[TUT] Make Your Own Security Question System

I got this idea some weeks back and I decided to make it and implement it to a few of my projects. You can easily make your own security question using this tutorial. It's a very simple system when you look at it, because it simply uses arrays.

Question.php

PHP Code:

function get_capt()
{
    $num = rand(1,2);
    if ($num == 1)
    {
        $a = getarr1();
        $_SESSION['capt'] = $a['a'];
        return $a;
    }
    if ($num == 2)
    {
        $a = getarr2();
        $_SESSION['capt'] = $a['a'];
        return $a;
    }
}

function getarr1()
{
    $num = rand(1,2);
    $arr = null;
    switch($num)
    {
        case 1:
        $arr = array(
        "q" => "Finish the phrase 'cool story ___'",
        "a" => "bro"
        );
        break;
       
        case 2:
        $arr = array(
        "q" => "How many pieces are on a chess board at the beginning?",
        "a" => 32
        );
        break;
    }
    return $arr;
}

function getarr2()
{
    $num = rand(1,2);
    $arr = null;
    switch($num)
    {
        case 1:
        $arr = array(
        "q" => "How many months are in a year?",
        "a" => 12
        );
        break;
       
        case 2:
        $arr = array(
        "q" => "How many letters are in the alphabet?",
        "a" => 26
        );
        break;
    }
    return $arr;
}?>

As you can see, it all works on generating a random number, then running a switch statement based on the random number that was generated. There's no "default" in the switch statement because there's no need for it.

Now, in our register.php, we will include this piece of code at the top of our Register.php file. You must of course, know about sessions.

TIP: "session_start();" must be the first line of the file, after "<?php", of course.

Register.php

PHP Code:

<?php
session_start();
require_once("Question.php");//Your button name should be 'signup' for this to work,
//Or just have any <input> with the name signup, preferably a hidden one.if ($_POST['signup'])
{
    if (!$_POST['capt'])
    {
        $err.="Incorrect captcha!";
    }
    else
    {
        if ($_POST['capt'] !== $_SESSION['capt'])
        {
            $err.="Incorrect captcha!";
        }
    }
}?>

Now, in our <form> tags in Register.php, you need to include this somewhere there:

PHP Code:

<tr>
    <td>
        $ques = get_capt(); echo $ques['q'];
        <br/><input type="text" name="capt"/><br/><input type="submit" name="signup" value="Submit"/>
<?php echo $err;?>    </td>
</tr> 

There you go. You now have a working Security Question script to use on your site. Try it out.
All credit goes to me, I was sitting down wondering how to better secure my site, and this just came to me. Of course, you should include more questions and answers, but this is a good tutorial for those who want extra security,

Note: This isn't really for beginners who don't know about arrays, functions, or sessions.