FRIHOST FORUMS SEARCH FAQ TOS BLOGS COMPETITIONS
You are invited to Log in or Register a free Frihost Account!


Dynamic PHP Images





Scott
Are PHP images a security threat? I noticed they don't work on these forums.
(I tried to post my random-image signature, but it doesn't work.)

I would like to know if I should disable .php files in [IMG] tags on my own forum.
Crackr
well man i dont gotta clue what the heck image comes in .PHP format....

when in PHP files all your images are either in .JPG .GIF .PNG not .php
a .php extension is a Text File, there is NO images that are in .php format, i know the type of signature you made and you made it in php-coding, but it is however a text file that contains php coding, html coding, but not actuall images, there fore your [IMG] tags are rendered useless, cause your not calling an image, your calling a Text File..

and not all .php files are a security threat, the only files you should be worried about is config.php and stuff like that, major files that have a big part in your website, the best thing would to be install a Nuke Sentinel Module into your site, as well as a few File Protectors


good luck with what your tryin to do man
Ranfaroth
Crackr wrote:
well man i dont gotta clue what the heck image comes in .PHP format....

when in PHP files all your images are either in .JPG .GIF .PNG not .php
a .php extension is a Text File, there is NO images that are in .php format
Abolutly wrong.
You can output what you want with PHP, including images... Rolling Eyes

Scott : no, there are not security threat, except if you allow user to post relative links. In this case, if your board is unsecure (like phpBB), a user will be able to do some bad things (like delete a post). But even with PHP images forbidden, it's still possible to do that...
So, the security doesn't come from PHP images, but from the board itself.
izcool
PHP Images **can** be a threat if you don't program them properly. They're commonly used as security methods to prevent bots from filling out registration forms and submitting false information.

That sorta depends, it's better to have them on registration forms than not to. You have to program them difficult enough for bots not to "read" the images and fill in the numbers or follow the directions that your image is outputting.

If anyone's interested in doing this for their site, make sure that the GD Library is enabled on your web server. If not, then contact your web host and ask them to enable it. You can check to see if it's enabled by running the phpinfo() command on a test page.

Hope this clears up anything.

- Mike.
Maka
I added a .php image to my sig that shows my forum statistics etc but it didnt work.
charliehk
I know that GD is enabled here. So could u post your program here to let some of us investigate?
izcool
Yeah sure, take a look at :

http://izcool.frihost.net/test2.php

Here's the source code of a sample image verification method that I've used on a few sites that I've worked for :

Code:
<?php

// Start Image Verification Source Codes //

header("Content-type: image/png");
$image = @imagecreate (310, 180) or exit("Cannot Initialize new GD image stream");

global $directions1;

$session_vars = explode(":", $directions1);

$text = base64_decode($session_vars[0]);
$text2 = base64_decode($session_vars[1]);
$text3 = base64_decode($session_vars[2]);
$text4 = base64_decode($session_vars[3]);
$text5 = base64_decode($session_vars[4]);

if(!$session_vars){
$text = "- Sorry, but there was an error";
$text2 = " when trying to create the";
$text3 = " image.  Please check to see if ";
$text4 = " Cookies are enabled in your";
$text5 = " browser.  Thank You.";
}else{
if($text == "1"){$text = "- Check Box #1";}else{$text = "- Please Leave Box #1 Unchecked";}
if($text2 == "1"){$text2 = "- Check Box #2";}else{$text2 = "- Please Leave Box #2 Unchecked";}
if($text3 == "1"){$text3 = "- Check Box #3";}else{$text3 = "- Please Leave Box #3 Unchecked";}
if($text4 == "1"){$text4 = "- Check Box #4";}else{$text4 = "- Please Leave Box #4 Unchecked";}
if($text5 == "1"){$text5 = "- Check Box #5";}else{$text5 = "- Please Leave Box #5 Unchecked";}
}

