Authenticating an input based on a security image

Top Japanese page




Overview

Authenticate based on input information from CAPTCHA image. For generating a security image, refer to Making a security image.

Flow

  1. Load GD::SecurityImage::AC
  2. Make an object of GD::SecurityImage::AC
  3. Define database folder
  4. Check the given text and MD5 text to see they are consistent
  5. Process based on the result of the aunthentication above

A sample code

 use GD::SecurityImage::AC;
 
 my $captcha = GD::SecurityImage::AC->new;
 
 my $capdatadir = "capdata";
 $captcha->data_folder($capdatadir);
 
 my $result = $captcha->check_code($in{intext},$in{capmd5});
 
 if ($result == 0){
     die "Failed to check the code.";
 } elsif ($result == -1){
     die "The code has already been expired.";
 } elsif ($result == -2){
     die "Invalid code.";
 } elsif ($result == -3){
     die "The code does not match.";
 }

Description of the code

First of all, an input form which has a security image must pass necessary parameters. The input form should have the following code.

 print "<form action=\"capcheck.cgi\" method=\"post\">\n";
 print "<img src=\"$capdatadir/$md5sum.png\"><br>\n";
 print "<input type=\"hidden\" name=capmd5 value=\"$md5sum\">\n";
 print "Please entery the above letters into the following text box.<br>";
 print "<input type=\"text\" name=intext size=10><p>\n";
 print "</form>\n";

In this example, the authentication script is called capcheck.cgi. Refer toMaking a security image for detail.

 use GD::SecurityImage::AC;

Load GD::SecurityImage::AC. This module is original developped to be replaced from Authen::Captcha and according to the document of this module, it recommends to use GD::SecurityImage directly. However, since it is too convenient to handle GD::SecurityImage through GD::SecurityImage::AC, this sample uses it.

 my $captcha = GD::SecurityImage::AC->new;

Generates an object of GD::SecurityImage::AC.

 my $capdatadir = "capdata";
 $captcha->data_folder($capdatadir);

Specify a database folder. This falder name must be the same name as the one specified in a script to generate a security image.

 my $result = $captcha->check_code($in{intext},$in{capmd5});

Assuming $in{intext} contains text came from an input form, and $in{capmd5} contains a MD5 text passed from the input form through hidden input form. Check those text using check_code method. The result is stored into $result. The value of the $result could be one of;

   1 : Success
   0 : Failed (file error)
  -1 : Authentication error : Code expired
  -2 : Authenticatoin error : Invalid code(No code in the database)
  -3 : Authentication error : Invalid code(Do not match text with security image)
 if ($result == 0){
     die "Failed to check the code.";
 } elsif ($result == -1){
     die "The code has already been expired.";
 } elsif ($result == -2){
     die "Invalid code.";
 } elsif ($result == -3){
     die "The code does not match.";
 }

Do proper processing based on the result.