|
|
Posted by john.d.mann on 12/27/05 02:01
The reason for using those letters for confirmation is so that only a
human can submit the form. If you use plain text, an automated program
could read the string and input it on its own. So, to avoid this, you
turn the randomized string of letters/numbers into an image using GD
(with GD, you can overlay text into an image. You create an image on
the fly to your desired dimensions and load that image on the screen.
You need to keep a copy of the string you used to create the image for
comparison. You can either keep it in a database, or in a $_GET value,
which is where the MD5 comes in - to help encrypt it. I'd suggest the
database route, personally, but that involves a more in-depth program,
so be up for it if you do that (tie it together with the session id for
example). When the user types in the random string form the image,
then compare it to the stored value (from database or your $_GET value).
[Back to original message]
|