...

View Full Version : Captcha



xanderman
01-11-2008, 02:27 AM
Keep in mind that i wrote this for something diffrent, and you may need to change the "Injection Dection"

Using CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart), For those not so technically inclined, "It's Those Image Verification Things"

To break it down a bit, You can send Form data one of two ways through your HTTP Header.
A. Which is used most Commonly is POST.
POST sends the values of the form in the HTTP Request, you cannot see this through your browser, well unless you hack it out a bit .

B. GET
GET Also acts like post, but these you can see in your browser as part of the address file.extension?this=that&that=this.

Issue:
The issue is that most form fields are static, meaning the name dosent change, so a Bot could simply send the HTTP request over and over again with different values and next thing you know, you got 1k account created on your kal server.

Solution:
If we create a CAPTCHA System, this greatly reduced the chance of a bot being used to create accounts, all though it is still possible, this greatly decreases the chances of a bot making accounts.

Now that I've finished the Introduction to this guide, which most of you probably wont even read, Lets get to the code!!!

First, we will start with the basic HTML form.

<form id="kalreg" name="kalreg" method="post" action="process.php">
User ID:
<input type="text" name="user" id="user" />
<br />
<br />
Password:
<input type="text" name="pass" id="pass" />
<br />
<br />
Image Verfication: <img src="captcha.php" /><br />
<br />
Image Verfication Code:
<input type="text" name="imgver" id="imgver" />
<br />
<br />
<input type="submit" name="button" id="button" value="Register" />
</form>Basically this just displays our form, and our CAPTCHA image (Which we will get to next)

Now that we have got our form displaying, lets make the CAPTCHA, This process actually, isn't difficult.


<?php
#since we are storing our data using Sessions, we need to start a session
session_start();
#$bg_image is the image that will be used for the background of our captcha
#you will have to replace the value with your bg image.
$bg_image = "path2urimage";
#we're going to put some lines throughout the image to make it a bit harder for bots to crack
#to color the lines, we need to fill in the color fields using RGB values (0-255 for each color)
$line_color = array(
"R" => 150,
"G" => 150,
"B" => 150
);
#set the number of line to display in our captcha
$numLines = 5;
#set the length of the key to display in our captcha
$keyLength = 7;
#set the color of the text in our captcha
$textcolor = array(
"R" => 255,
"G" => 0,
"B" => 0
);

#get some file attribures of our bg image, all we are going to use is witdth and height.
list($width, $height, $type, $attr) = getimagesize($bg_image);
#using PHP's GD Library, we're going to create our base captcha, which starts with our BG image.
$captcha = imagecreatefromgif($bg_image);
#sets the color for our key, the color was defined above.
$keycol = imagecolorallocate($captcha, $textcolor["R"],$textcolor["G"],$textcolor["B"]);
#start a loop to add our lines to our captcha
for($i = 0; $i < $numLines; $i++)
{
$line = imagecolorallocate($captcha,$line_color["R"],$line_color["G"],$line_color["B"]);
imageline($captcha,rand(0, $width),rand(0,$height),rand(0, $width),rand(0,$height),$line);
}
#generate our random key
$string = GenKey($keyLength);
#add our random key to our captcha
imagestring($captcha, 9, rand(1, 30), rand(1, 15), $string, $keycol);
#encrypt our key and add it to our session data.
$_SESSION['key'] = md5($string);
#send HTTP header to tell client we're going to display an image.
header("Content-type: image/png");
#dsplay image
imagepng($captcha);

function GenKey ($length)
{
#define the letter / number that will be used in our key.
$chars = "1234567890ABCDEFGHIJKLMNOPQRSTUVWXYZ";
#start a loop to make the key.
for($i = 0; $i < $length; $i++)
{
#pick a random start place in the string
$rand_start = rand(1, strlen($chars) - 1);
#add this character to our key
$key .= substr($chars, $rand_start, 1);
}
#return our key
return $key;
}
?>Now that we have our form, generating our captcha image. Lets move on to checking to see if they entered the right code, and that they are not trying to make an injection to our SQL.


