Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 6 of 6

Thread: Captcha

  1. #1
    New Coder
    Join Date
    May 2006
    Location
    Pennsylvania, USA
    Posts
    31
    Thanks
    0
    Thanked 4 Times in 4 Posts

    Captcha

    Keep in mind that i wrote this for something diffrent, and you may need to change the "Injection Dection"

    Using CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart), For those not so technically inclined, "It's Those Image Verification Things"

    To break it down a bit, You can send Form data one of two ways through your HTTP Header.
    A. Which is used most Commonly is POST.
    POST sends the values of the form in the HTTP Request, you cannot see this through your browser, well unless you hack it out a bit .

    B. GET
    GET Also acts like post, but these you can see in your browser as part of the address file.extension?this=that&that=this.

    Issue:
    The issue is that most form fields are static, meaning the name dosent change, so a Bot could simply send the HTTP request over and over again with different values and next thing you know, you got 1k account created on your kal server.

    Solution:
    If we create a CAPTCHA System, this greatly reduced the chance of a bot being used to create accounts, all though it is still possible, this greatly decreases the chances of a bot making accounts.

    Now that I've finished the Introduction to this guide, which most of you probably wont even read, Lets get to the code!!!

    First, we will start with the basic HTML form.
    PHP Code:
    <form id="kalreg" name="kalreg" method="post" action="process.php">
      
    User ID:
      <
    input type="text" name="user" id="user" />
      <
    br />
      <
    br />
    Password:
    <
    input type="text" name="pass" id="pass" />
    <
    br />
    <
    br />
    Image Verfication: <img src="captcha.php" /><br />
    <
    br />
    Image Verfication Code:
    <
    input type="text" name="imgver" id="imgver" />
    <
    br />
    <
    br />
    <
    input type="submit" name="button" id="button" value="Register" />
    </
    form
    Basically this just displays our form, and our CAPTCHA image (Which we will get to next)

    Now that we have got our form displaying, lets make the CAPTCHA, This process actually, isn't difficult.

    PHP Code:
    <?php
    #since we are storing our data using Sessions, we need to start a session
    session_start();
    #$bg_image is the image that will be used for the background of our captcha
    #you will have to replace the value with your bg image.
    $bg_image "path2urimage";
    #we're going to put some lines throughout the image to make it a bit harder for bots to crack
    #to color the lines, we need to fill in the color fields using RGB values (0-255 for each color)
    $line_color = array(
    "R" => 150,
    "G" => 150,
    "B" => 150
    );
    #set the number of line to display in our captcha
    $numLines 5;
    #set the length of the key to display in our captcha
    $keyLength 7;
    #set the color of the text in our captcha
    $textcolor = array(
    "R" => 255,
    "G" => 0,
    "B" => 0
    );

    #get some file attribures of our bg image, all we are going to use is witdth and height.
    list($width$height$type$attr) = getimagesize($bg_image);
    #using PHP's GD Library, we're going to create our base captcha, which starts with our BG image.
    $captcha imagecreatefromgif($bg_image);
    #sets the color for our key, the color was defined above.
    $keycol imagecolorallocate($captcha$textcolor["R"],$textcolor["G"],$textcolor["B"]);
    #start a loop to add our lines to our captcha
    for($i 0$i $numLines$i++)
    {
        
    $line imagecolorallocate($captcha,$line_color["R"],$line_color["G"],$line_color["B"]);
        
    imageline($captcha,rand(0$width),rand(0,$height),rand(0$width),rand(0,$height),$line);
    }
    #generate our random key
    $string GenKey($keyLength);
    #add our random key to our captcha
    imagestring($captcha9rand(130), rand(115), $string$keycol);
    #encrypt our key and add it to our session data.
    $_SESSION['key'] = md5($string);
    #send HTTP header to tell client we're going to display an image.
    header("Content-type: image/png");
    #dsplay image
    imagepng($captcha);

    function 
    GenKey ($length)
    {
        
    #define the letter / number that will be used in our key.
        
    $chars "1234567890ABCDEFGHIJKLMNOPQRSTUVWXYZ";
        
    #start a loop to make the key.
        
    for($i 0$i $length$i++)
        {
            
    #pick a random start place in the string
            
    $rand_start rand(1strlen($chars) - 1);
            
    #add this character to our key
            
    $key .= substr($chars$rand_start1);
        }
        
    #return our key
        
    return $key;
    }
    ?>
    Now that we have our form, generating our captcha image. Lets move on to checking to see if they entered the right code, and that they are not trying to make an injection to our SQL.

    PHP Code:
    <?php
    #start a loop through our POST data
    foreach($_POST as $k => $v)
    {
        
    #start a check for SQL injections.
        #this is kinda nub here, you can make it better by just escaping stings and what not.
        
    if(strstr($v"'") || strstr($v'"') || strstr($v"\\") || strstr($v"/"))
        {
            
    #if we detect an injection, stop the script.
            
    die("Injection Detected");
        }
    }
    #if everthing went through ok....

