Dismiss Notice
Join Physics Forums Today!
The friendliest, high quality science and math community on the planet! Everyone who loves science is here!

Adding a sentinel page to my website

Tags:
  1. Apr 11, 2014 #1
    I just started learning PHP yesterday and I'm not sure how to do what I'm trying to do.

    I made, as a test page, this: http://jaminweb.com/sentinel.php [Broken]

    using a PHP captcha generator I got from GitHub and modified for my own usage. I'm gonna use a slight hack so my index.html reroutes to sentinel.php ... This is necessary because my web hosting service requires an index.html. Anyhow, my goal is that, when and only when the captcha has been solved, access to all my other pages is allowed. That way someone can't shortcut by going to http://jaminweb.com/projects.html [Broken] and bypassing the sentinel page.

    How do I do this?
     
    Last edited by a moderator: May 6, 2017
  2. jcsd
  3. Apr 11, 2014 #2

    mfb

    User Avatar
    2016 Award

    Staff: Mentor

    You can include a common header file everywhere that handles the captcha thing: store somewhere (cookie, session(, url), ...) that the user solved the captcha and check for this information for every loaded page. If "captcha solved" is not there, show the captcha instead of the actual page.
     
  4. Apr 11, 2014 #3
    I'll make an attempt at doing that.
     
  5. Apr 15, 2014 #4
    Yea, I've started adding

    Code (Text):

    <?php
    session_start();
    if(!isset($_SESSION['captcha']) || $_SESSION['captcha'] != 1)
    {
        header('Location: sentinel.php');
        exit;
    }
    ?>
     
    to the top of my pages and it seems to be working. I'll let you guy know about any problems I run into and can't figure out on my own.
     
  6. Apr 16, 2014 #5
    The captcha generator I'm using isn't working 100% of the time. Sometimes I'll type in the correct text and it will not accept it as correct. I'm trying to figure out why.

    See if it works for you: www.jaminweb.com [Broken]

    Here's the source code for my sentinel page:

    Code (Text):

    <!DOCTYPE html>
    <!--
    Captcha generator borrowed from here: https://gist.github.com/Swader/9050789
    Source code modified for my usage
    All rights reserved to user Swader
    -->
    <html>
    <head>
        <?php
        session_start();
        $_SESSION['captcha'] = 0;
        $_SESSION['count'] = time();
        $image;
        ?>
        <title>Sentinel page</title>
        <link href="style.css" rel="stylesheet" type="text/css">
        <script src="jsfunctions.js" type="text/javascript"></script>
        <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
    </head>
    <body>
        <div id="logo_bubble">
            <span>J</span>
            <span>a</span>
            <span>m</span>
            <span>i</span>
            <span>n</span>
            <span>W</span>
            <span>E</span>
            <span>B</span>
        </div>
        <div class="header">
            <p id="sentheader">00011101010000110101010</p>
        </div>
        <div class="maincontent">
        <h1>
            Welcome!
        </h1>
        <hr>
        <p>
            Before entering, I need to make sure you're human.  
        </p>
        <div id="questdiv">
        <?php
        $flag = 5;
        if (isset($_POST["flag"])) {
            $input = $_POST["input"];
            $flag = $_POST["flag"];
        }
         
        if ($flag == 1) {
            if ($input == $_SESSION['captcha_string']) {
                ?>
         
                <div>
                    <h3>Ok, you're probably human.</h3>
                    <h3><a href="homepage.php">Enter JaminWEB</a></h3>
                    <?php
                        $_SESSION['captcha'] = 1;
                    ?>
                    <!--
                    <form action=" <?php /* echo $_SERVER['PHP_SELF']; */ ?>" method="POST">
                        <input type="submit" value="Enter Homepage" class="sentipt"\>
                    </form>
                    -->
                </div>
         
            <?php
         
            } else {
                ?>
         
                <div align="center">
                    <h3><span style="color: #DF0101">Your answer is incorrect!</span> Please try again.</h3>
                </div>
         
