Register with Captcha to Administer Customer Records PHP Captcha Script
The scripts in the two link groups below are Customer Apps for Dealing with Product Keys and Email Addresses, and Administrator Apps for Dealing with Customer Records.
In our ecommerce world, products are sold by many different methods. Amongst these are getting out demos in various ways and when people try them, some of them are very pleased and they buy what's called a key. This unlocks the full feature set of the product when they enter it. There is a need to give the product users limited access to perform a few functions such as changing their emails, retrieving their keys from our database when they misplace them, etc. There is also a need for administrative functions to manage customer records. One needs to sort them, edit them, delete them, add them, view them, search them, register to be an administrator, login as administrator, etc.
If an ecommerce company does not have any of the applications below, it is forced to perform them the 20th century ways—by hand. This means paying for people to answer phones, write emails, keep paper files of customers, etc. The 21st century way is to let software perform these tasks, let websites and videos explain the product features, and let ecommerce close the sale and send the product.
Feel free to use these free Customer Records Management scripts in your business. Note: we know they work well for us (they are well tested), but we assume no liability for how they work in your situation. Similarly, we added lots of security measures such as extensive input filtering, but we make no claims and assume no liability for how securely they work in your situation.
The best security measure to take when using the administrative part of a system like this (meaning the Administrator Apps for Dealing with Customer Records in which category the script below resides, not the Customer Apps for Dealing with Product Keys and Email Addresses) is do not have any links ANYWHERE that link to the URLs of any of the admin files on the server, so neither hackers nor Google finds them. Then use the admin CMS yourself but do not even let your momma use it. Don't even save the link to the admin login as a Favorite, just to be secure. Just stick the login username and password in Roboform and make them impossible to guess. Then use Roboform to logon. The Customer Apps are included online and linked to as part of the product web pages that make life easier for everyone. Their security is mainly handled via extreme input filtering. The Admin Apps like the one below are hidden, unlinked to, and well protected with security measures, password hashes and salts, etc.
This script is called captcha-with-sessions-customer-for-records-management.php
Customer Apps for Dealing with Product Keys and Email Addresses
- Customer Email Address Change Form
- Customer Email Address Change Form PHP Script
- Customer Product Key Retrieval Request Form
- Customer Product Key Retrieval Request Form PHP Script
- Customer Form — We Manually Search for Your Key If You Lost Your Key During the Week You Ordered
- Customer Form — We Manually Search for Your Key If You Lost Your Key During the Week You Ordered PHP Script
- Customer Form — We Manually Search for Your Key
- Customer Form — We Manually Search for Your Key PHP Script
Administrator Apps for Dealing with Customer Records
- Customer Records Management PHP Script
- Sort Customer Records by Name PHP Script
- Sort Customer Records by Email PHP Script
- Add Customer Records PHP Script
- Delete Customer Records PHP Script
- Edit Customer Records PHP Script
- View Customer Records PHP Script
- Login to Customer Records Management PHP Script
- Logout of Customer Records Management PHP Script
- Register with Captcha to Administer Customer Records PHP Script
- Register with Captcha to Administer Customer Records PHP Captcha Script
- Check ID for Customer Records Management PHP Script
- Display Emails and Names (for spreadsheet use) PHP Script
The script captcha-with-sessions-customer-for-records-management.php creates three things: an arithmetic problem composed of a 1-digit number being added to or substacted from a 2-digit number; a PNG image of that arithmetic problem complete with font choice, background color, and border, which gets displayed on the browser screen; and a session variable which contains the answer to this arithmetic problem: $_SESSION['a__________a'].
The purpose of this script is to provide a captcha script for registration and login so administrators are allowed entrance into customer records management apps.
It's nice to know that the HTML gurus don't mind an image tag with a PHP script instead of an image file whose extension is png, jpg, or gif. It's sure convenient!
The captcha script was fun to write but we must confess that the "sessions at the end of the script" necessity threw us for quite a while! Who knew? The header('Content-Type: image/png') declaration limits what you can do in your PHP scripting as long as the created image is among the living. So, nuts to sessions and the echo() function while the image's heart is still beating. Once you drive a stake through it, you can program normally. Echo() is about outputting text to the browser screen. PHP doesn't like to see that you are outputting text if you told it you're outputting an image. But once the image is kaput, you may output normally. There may be a few restrictions because of that header, but sessions (after image destruction) is not one of them.
