Hi, Guest ~ Login or Register

Stopping multiple signups

Stopping multiple signups

Listed In PHP and MySQL » Systems and Features — Viewing Full Tutorial
Integrating measures to stop bots from exploiting your forms is quite simple and very easy when using this code.

First of all you'll need PHP, I recommend version 5.

Secondly, you'll need it to be compiled with the GD library.

I'm going to have to go through this just brushing on your user systems as I don't know how they've been made, but I'll go through the logic and what you'll have to do.

1) Make a new file, call it generatecode.php and shove this in it:<?php
header("Content-type: image/png");

$code = $_GET['code'];

$width = 90;

$height = 30;

$im = @imagecreatetruecolor($width, $height)

or die("Image creation b0rked");

for ($i = 0; $i < 250; $i++) {

  $rx1 = rand(0,$width);

  $rx2 = rand(0,$width);

  $ry1 = rand(0,$height);

  $ry2 = rand(0,$height);

  $rcVal = rand(0,255);

  $rc1 = imagecolorallocate($im,

  rand(0,255),

  rand(0,255),

  rand(0,250));

  imageline ($im, $rx1, $ry1, $rx2, $ry2, $rc1);

}

$text_color = imagecolorallocate($im, rand(200,255), rand(0,100), rand(0,100));

$white = imagecolorallocate($im,255,255,255);

imagestring($im, 1, 5, 5, "$code", $text_color);

imagettftext($im, 20, -2, 10, 25, $text_color, $font, $code); // Write the text with a font

imageline($im,5,15,80,20,$white);

imagepng($im);

imagedestroy($im);

?>

2) Link to this image in your signup script and put a form field next to it. Something like this: <?
$unique = rand(100000,999999);
?>
<img src="generatecode.php?code=<?=$unique?>" width="90" height="30" />

3) Make a copy of the unique variable in a hidden input tag:<input type="hidden" name="uniqt" id="uniqt" value="<?=$unique?>" />

4) Now when the user submits the form, check the value against the hidden input value. If it matches, continue. If it doesn't, exit.

That's about it really, to make it more secure you could also stop the page from loading in itself (i.e. making the process page a different page, not <?=$PHP_SELF?>) and then redirecting it to a different page.

Other methods would be to allow one submission per IP, email address or username. I've used this method on this site and it's so far stopped a few attacks from that Matt guy..

Working Beta

  1. The Forums
    These are mostly functional. If you see any weird bugs, post a thread about it and an administrator will do something.
  2. Tutorial Writing
    You can now submit tutorials to the brand new management system.
  3. Tutorials Home
    View tutorials by categories and search for them here.
  4. Shoutbox
    See below. Registered users only!

Register

Newest User

Say hi to kapricon! kapricon joined on Wednesday, 24th December.

Sponsor

Shoutbox