                <?php
                create_image();
                display();
            }
        } else {
            create_image();
            display();
        }
         
        function display()
        {
            ?>
         
            <div>
                <div align="center"><h3>Type in the text you see below.</h3></div>
                <div align="center"><img src="image<?php echo $_SESSION['count'] ?>.png" id="capimg" style="border: 0px"></div>
                <form action=" <?php echo $_SERVER['PHP_SELF']; ?>" method="POST"/ >
                <div align="center"><input type="text" name="input" id="sentipt" style="width: 300px;"/></div>
                <div align="center"><input type="hidden" name="flag" value="1" class="sentipt"/></div>
               
                <div align="center"><input type="submit" value="submit" name="submit" class="sentipt"/></div>
                </form>
                <!--  
                <form action=" <?php echo $_SERVER['PHP_SELF']; ?>" method="POST">
                    <input type="submit" value="refresh the page" class="sentipt"/>
                </form>
                -->
            </div>
         
        <?php
        }
         
        function  create_image()
        {
            global $image;
            $image = imagecreatetruecolor(200, 50) or die("Cannot Initialize new GD image stream");
         
            $background_color = imagecolorallocate($image, 255, 255, 255);
            $text_color = imagecolorallocate($image, 180, 4, 4);
            $line_color = imagecolorallocate($image, 249, 198, 36);
            $pixel_color = imagecolorallocate($image, 180, 4, 4);
         
            imagefilledrectangle($image, 0, 0, 200, 50, $background_color);
         
            for ($i = 0; $i < 3; $i++) {
                imageline($image, 0, rand() % 50, 200, rand() % 50, $line_color);
            }
         
            for ($i = 0; $i < 1000; $i++) {
                imagesetpixel($image, rand() % 200, rand() % 50, $pixel_color);
            }
         
         
            $letters = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz';
            $len = strlen($letters);
            $letter = $letters[rand(0, $len - 1)];
         
            $text_color = imagecolorallocate($image, 0, 0, 0);
            $word = "";
            for ($i = 0; $i < 6; $i++) {
                $letter = $letters[rand(0, $len - 1)];
                imagestring($image, 7, 5 + ($i * 30), 20, $letter, $text_color);
                $word .= $letter;
            }
            $_SESSION['captcha_string'] = $word;
         
            $images = glob("*.png");
            foreach ($images as $image_to_delete) {
                @unlink($image_to_delete);
            }
            imagepng($image, "image" . $_SESSION['count'] . ".png");
         
        }
         
        ?>
        </div>
        </div>
        <div class="footer">
            <p><span class="yellow_highlight">Last updated:</span> 04/02/2014</p>
        </div>
        <script type="text/javascript">
            window.setInterval("set_head_bckgd()",200);
        </script>
    </body>

    </html>
     
    Note that I copied some code from a GitHub page and modified it. I thought I had made sure not to modify anything that would affect the functionality of the captcha.
     
    Last edited by a moderator: May 6, 2017
  7. Apr 16, 2014 #6

    mfb

    User Avatar
    2016 Award

    Staff: Mentor

    Functions in the middle of code that outputs something are confusing. And you shouldn't use Il O as letters as they can be misleading.
    The first $letter = $letters[rand(0, $len - 1)]; is pointless.

    Did you compare the stored word with the userinput as debug output? That would help to find the error.
     
  8. Apr 16, 2014 #7
    session_start() has to come before any byte of HTML output. Move session_start() above the DOCTYPE declaration and you're golden.
     
    Last edited: Apr 16, 2014
  9. Apr 17, 2014 #8
  10. Apr 17, 2014 #9
    Oh I see how you might have mixed things up a little.

    In HTML5, you don't technically need a <!doctype>, an <html> tag, a <head> tag, or even a <body> tag. The <title> tag is the only element that should be included in every document (I think this will fail W3C Validation), though again, this isn't a strict rule. In his example, he omits the doctype and <html>, and <head> tag completely which, again, is perfectly legal.

    When you added it in above the session_start(), you actually had already written to the output stream (with the doctype and the <html>, and <head> tags). Because it's already been written to, you can't modify session variables, headers, and a few other things.

    Note that even a space before the session_start() would prevent you from starting the session.
     
  11. Apr 17, 2014 #10

    Borek

    User Avatar

    Staff: Mentor

    It is even worse - saving file as UTF-8 with BOM is enough to break whole thing.
     
Know someone interested in this topic? Share this thread via Reddit, Google+, Twitter, or Facebook




Similar Discussions: Adding a sentinel page to my website
Loading...