In the script, we are trying for a random captcha. So we use the PHP function mt_rand(). The mt_rand() function returns a random integer using the Mersenne Twister algorithm. The two numbers one usually puts into the parameters are the lowest and highest integers, inclusively, that you want the function to return. Our first two uses of the function give us the digits we will be adding or subtracting, while the third use is to get a number to help us decide whether we will add or subtract. So we stick "minus" or "plus" into $a, depending on whether the number is greater than 4, since we limited it to 0 through 9. So, depending on whether $a is "minus" or "plus", we add or subtract the numbers and put the result in $s. Then we build the captcha question and put this result in $w.
In informing PHP about our font choice, $font = 'Holisb__.ttf' is used. This assumes you loaded the font into the folder your script is in. We use the PHP GD Library function imagecreatetruecolor() after defining its size. Then we use the function imagecolorallocate() to define some RGB colors. We fill the image with gray using imagefill(). Then we use imageline() to draw a border. Next we use imagettftext() to draw the captcha text into the image using TrueType fonts. We output the image with imagepng(), then kill it in memory—but not its output in the browser—with imagedestroy().
We had previously started up sessions, so now we can stick our correct captcha answer in our session variable $_SESSION['a__________a'], and that's it. The image is on the screen and out of memory and the correct answer is now available to scripts via that session variable, which we will be comparing with the user's input.
We use this captcha script with these, and other, scripts:
Login to Customer Records Management PHP Script
Register with Captcha to Administer Customer Records PHP Script
HTML Form Creator—Register with Captcha
HTML Form Creator—Login to Profile and Account Management
Register Group with Captcha
Edit Group Profile
Login to MC Search and Match Profile and Account Management
MC Questionnaire Login
We like captchas. We used the official captcha method in our Personal Status Board (PSB™) scripts, but designed a less cumbersome method for our Customer Records Administration and HTML Form Creator registration and login scripts.
Take a gander at the captcha code: <IMG SRC="captcha-with-sessions.php" alt='captcha'>. A pretty strange type of image, to be sure! Browsers do NOT mind PHP scripts sitting in for PNG, BMP, GIF, or JPG images, believe it or not. The message "If you see no Captcha, disable your ad blocker" is displayed near the captcha in our Customer Records Administration and HTML Form Creator registration and login scripts because ad blockers with strong settings may knock the captcha out of the form. But Pop-up Blockers do not molest our captcha since it is NOT a pop-up (nor is it an ad but those ad blocker ass clowns don't know the difference!). It's a random PNG image created using functions from the GD library, which is in all recent PHP versions. (To use the recommended bundled version of the GD library, which was first bundled in PHP 4.3.0, get your server hosts to use the configure option "--with-gd". Most already do this.)
The captcha image uses the font Holisb__.ttf, which is the Holiday Springs BTN True Type Font (get at MyFonts.com), but you may use other types if you wish. If you find arial.ttf in your C:\WINDOWS\Fonts\ directory on your computer, make sure it is in your folder with your PHP scripts on your server. Holisb__.ttf does a much cooler job, and will be harder for any automatic spambot script to read (and get the right answer for the arithmetic problem). For the captcha script, see below.
This script below is called captcha-with-sessions-customer-for-records-management.php
$w="What is ".$r." ".$a." ".$i." ? ";
$font = 'Holisb__.ttf';//Holiday Springs BTN True Type Font (get at MyFonts.com)
$wide = 210;
$high = 41;
$picture = imagecreatetruecolor($wide,$high);
$gray = imagecolorallocate($picture,223,223,223);
$red = imagecolorallocate($picture,255,128,128);
$black=imagecolorallocate($picture, 0, 0, 0);
imageline($picture, 0, 0, 0, $high, $black);
imageline($picture, 0, 0, $wide, 0, $black);
imageline($picture, $wide-1, 0, $wide-1, $high-1, $black);
imageline($picture, 0, $high-1, $wide-1, $high-1, $black);
imagettftext($picture, 20, 0, 11, 27, $red, $font, $w);
imagettftext($picture, 20, 0, 10, 26, $black, $font, $w);
$_SESSION['a__________a'] = $s;