions, and saves a reference to which code used
in session variable. Later this reference is checked with the code
entered. In most cases the code in the image is MD5 encrypted and
stored in the session. Then after submitting, the code entered is also
MD5 encrypted and checked with the one in the session.

Tijnema
> --
> Alain
> ------------------------------------
> Windows XP SP2
> PostgreSQL 8.1.4
> Apache 2.0.58
> PHP 5
>

Alain Roger wrote:
> Hi,
>
> There is a trend on internet that when you want to change your p***word,
> you
> need to type :
> 1. the former p***word.
> 2. the new one
> 3. a 2nd time the new one to confirm that no mistake has been done on step
> 2.
>
> however, several website also propose an additional security to avoid
> hacking/brute force, they display a 4 digit image with a "random" string
> including number and letters... something like A3P23.
> if user do not respect case and string, p***word is not changed.
>
> I would like to know how such system works and if a tutorial exist about
> that ?
>
> thanks a lot,

http://pear.php.net/Text_CAPTCHA
http://pear.php.net/package/Text_CAPTCHA_Numeral

Regards,
Greg
--
Experience the revolution, buy the PEAR Installer Manifesto
http://www.packtpub.com/book/PEAR-installer

On Tue, March 20, 2007 11:52 am, Alain Roger wrote:
> There is a trend on internet that when you want to change your
> p***word, you
> need to type :
> 1. the former p***word.
> 2. the new one
> 3. a 2nd time the new one to confirm that no mistake has been done on
> step
> 2.
>
> however, several website also propose an additional security to avoid
> hacking/brute force, they display a 4 digit image with a "random"
> string
> including number and letters... something like A3P23.
> if user do not respect case and string, p***word is not changed.
>
> I would like to know how such system works and if a tutorial exist
> about
> that ?

Search for the term "CAPTCHA" in Google.

Add in PHP to get just PHP solutions.

You will find LOTS.

--
Some people have a "gift" link here.
Know what I want?
I want you to buy a CD from some starving artist.
http://cdbaby.com/browse/from/lynch
Yeah, I get a buck. So?

I am trying to follow this, its a learning one, something like

<?php
$inputstring = rand(1000,10000);
$im = imagecreate(200, 100);
$bg = imagecolorallocate($im, 225, 255, 255);
$textcolor = imagecolorallocate($im, 0, 0, 255);
imagestring($im, 5, 10, 70, $inputstring, $textcolor);
header('Content-type : image/jpeg');
header('Content-Disposition: inline; filename="checkrobot.jpg"');
imagejpeg($im);
imagedestroy($im);
?>

then compare the input string value with the html form value


--
If at first you dont succeed
try try try again
If at first you do succeed
try not to look surprised

_
""Richard Lynch"" <EMAIL REMOVED> wrote in message
news:EMAIL REMOVED...
> On Tue, March 20, 2007 11:52 am, Alain Roger wrote:
> > There is a trend on internet that when you want to change your
> > p***word, you
> > need to type :
> > 1. the former p***word.
> > 2. the new one
> > 3. a 2nd time the new one to confirm that no mistake has been done on
> > step
> > 2.
> >
> > however, several website also propose an additional security to avoid
> > hacking/brute force, they display a 4 digit image with a "random"
> > string
> > including number and letters... something like A3P23.
> > if user do not respect case and string, p***word is not changed.
> >
> > I would like to know how such system works and if a tutorial exist
> > about
> > that ?
>
> Search for the term "CAPTCHA" in Google.
>
> Add in PHP to get just PHP solutions.
>
> You will find LOTS.
>
> --
> Some people have a "gift" link here.
> Know what I want?
> I want you to buy a CD from some starving artist.
> http://cdbaby.com/browse/from/lynch
> Yeah, I get a buck. So?