$background_color = imagecolorallocate($image, 255, 255, 255);
$text_color = imagecolorallocate($image, 0, 0, 0);
$randomcolor1 = imagecolorallocate($image,  rancolor(),  rancolor(),  rancolor());
$randomcolor2 = imagecolorallocate($image,  rancolor(),  rancolor(),  rancolor());
$randomcolor3 = imagecolorallocate($image,  rancolor(),  rancolor(),  rancolor());


function rancolor(){
return rand(150,225);
}

$points = array(
10,10,
300,170,
300,10,
10,170
);

imagefilledpolygon($image, $points, count($points)/2, $randomcolor1);

imageline($image, 10, 10, 10, 170, $text_color);
imageline($image, 300, 10, 300, 170, $text_color);

imagearc($image, 155, 90, 180, 180, 0, 360, $background_color);
imagefill($image, 155, 90, $randomcolor2);

imagefilledrectangle($image, 90, 20, 210, 160, $randomcolor3);

imageline($image, 90, 20, 90, 160, $background_color);
imageline($image, 210, 20, 210, 160, $background_color);

imagestring($image, 30, 15, 20, $text, $text_color);
imagestring($image, 30, 15, 50, $text2, $text_color);
imagestring($image, 30, 15, 80, $text3, $text_color);
imagestring($image, 30, 15, 110, $text4, $text_color);
imagestring($image, 30, 15, 140, $text5, $text_color);

imagepng($image);

// End Image Verification Source Codes //
?>


There's more to it than that, but that's just the code to make the image. To get the instructions to work, I set a cookie containing random stuff, where they have to check boxes on the registration form to prevent bots.

EDIT :
Forgot to mention, please take note that the source for the image is "test2.php", that page contains the code mentioned above. Another thing that I've incorporated into it is that the colors for the background (it confuses the bots) are random each time it is loaded, so you get different colors every time you refresh it. Neat, isn't it ?

- Mike.
charliehk
Your code is more than neat! It is wonderful!

I think you could teach us somethg about "I set a cookie containing random stuff, where they have to check boxes on the registration form to prevent bots. " and "random background" stuff!

I think I got the solution of your problem, it is related to the setting of .htaccess!

izcool
This is going to take a bit for me to consise the certain parts of that code into something simple enough to show as an example. Smile I'm going to post a working link (and source code if anyone wants it, reply to this post if you do) to show an example of that in full working action.

- Mike.
SystemWisdom
Actually, there is a trick to getting PHP Dynamic Signatures to work with any and all forums... The trick lies in your .htaccess file...

Basically, you will want to add a single line contiaining:
Code:

AddType application/x-httpd-php .gif


That is, of course, if you are using PHP to output a GIF image.. if you are outputting a JPG or other format, then simply change the extension above!

I wrote a tutorial on this exact subject a while ago, and it can be found here: PHP Dynamic Signatures using the GD Module

I hope you find it useful, and as an example, look at my sig! Very Happy
izcool
Ok here's the link to what I compiled as an example :

http://izcool.frihost.net/example/

image.php is the file in which contains the code for generating the Image.
register.php is the file where the form is, give it a go to see it in action.

This is a bit embarrassing for me to endure myself to say, but I found a bug in it when I was compiling that together as an example Razz I haven't fixed it, though I'm surprised I haven't found it until now. You can check all of the boxes that are needed along with any of the ones that aren't needed, and it will work. So it is possible for the bots to get around that (if they found out what I just found out), by checking all of the boxes and getting around it. I had programmed that a few years ago and I have used it on many sites, so it is a shock for me to find that out. Razz Whoops.

The code for image.php is basically the same as the one I had posted above, here's the code for register.php if anyone was interested (take note that I haven't fixed the bug that I explained above in it) :

Code:
<?php

// Start Class 'show' //
class show{

// Start Function 'main' //
function main(){
global $_POST,$_GET;

$rand1 = base64_encode(rand(0,1));
$rand2 = base64_encode(rand(0,1));
$rand3 = base64_encode(rand(0,1));
$rand4 = base64_encode(rand(0,1));
$rand5 = base64_encode(rand(0,1));
setcookie("directionscookie","$rand1:$rand2:$rand3:$rand4:$rand5");

header("Location: $_SERVER[PHP_SELF]?page=registerform");