    #extract our POST data from its array
    extract($_POST);
    #check to see if they entered the correct image code.
    if($_SESSION['key'] != md5($imgver))
    {
        
    #if the did not stop the script
        
    die("Image Verfication Failed!");
    }
    else
    {
        
    #here is where you can put your query / SQL connection to create the account
    }
    ?>
    That concludes the tutorial, but here are a few things you can do to make it a bit harder for bots to crack.

    add more lines.
    make the color of the lines and text random by using PHP's rand function.
    use a random background image.


    If you have any question or comments, please feel free to post back.
    Last edited by xanderman; 01-11-2008 at 01:30 AM.

  • #2
    Senior Coder
    Join Date
    May 2006
    Posts
    1,673
    Thanks
    28
    Thanked 4 Times in 4 Posts
    Can you give a link to a page where this is working ?

    That would be nice.

    Also you write :

    "#$bg_image is the image that will be used for the background of our captcha
    #you will have to replace the value with your bg image."

    I am probably being dumb but images come in all sorts os sizes shapes and formats and I have no idea what type is required

    You couldn't post a link to an image that is suitable for this purpose could you ?

    I have put your code into my script and trying to make it work so thanks for your help.
    If you want to attract and keep more clients, then offer great customer support.

    Support-Focus.com. automates the process and gives you a trust seal to place on your website.
    I recommend that you at least take the 30 day free trial.

  • #3
    Super Moderator Inigoesdr's Avatar
    Join Date
    Mar 2007
    Location
    Florida, USA
    Posts
    3,638
    Thanks
    2
    Thanked 404 Times in 396 Posts
    Quote Originally Posted by jeddi View Post
    Also you write :

    "#$bg_image is the image that will be used for the background of our captcha
    #you will have to replace the value with your bg image."

    I am probably being dumb but images come in all sorts os sizes shapes and formats and I have no idea what type is required
    PHP Code:
    $captcha imagecreatefromgif($bg_image); 
    To use the original code you need to use a .gif image(though you could change the function to imagecreatefromjpeg() or imagecreatefrompng() if you want to use that type of image). At quick glance it seems size doesn't matter.

  • #4
    Senior Coder
    Join Date
    May 2006
    Posts
    1,673
    Thanks
    28
    Thanked 4 Times in 4 Posts
    OK I sorted out my image - ( I used GIMP 2 )
    and in needs to be a size like 25 x 120.

    Now I have a question about the sessions:

    The captcha script is only being called with the image stmt
    here:
    Code:
    img src="captcha.php'
    and this is in the middle of my form i.e. AFTER I have sent page headers etc.

    So how come I dont get an error with the
    Code:
    session_start();
    statement that is used inside captcha.php?

    The reason that I am asking is not just out of curiousity, but have a problem
    when I try to check the key with this portion of the script:

    PHP Code:
    #check to see if they entered the correct image code.

    extract($_POST);
    $keytxt =$_SESSION['key'];

    ECHO 
    "Keytext: $keytxt";
     
    if(
    $keytxt != md5($imgver)) 
    The problem is that $_SESSION['key']; is empty !
    Guess it wasn't passed ?

    Thanks for any help.
    Last edited by jeddi; 02-25-2008 at 12:58 PM.
    If you want to attract and keep more clients, then offer great customer support.

    Support-Focus.com. automates the process and gives you a trust seal to place on your website.
    I recommend that you at least take the 30 day free trial.

  • #5
    Super Moderator Inigoesdr's Avatar
    Join Date
    Mar 2007
    Location
    Florida, USA
    Posts
    3,638
    Thanks
    2
    Thanked 404 Times in 396 Posts
    Quote Originally Posted by jeddi View Post
    Now I have a question about the sessions:

    The captcha script is only being called with the image stmt
    here:
    Code:
    img src="captcha.php'
    and this is in the middle of my form i.e. AFTER I have sent page headers etc.

    So how come I dont get an error with the
    Code:
    session_start();
    statement that is used inside captcha.php?
    You don't get an error because it's a separate request sent to the server. Since the $_SESSION data is server-side it can be updated at any time, even on a different page on the same domain; just as if you had another tab open in your browser.

    Edit: You already started a thread for the code problem, so you don't need to reply here.
    Last edited by Inigoesdr; 02-25-2008 at 01:54 PM.

  • #6
    Regular Coder
    Join Date
    Mar 2008
    Posts
    103
    Thanks
    1
    Thanked 8 Times in 8 Posts
    try this:

    replace
    PHP Code:
    $line_color = array(
    "R" => 150,
    "G" => 150,
    "B" => 150
    );
    #set the number of line to display in our captcha
    $numLines 5;
    #set the length of the key to display in our captcha
    $keyLength 7;
    #set the color of the text in our captcha
    $textcolor = array(
    "R" => 255,
    "G" => 0,
    "B" => 0
    ); 
    WITH:
    PHP Code:
    $line_color = array(
    "R" => rand(0,255),
    "G" => rand(0,255),
    "B" => rand(0,255)
    );
    #set the number of line to display in our captcha
    $numLines 5;
    #set the length of the key to display in our captcha
    $keyLength 7;
    #set the color of the text in our captcha
    $textcolor = array(
    "R" => rand(0,255),
    "G" => rand(0,255),
    "B" => rand(0,255)
    ); 
    So random colors will be used (more uniqueness is always best :P)


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •