On 3/20/07, Alain Roger <raf.news@xxxxxxxxx> wrote:
Hi, There is a trend on internet that when you want to change your password, you need to type : 1. the former password. 2. the new one 3. a 2nd time the new one to confirm that no mistake has been done on step 2. however, several website also propose an additional security to avoid hacking/brute force, they display a 4 digit image with a "random" string including number and letters... something like A3P23. if user do not respect case and string, password is not changed. I would like to know how such system works and if a tutorial exist about that ? thanks a lot,
The program itself is called CAPTCHA, you can of course look at their source. But in simple i can tell you how it works, it just creates the image with the PHP image functions, and saves a reference to which code used in session variable. Later this reference is checked with the code entered. In most cases the code in the image is MD5 encrypted and stored in the session. Then after submitting, the code entered is also MD5 encrypted and checked with the one in the session. Tijnema
-- Alain ------------------------------------ Windows XP SP2 PostgreSQL 8.1.4 Apache 2.0.58 PHP 5
-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
