Make Your Own Security Question System


I got this idea some weeks back and I decided to make it and implement it to a few of my projects. You can easily make your own security question using this tutorial. It's a very simple system when you look at it, because it simply uses arrays.

Question.php

PHP Code:
function get_capt()
{
    
$num rand(1,2);
    if (
$num == 1)
    {
        
$a getarr1();
        
$_SESSION['capt'] = $a['a'];
        return 
$a;
    }
    if (
$num == 2)
    {
        
$a getarr2();
        
$_SESSION['capt'] = $a['a'];
        return 
$a;
    }
}

function 
getarr1()
{
    
$num rand(1,2);
    
$arr null;
    switch(
$num)
    {
        case 
1:
        
$arr = array(
        
"q" => "Finish the phrase 'cool story ___'",
        
"a" => "bro"
        
);
        break;
      
        case 
2:
        
$arr = array(
        
"q" => "How many pieces are on a chess board at the beginning?",
        
"a" => 32
        
);
        break;
    }
    return 
$arr;
}

function 
getarr2()
{
    
$num rand(1,2);
    
$arr null;
    switch(
$num)
    {
        case 
1:
        
$arr = array(
        
"q" => "How many months are in a year?",
        
"a" => 12
        
);
        break;
      
        case 
2:
        
$arr = array(
        
"q" => "How many letters are in the alphabet?",
        
"a" => 26
        
);
        break;
    }
    return 
$arr;
}
?>

As you can see, it all works on generating a random number, then running a switch statement based on the random number that was generated. There's no "default" in the switch statement because there's no need for it.

Now, in our register.php, we will include this piece of code at the top of our Register.php file. You must of course, know about sessions.
 

TIP: "session_start();" must be the first line of the file, after "<?php", of course.
 

Register.php

PHP Code:
<?php
session_start
();
require_once(
"Question.php");//Your button name should be 'signup' for this to work,
//Or just have any <input> with the name signup, preferably a hidden one.
if ($_POST['signup'])
{
    if (!
$_POST['capt'])
    {
        
$err.="Incorrect captcha!";
    }
    else
    {
        if (
$_POST['capt'] !== $_SESSION['capt'])
        {
            
$err.="Incorrect captcha!";
        }
    }
}
?>

Now, in our <form> tags in Register.php, you need to include this somewhere there:

PHP Code:
<tr>
    <
td>
        
$ques get_capt(); echo $ques['q'];
        <
br/><input type="text" name="capt"/><br/><input type="submit" name="signup" value="Submit"/>
<?
php echo $err;?>    </td>
</tr> 

There you go. You now have a working Security Question script to use on your site. Try it out.
All credit goes to me, I was sitting down wondering how to better secure my site, and this just came to me. Of course, you should include more questions and answers, but this is a good tutorial for those who want extra security,

Note: This isn't really for beginners who don't know about arrays, functions, or sessions.

G+

0 comments:

Post a Comment