TalkPHP - View Single Post

cecilia · 07-02-2009, 08:58 PM

I just read a thread about this so I guess its alright to talk about its specifics on making your own here on this section, I think.

Like, anything that you should look out for when using it?

And why are the images usually distorted, is this really necessary? Is it to prevent text recognition software on images? Sometimes theyre really hard to read, on sometimes I have to reload the captcha more than 5 times.

Wikipedia says its a type of challenge-response test used in computing to ensure that the response is not generated by a computer.

I tried writing my simple first attempt at this a few weeks ago on a test page. What I did was:

Created jpeg files for every letter and gave them numeric filenames.
I then generate 8 random numbers within the limits of the filenames and display the corresponding images. I also assemble the captcha string using those, converting the numbers into letters.
Then I let javascript compare the user input and the captcha string, if it matches it proceeds if not it gives you a popup error message. If you disable JS and try to submit it wont submit.

Im thinking of a different way of doing it like instead of javascript, Ill validate it on the next page using php. But wont that beat the point? Isnt this meant to stop things on the page where its at and let the other security measures handle the rest on the next page?

Also, maybe if JS is off, tell the user to turn it on if im keeping it in JS?

07-02-2009, 08:58 PM	#1 (permalink)
cecilia The Contributor Join Date: May 2009 Location: LA, CA Posts: 87 Thanks: 0	Captcha I just read a thread about this so I guess its alright to talk about its specifics on making your own here on this section, I think. Like, anything that you should look out for when using it? And why are the images usually distorted, is this really necessary? Is it to prevent text recognition software on images? Sometimes theyre really hard to read, on sometimes I have to reload the captcha more than 5 times. Wikipedia says its a type of challenge-response test used in computing to ensure that the response is not generated by a computer. I tried writing my simple first attempt at this a few weeks ago on a test page. What I did was: Created jpeg files for every letter and gave them numeric filenames. I then generate 8 random numbers within the limits of the filenames and display the corresponding images. I also assemble the captcha string using those, converting the numbers into letters. Then I let javascript compare the user input and the captcha string, if it matches it proceeds if not it gives you a popup error message. If you disable JS and try to submit it wont submit. Im thinking of a different way of doing it like instead of javascript, Ill validate it on the next page using php. But wont that beat the point? Isnt this meant to stop things on the page where its at and let the other security measures handle the rest on the next page? Also, maybe if JS is off, tell the user to turn it on if im keeping it in JS?