<?
header('Content-type: image/jpg');
$allow=strtoupper('abcdefghijlkmnopqrstuvwxyz1234567890');
srand ();
$colors=array("255,255,204","255,255,153","255,255,102","255,255,51",
"255,255,0","255,204,255","255,204,204","255,204,153","255,204,102",
"255,204,51","255,204,0","255,153,255","255,153,204","255,153,153",
"255,153,102","255,153,51","255,153,0","255,102,255","255,102,204","255,102,153",
"255,102,102","255,102,51","255,102,0","255,51,255","255,51,204","255,51,153",
"255,51,102","255,51,51","255,51,0","255,0,255","255,0,204","255,0,153",
"255,0,102","255,0,51","255,0,0","204,255,255","204,255,204","204,255,153",
"204,255,102","204,255,51","204,255,0","204,204,255","204,204,204",
"204,204,153","204,204,102","204,204,51","204,204,0","204,153,255","204,153,204",
"204,153,153","204,153,102","204,153,51","204,153,0","204,102,255",
"204,102,204","204,102,153","204,102,102","204,102,51","204,102,0","204,51,255",
"204,51,204","204,51,153","204,51,102","204,51,51","204,51,0","204,0,255",
"204,0,204","204,0,153","204,0,102","204,0,51","204,0,0","153,255,255","153,255,204",
"153,255,153","153,255,102","153,255,51","153,255,0","153,204,255",
"153,204,204","153,204,153","153,204,102","153,204,51","153,204,0",
"153,153,255","153,153,204","153,153,153","153,153,102","153,153,51","153,153,0",
"153,102,255","153,102,204","153,102,153","153,102,102","153,102,51","153,102,0",
"153,51,255","153,51,204","153,51,153","153,51,102","153,51,51","153,51,0",
"153,0,255","153,0,204","153,0,153","153,0,102","153,0,51","153,0,0","102,255,255",
"102,255,204","102,255,153","102,255,102","102,255,51","102,255,0",
"102,204,255","102,204,204","102,204,153","102,204,102","102,204,51",
"102,204,0","102,153,255","102,153,204","102,153,153","102,153,102","102,153,51",
"102,153,0","102,102,255","102,102,204","102,102,153","102,102,102","102,102,51",
"102,102,0","102,51,255","102,51,204","102,51,153","102,51,102",
"102,51,51","102,51,0","102,0,255","102,0,204","102,0,153","102,0,102",
"102,0,51","102,0,0","51,255,255","51,255,204","51,255,153","51,255,102","51,255,51",
"51,255,0","51,204,255","51,204,204","51,204,153","51,204,102","51,204,51",
"51,204,0","51,153,255","51,153,204","51,153,153","51,153,102","51,153,51","51,153,0",
"51,102,255","51,102,204","51,102,153","51,102,102","51,102,51","51,102,0",
"51,51,255","51,51,204","51,51,153","51,51,102","51,51,51","51,51,0","51,0,255","51,0,204",
"51,0,153","51,0,102","51,0,51","51,0,0","0,255,255","0,255,204","0,255,153","0,255,102",
"0,255,51","0,255,0","0,204,255","0,204,204","0,204,153","0,204,102","0,204,51",
"0,204,0","0,153,255","0,153,204","0,153,153","0,153,102","0,153,51","0,153,0",
"0,102,255","0,102,204","0,102,153","0,102,102","0,102,51","0,102,0","0,51,255","0,51,204",
"0,51,153","0,51,102","0,51,51","0,51,0","0,0,255","0,0,204","0,0,153","0,0,102","0,0,51")
$a='';
$pwFile=file('/path/to/sessionidfile.ext');
if ($_GET['sid']=='') {
  $im = imageCreate(200,50);
  $bg = imagecolorallocate($im,255,255,255);
  $fg = imagecolorallocate($im,100,120,130);
  $borc = imagecolorallocate($im,0,0,0);
  imagefill($im,0,0,$bg);
  imagerectangle($im,0,0,199,49,$borc);
  imagestring($im,8,5,20, 'no session id given',$fg);
  imagejpeg($im);
  imagedestroy($im);
  exit;
}
$myPW='';
$myIndex=-1;
for($i=0; $i<count($pwFile); $i++) {
  list($sid, $pw)=split('=', $pwFile[$i]);
  $pwFile[$i]=rtrim($pwFile[$i]);
  if ($sid==$_GET['sid']) {
    $myIndex=$i;
    $myPW=substr($pw, 0, strlen($pw)-1);
  }
}
$myPW=urldecode($myPW);
/*
the next couple lines can be used to create a new code for the session id.
for($i=0; $i<7; $i++) {
  $newPW.=substr($allow, rand(0, strlen($allow)), 1);
}
if ($myIndex != -1) {
  $pwFile[$myIndex]=$_GET['sid'] . '&' . $newPW .  '&' . $tries;
} else {
  $pwFile[count($pwFile)]=$_GET['sid'] . '&' . $newPW . '&0';
}
$fp = fopen('/path/to/sessionidfile.ext', "w");
fputs($fp, implode("\n", $pwFile));
fclose($fp);
*/
$im = imageCreate(100,50);
$bg = imagecolorallocate($im,0,0,0);
$fg = imagecolorallocate($im,255,255,255);
$borc = imagecolorallocate($im,0,0,0);
$rgb=rand(0, count($colors));
list($r, $g, $b)=split(',', $rgb);
$myRecColor=imagecolorallocate($im, $r, $g, $b);
$rgb=rand(0, count($colors));
list($r, $g, $b)=split(',', $rgb);
$myRec2Color=imagecolorallocate($im, $r, $g, $b);
imagefill($im,0,0,$bg);
imagefilledrectangle($im, 0, 0, rand()&100, rand()&50, $myRecColor);
imagefilledrectangle($im, rand()&100, rand()&50, 50, 25, $myRec2Color);
imagerectangle($im,0,0,199,49,$borc);
imagestring($im,8,5,20, substr($myPW, 0, strlen($myPW)-3), $fg);
imagegif($im);
imagedestroy($im);
?>

# returns:
# -1 if the session id is not found, or none is input
# 0 if an incorrect code is input
# 1 if the correct code is input
sub imageVerify {
  my($sid, $try)=@_;
  if ($try ne "" && $sid ne "") {
    tie @lines, 'tie', '/path/to/sessionidfile.ext' or die "Could not tie pw file: $!";
    for ($i=0; $i<=$#lines; $i++) {
      my($lineId, $realCode)=split(/=/, $lines[$i]);
      chomp($realCode);
      my($realCode, $tries)=split(/&/, &unescape($realCode));
      if (&ucase($lineId) eq &ucase($sid)) {
        if (&ucase($realCode) eq &ucase($try)) {
          splice @lines, $i, 1;
          untie @lines;
          return 1;
        } else {
          if ($tries<3) {
            $lines[$i]=$sid . '=' . $realCode . '&' . ($tries+1) . "\n";
          } else {
            splice @lines, $i, 1;
          }
          untie @lines;
          return 0;
        }
      }
    }
  }
  untie @lines;
  return -1;
}