<?php
#start a loop through our POST data
foreach($_POST as $k => $v)
{
#start a check for SQL injections.
#this is kinda nub here, you can make it better by just escaping stings and what not.
if(strstr($v, "'") || strstr($v, '"') || strstr($v, "\\") || strstr($v, "/"))
{
#if we detect an injection, stop the script.
die("Injection Detected");
}
}
#if everthing went through ok....

#extract our POST data from its array
extract($_POST);
#check to see if they entered the correct image code.
if($_SESSION['key'] != md5($imgver))
{
#if the did not stop the script
die("Image Verfication Failed!");
}
else
{
#here is where you can put your query / SQL connection to create the account
}
?>That concludes the tutorial, but here are a few things you can do to make it a bit harder for bots to crack.

add more lines.
make the color of the lines and text random by using PHP's rand function.
use a random background image.


If you have any question or comments, please feel free to post back.

jeddi
02-24-2008, 05:39 PM
Can you give a link to a page where this is working ?

That would be nice.

Also you write :

"#$bg_image is the image that will be used for the background of our captcha
#you will have to replace the value with your bg image."

I am probably being dumb but images come in all sorts os sizes shapes and formats and I have no idea what type is required:o

You couldn't post a link to an image that is suitable for this purpose could you ?

I have put your code into my script and trying to make it work so thanks for your help.

Inigoesdr
02-24-2008, 09:35 PM
Also you write :

"#$bg_image is the image that will be used for the background of our captcha
#you will have to replace the value with your bg image."

I am probably being dumb but images come in all sorts os sizes shapes and formats and I have no idea what type is required:o

$captcha = imagecreatefromgif($bg_image);
To use the original code you need to use a .gif image(though you could change the function to imagecreatefromjpeg() (http://php.net/imagecreatefromjpeg) or imagecreatefrompng() (http://php.net/imagecreatefrompng) if you want to use that type of image). At quick glance it seems size doesn't matter.

jeddi
02-25-2008, 11:32 AM
OK I sorted out my image - ( I used GIMP 2 )
and in needs to be a size like 25 x 120.

Now I have a question about the sessions:

The captcha script is only being called with the image stmt
here:
img src="captcha.php'

and this is in the middle of my form i.e. AFTER I have sent page headers etc.

So how come I dont get an error with the
session_start();
statement that is used inside captcha.php?

The reason that I am asking is not just out of curiousity, but have a problem
when I try to check the key with this portion of the script:



#check to see if they entered the correct image code.

extract($_POST);
$keytxt =$_SESSION['key'];

ECHO "Keytext: $keytxt";

if($keytxt != md5($imgver))


The problem is that $_SESSION['key']; is empty !
Guess it wasn't passed ?

Thanks for any help.

Inigoesdr
02-25-2008, 02:49 PM
Now I have a question about the sessions:

The captcha script is only being called with the image stmt
here:
img src="captcha.php'

and this is in the middle of my form i.e. AFTER I have sent page headers etc.

So how come I dont get an error with the
session_start();
statement that is used inside captcha.php?
You don't get an error because it's a separate request sent to the server. Since the $_SESSION data is server-side it can be updated at any time, even on a different page on the same domain; just as if you had another tab open in your browser.

Edit: You already started a thread for the code problem, so you don't need to reply here.

p4plus2
03-04-2008, 12:59 AM
try this:

replace


$line_color = array(
"R" => 150,
"G" => 150,
"B" => 150
);
#set the number of line to display in our captcha
$numLines = 5;
#set the length of the key to display in our captcha
$keyLength = 7;
#set the color of the text in our captcha
$textcolor = array(
"R" => 255,
"G" => 0,
"B" => 0
);


WITH:


$line_color = array(
"R" => rand(0,255),
"G" => rand(0,255),
"B" => rand(0,255)
);
#set the number of line to display in our captcha
$numLines = 5;
#set the length of the key to display in our captcha
$keyLength = 7;
#set the color of the text in our captcha
$textcolor = array(
"R" => rand(0,255),
"G" => rand(0,255),
"B" => rand(0,255)
);


So random colors will be used (more uniqueness is always best :P)



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum