User Personalization with PHP: The Verification Code | WebReference

User Personalization with PHP: The Verification Code

By J. Leidago Noabeb


This article is Part 2 of User Personalization with PHP: Beginning the Application.

In this article, we will be looking at user authentication. User authentication simply means verifying that a particular user has the right to access a part of our application. Because our application deals with user preferences, access control is even more pertinent especially since multiple users are going to try to access this application at any given time. To ensure that each user is treated as individual with their preferences loaded when they access the application, we are going to require some login information from the user. This information includes a username and password, which will be unique to each user. To track user activity we will make use of PHP's session management functionality. The authentication section of the application consists of about six scripts:

  • login.php - This script is responsible for verifying a users login credentials. It presents the user with an HTML form that requires, among other things, a username and password, which must be entered in the form for validation. The script also starts or opens a session for the user upon successful login.
  • logout.php - Simply logs a user out of the application and terminates any sessions that were created for the user.
  • register.php - Adds new users to our site.
  • activate.php - This script activates a new user's account.
  • numgen.php - Generates a verification code for the login form.
  • forgot_pass.php - Resets a forgotten password.

Access control in most cases, exists to make your application or resource more secure and to keep unwanted guests (such as hackers) out. As part of overall access control, we are going to add code to our login script, which will require the user to enter a code in addition to their username and password. This code will be contained in a script called numgen.php, which will be included on the login page. We've already mentioned previously that this is a pretty effective way of stopping automated logon by means of robots. The rest of the article will look at how to implement this functionality in this application

The Verification Code

As an added bonus, I've mentioned that there will be a verification code line on the login form so that we prevent automatic login by robots. Best of all, this script does not require any database interaction thus saving you resources and giving fast execution. We are going to implement it but I want to show two ways in which it is done. First, you can create your own image, print the number on it and then display it in the login form. This way of doing things slows your script somewhat. Alternatively, you can simply create a function that displays a random number and display it. This way is faster and my preferred way. The difference (apart from speed) is that with the first method, you can add pictures to your verification code and make it look nice. So to be fair, we will look at how to create a verification code using this method. Since the second method is my preferred method, I've already implemented it in the application. Whichever method you chose to use, each time you refresh your browser a new code will be generated.

To use the first method, you will need to check if the GD library is enabled in your version of PHP. I'm using PHP 5 and it is automatically enabled. To test if the library is enabled, run the following code:

The script basically checks if a function called imagecreate() is loaded. This function is part of the GD library and should be loaded and accessible if the library is loaded. Depending on your version of PHP, and whether the GD library is enabled, you should get a result similar to the one below:

If you don't get a similar result then simply open up your PHP configuration file and go to the section that list all your extensions; it should look something like this:

and uncomment the following line:

Depending on what version of PHP you have, the extensions list might look different; either way, look for the GD library. Also, make sure that the DLL file is actually in your extensions folder. Once you've enable the GD library and all is well, the first thing we need to do is to create the verification image. Below is the code that does this: