# Adding a sentinel page to my website

Tags:
1. Apr 11, 2014

### Jamin2112

I just started learning PHP yesterday and I'm not sure how to do what I'm trying to do.

I made, as a test page, this: http://jaminweb.com/sentinel.php [Broken]

using a PHP captcha generator I got from GitHub and modified for my own usage. I'm gonna use a slight hack so my index.html reroutes to sentinel.php ... This is necessary because my web hosting service requires an index.html. Anyhow, my goal is that, when and only when the captcha has been solved, access to all my other pages is allowed. That way someone can't shortcut by going to http://jaminweb.com/projects.html [Broken] and bypassing the sentinel page.

How do I do this?

Last edited by a moderator: May 6, 2017
2. Apr 11, 2014

### Staff: Mentor

You can include a common header file everywhere that handles the captcha thing: store somewhere (cookie, session(, url), ...) that the user solved the captcha and check for this information for every loaded page. If "captcha solved" is not there, show the captcha instead of the actual page.

3. Apr 11, 2014

### Jamin2112

I'll make an attempt at doing that.

4. Apr 15, 2014

### Jamin2112

Code (Text):

<?php
session_start();
if(!isset($_SESSION['captcha']) ||$_SESSION['captcha'] != 1)
{
exit;
}
?>

to the top of my pages and it seems to be working. I'll let you guy know about any problems I run into and can't figure out on my own.

5. Apr 16, 2014

### Jamin2112

The captcha generator I'm using isn't working 100% of the time. Sometimes I'll type in the correct text and it will not accept it as correct. I'm trying to figure out why.

See if it works for you: www.jaminweb.com [Broken]

Here's the source code for my sentinel page:

Code (Text):

<!DOCTYPE html>
<!--
Source code modified for my usage
-->
<html>
<?php
session_start();
$_SESSION['captcha'] = 0;$_SESSION['count'] = time();
$image; ?> <title>Sentinel page</title> <link href="style.css" rel="stylesheet" type="text/css"> <script src="jsfunctions.js" type="text/javascript"></script> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> </head> <body> <div id="logo_bubble"> <span>J</span> <span>a</span> <span>m</span> <span>i</span> <span>n</span> <span>W</span> <span>E</span> <span>B</span> </div> <div class="header"> <p id="sentheader">00011101010000110101010</p> </div> <div class="maincontent"> <h1> Welcome! </h1> <hr> <p> Before entering, I need to make sure you're human. </p> <div id="questdiv"> <?php$flag = 5;
if (isset($_POST["flag"])) {$input = $_POST["input"];$flag = $_POST["flag"]; } if ($flag == 1) {
if ($input ==$_SESSION['captcha_string']) {
?>

<div>
<h3>Ok, you're probably human.</h3>
<h3><a href="homepage.php">Enter JaminWEB</a></h3>
<?php
$_SESSION['captcha'] = 1; ?> <!-- <form action=" <?php /* echo$_SERVER['PHP_SELF']; */ ?>" method="POST">
<input type="submit" value="Enter Homepage" class="sentipt"\>
</form>
-->
</div>

<?php

} else {
?>

<div align="center">
</div>

<?php
create_image();
display();
}
} else {
create_image();
display();
}

function display()
{
?>

<div>
<div align="center"><h3>Type in the text you see below.</h3></div>
<div align="center"><img src="image<?php echo $_SESSION['count'] ?>.png" id="capimg" style="border: 0px"></div> <form action=" <?php echo$_SERVER['PHP_SELF']; ?>" method="POST"/ >
<div align="center"><input type="text" name="input" id="sentipt" style="width: 300px;"/></div>
<div align="center"><input type="hidden" name="flag" value="1" class="sentipt"/></div>

<div align="center"><input type="submit" value="submit" name="submit" class="sentipt"/></div>
</form>
<!--
<form action=" <?php echo $_SERVER['PHP_SELF']; ?>" method="POST"> <input type="submit" value="refresh the page" class="sentipt"/> </form> --> </div> <?php } function create_image() { global$image;
$image = imagecreatetruecolor(200, 50) or die("Cannot Initialize new GD image stream");$background_color = imagecolorallocate($image, 255, 255, 255);$text_color = imagecolorallocate($image, 180, 4, 4);$line_color = imagecolorallocate($image, 249, 198, 36);$pixel_color = imagecolorallocate($image, 180, 4, 4); imagefilledrectangle($image, 0, 0, 200, 50, $background_color); for ($i = 0; $i < 3;$i++) {
imageline($image, 0, rand() % 50, 200, rand() % 50,$line_color);
}

for ($i = 0;$i < 1000; $i++) { imagesetpixel($image, rand() % 200, rand() % 50, $pixel_color); }$letters = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz';
$len = strlen($letters);
$letter =$letters[rand(0, $len - 1)];$text_color = imagecolorallocate($image, 0, 0, 0);$word = "";
for ($i = 0;$i < 6; $i++) {$letter = $letters[rand(0,$len - 1)];
imagestring($image, 7, 5 + ($i * 30), 20, $letter,$text_color);
$word .=$letter;
}
$_SESSION['captcha_string'] =$word;

$images = glob("*.png"); foreach ($images as $image_to_delete) { @unlink($image_to_delete);
}
imagepng($image, "image" .$_SESSION['count'] . ".png");

}

?>
</div>
</div>
<div class="footer">
<p><span class="yellow_highlight">Last updated:</span> 04/02/2014</p>
</div>
<script type="text/javascript">
</script>
</body>

</html>

Note that I copied some code from a GitHub page and modified it. I thought I had made sure not to modify anything that would affect the functionality of the captcha.

Last edited by a moderator: May 6, 2017
6. Apr 16, 2014

### Staff: Mentor

Functions in the middle of code that outputs something are confusing. And you shouldn't use Il O as letters as they can be misleading.
The first $letter =$letters[rand(0, \$len - 1)]; is pointless.

Did you compare the stored word with the userinput as debug output? That would help to find the error.

7. Apr 16, 2014

### Oz Ramos

session_start() has to come before any byte of HTML output. Move session_start() above the DOCTYPE declaration and you're golden.

Last edited: Apr 16, 2014
8. Apr 17, 2014

### Jamin2112

9. Apr 17, 2014

### Oz Ramos

Oh I see how you might have mixed things up a little.

In HTML5, you don't technically need a <!doctype>, an <html> tag, a <head> tag, or even a <body> tag. The <title> tag is the only element that should be included in every document (I think this will fail W3C Validation), though again, this isn't a strict rule. In his example, he omits the doctype and <html>, and <head> tag completely which, again, is perfectly legal.

When you added it in above the session_start(), you actually had already written to the output stream (with the doctype and the <html>, and <head> tags). Because it's already been written to, you can't modify session variables, headers, and a few other things.

Note that even a space before the session_start() would prevent you from starting the session.

10. Apr 17, 2014

### Staff: Mentor

It is even worse - saving file as UTF-8 with BOM is enough to break whole thing.