}
// End Class 'main' //


// Start Function 'registerform' //
function registerform(){
global $_POST,$_GET;

echo"

<center>

<form action='$_SERVER[PHP_SELF]' method='post'>

<b>Image Verification (Follow The Directions)</b><br>
<font size='1'>Please follow the directions in the image below.  If you cannot read the text displayed, then please <a href='$_SETTINGS[maindir]$_SERVER[PHP_SELF]' onClick=\"if(!confirm('Are You Sure ?\\n\\nAre you sure that you wish to refresh the page ?\\nEverything that you have filled-out in this form will be cleared.'))return false;\"><font size='1'>refresh</font></a> the page and you will be given a new set of directions.<br>
If an error appears instead of directions, then you probably do not have cookies enabled.</font><br>
<img src='image.php'><br>

<table border='0' width='100%'><tr valign='top' align='center'>
<td width='20%'><b>Box #1</b><br><input type='Checkbox' name='box1' value='1'></td>
<td width='20%'><b>Box #2</b><br><input type='Checkbox' name='box2' value='1'></td>
<td width='20%'><b>Box #3</b><br><input type='Checkbox' name='box3' value='1'></td>
<td width='20%'><b>Box #4</b><br><input type='Checkbox' name='box4' value='1'></td>
<td width='20%'><b>Box #5</b><br><input type='Checkbox' name='box5' value='1'></td>
</tr></table><br>

<input type='Hidden' name='page' value='process'>
<button type='Submit'>Continue --></button>
</form>

</center>


";

}
// End Class 'registerform' //



// Start Function 'process' //
function process(){
global $_POST,$_GET;

$directionscookie = $_COOKIE[directionscookie];
$directionscookie = explode(":",$directionscookie);

if(base64_decode($directionscookie[0]) == "1"){
if($_POST[box1] != "1"){exit("You did not follow the directions in the Image Verification correctly.  Perhaps you've checked a wrong box ?");}
}
if(base64_decode($directionscookie[1]) == "1"){
if($_POST[box2] != "1"){exit("You did not follow the directions in the Image Verification correctly.  Perhaps you've checked a wrong box ?");}
}
if(base64_decode($directionscookie[2]) == "1"){
if($_POST[box3] != "1"){exit("You did not follow the directions in the Image Verification correctly.  Perhaps you've checked a wrong box ?");}
}
if(base64_decode($directionscookie[3]) == "1"){
if($_POST[box4] != "1"){exit("You did not follow the directions in the Image Verification correctly.  Perhaps you've checked a wrong box ?");}
}
if(base64_decode($directionscookie[4]) == "1"){
if($_POST[box5] != "1"){exit("You did not follow the directions in the Image Verification correctly.  Perhaps you've checked a wrong box ?");}
}

echo"<center>The Image Verification worked and was followed properly.  :)</center>";

}
// End Class 'process' //








}
// End Class 'show' //
$show = new show();

// Start Separating Pages To Their Functions //
if($_GET[page] == "registerform"){$show->registerform();}
elseif($_POST[page] == "process"){$show->process();}
else{$show->main();}

?>


- Mike.
techcheetah
I once found a tutorial for dat on www.sr-ultimate.com ...goto his gmail signature maker or search his blog for such a script..

ANyways many tutorials can be found through google...

search for 'php GD library tutorial'

ENjoi !
Related topics
How to get your dynamic PHP website crawled better by se ?
How To : Secure Your PHP Website
How to create a dynamic PHP website.
I Need some good ideas for my home page.
Quick Question
need a script.
www.Dynamic-Sig.com - Dynamic Signature Images
mySQL starting newb
Battlefield 2142 - Demo out
As you can See My sig is very cool as it is but...
Amazing concept! Looking for guides!
Index page for images, putting them all on one page 50fri$!!
Looking for Dynamic Signature made for #Frih on Dal.Net
Great free photo editor
Reply to topic    Frihost Forum Index -> Computers -> Computer Problems and Support

FRIHOST HOME | FAQ | TOS | ABOUT US | CONTACT US | SITE MAP
© 2005-2011 Frihost, forums powered by phpBB.