Captcha
 

I just read a thread about this so I guess its alright to talk about its specifics on making your own here on this section, I think.

Like, anything that you should look out for when using it?

And why are the images usually distorted, is this really necessary? Is it to prevent text recognition software on images? Sometimes theyre really hard to read, on sometimes I have to reload the captcha more than 5 times.



Wikipedia says its a type of challenge-response test used in computing to ensure that the response is not generated by a computer.


I tried writing my simple first attempt at this a few weeks ago on a test page. What I did was:

1. Created jpeg files for every letter and gave them numeric filenames.
2. I then generate 8 random numbers within the limits of the filenames and display the corresponding images. I also assemble the captcha string using those, converting the numbers into letters.
3. Then I let javascript compare the user input and the captcha string, if it matches it proceeds if not it gives you a popup error message. If you disable JS and try to submit it wont submit.

Im thinking of a different way of doing it like instead of javascript, Ill validate it on the next page using php. But wont that beat the point? Isnt this meant to stop things on the page where its at and let the other security measures handle the rest on the next page?

Also, maybe if JS is off, tell the user to turn it on if im keeping it in JS?

You should never use JS to validate things from the user it's only for stylistic uses but when you let them submit with the captcha the point is to validate the captcha before anything. The distorted images it to prevent automated OCR-capable bots from guessing your captcha also. I always use reCaptcha for all my captcha needs.

Well, yes thats what I was thinking of in a way ~ before anything else, including before you can even touch the next page. But I know its not really ideal for the said reasons...

Ok, then what about:

You keep them both. You leave the JS just for the convenience of the user, to let them now ahead of time if what they typed is right before submitting then php will check it again on the next page.

Well JS shouldn't be able to verify your captcha lest you make a call to your server to verify

The way I did it, JS will have something to compare it to since Im echoing the string directly to the javascript function that checks it. Or this is stupid since if... you can write a program that recognizes text from an image you can i guess just locate it within the page which is in plain text form...?

I can make a call to the server too with JS and make the check there.

Well, I really am considering the no javascript version. Ill try that on my next version of it along with the other things.


I looked for a live version and tried saving the image. It just has a uniform name and its just one file, image.jpg. Is it possible to create or, assemble a single image from multiple images using php? Or its just a single image file really thats like cloned then renamed? Ill try to look for a way on how to make such a thing...

ADD:
I found something on how to create images using php, Ill try it when I get home.

Never let javascript even have a hand in any validation you don't want completely bypassed. Your method to send to the server and have it send back has two problems:
1. Javascript can be modified on pages, they can modify it to always return yes
2. The HTTP call javascript makes can be intercepted (so it never actually gets out) and forged (so the script thinks it all worked).

I've never made a system that does this, but off the top of my head this is how I would do it:

1. Start.php
- Creates a row in the database with a random confirmation string. This row has an another randomly generated ID string (called aID).
- Sets a hidden field with the value of aID.
- Calls image.php to generate an image with that associated ID.
- Has a text field to enter the string in.

2. image.jpg
-Actually a PHP scipt, mod_rewrite or server MIME types (telling the server to process the jpg as a PHP file) are used to create this effect. aID will be in the GET data, it goes into the database and returns the image form of the string.

3. Process.php
- Takes the associated ID from the hidden form and compares it's confirmation string to the user input. If they match they are though, otherwise return the error.

Other tasks:
1. Delete unconfirmed rows that are more than 12 hours old.
2. Delete rapidly generated rows from a single IP or whatever method you use (not foolproof, would require additional storing).

Don't forget the lovely tutorial hosted on this site which gives you a sample captcha system.

http://www.talkphp.com/script-giveaw...l-captcha.html

A fine method if you want to use sessions. Sessions are unreliable (in my experience) and use up a lot of server resources.

It's more of an example on how to set up the image, security, randomness, ect...

But yes secessions are not perfect.

thats a useful tutorial for making your own. Ill try the image making section first, I really want to see it in action. Then ill try to make mine not session dependent somehow?

I tried it this is what I got in plain text:
‰PNG  IHDR
��߇€IDATxœíÔA À0À¿çÃ?²¤U°×öÌ,€‚ó;à•a
†d�aX@†a
†d�aX@†a
†d�aX@†a
†d�aX@†a
†d�aX@†a
†d�aX@ †a
†d�aX@Ʋi9éÎNÓIEND®B`‚

I got this instead when I changed it to making a jpeg.
ÿØÿàJFIF



ÿþ>CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), default quality ÿÛC    $.' ",#(7),01444'9=82<.342ÿÛC
 2!!222222222222222222222222222222222222222222222 22222ÿÀ
�
"

ÿÄ







 ÿĵ

}
!1AQa"q2�‘¡#B±ÁRÑð$3 br‚ %&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz ƒ„…†‡ˆ‰Š’“”•–—˜™š¢£¤¥¦§¨©ª²³´µ¶·¸¹ºÂÃÄÅÆÇÈÉÊÒÓÔÕÖ× ØÙÚáâãäåæçèéêñòóôõö÷øùúÿÄ










 ÿĵ

w
!1AQaq"2�B‘¡±Á #3RðbrÑ $4á%ñ&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvw xyz‚ƒ„…†‡ˆ‰Š’“”•–—˜™š¢£¤¥¦§¨©ª²³´µ¶·¸¹ºÂÃÄÅÆÇÈÉÊÒÓ ÔÕÖ×ØÙÚâãäåæçèéêòóôõö÷øùúÿÚ 
?÷ú(¢€ (¢€ (¢€ (¢€ (¢€ (¢€ (¢€ (¢€ (¢€ (¢€ (¢€ (¢€ (¢€ (¢€ (¢€ (¢€ (¢€ (¢€ (¢€ (¢€ (¢€ (¢€ (¢€ (¢€ (¢€ (¢€ (¢€ (¢€ (¢€ (¢€ (¢€ (¢€ (¢€ (¢€ (¢€ (¢€ (¢€ (¢€ (¢€ (¢€ (¢€ (¢€ (¢€ (¢€ (¢€ (¢€ (¢€ (¢€ (¢€ (¢€?ÿÙ


Im probably doing something wrong, I think ill try again later

Your server doesn't support making the image (fully). It happens to me on my local server.

I ran a check and it seems I support it, sorta:

GD Version: bundled (2.0.34 compatible)
FreeType Support: 1
FreeType Linkage: with freetype
T1Lib Support:
GIF Read Support: 1
GIF Create Support: 1
JPG Support: 1
PNG Support: 1
WBMP Support: 1
XPM Support: 1
XBM Support: 1
JIS-mapped Japanese Font Support:

Don't output it as text, you need to set the MIME type to image/png

Ok I already lost the one that I wrote. This is from php.net and its almost jsut like it:

What I did was just let it run in the open. And it gives me:

‰PNG IHDRnV,šPLTEé[an÷fIDAT•c` `fxÄÀÃ`Ç ÀçÀä²41ƒ‚€˜Ë–Ý’Àq²@੤;{á0— œi


When I placed this on a separate php file picmaker.php, and used an image tag with the file for its src value it works.

Went through the tutorial again... Sorry, I missed that part, it was there.

Welcome to mmoggg website to buy RS Gold, offer a lot, of course, Diablo 3 Gold and Cheap RS Gold, to be purchased at any time, at any time shipment, and Diablo 3 Gold Kaufen look forward to your visit!

Nike Free 3.0 Shoes barefoot series of running shoes is one of the last couple of years, most the Nike fans favorite Nike Free 3.0 V4 running shoes.The series generally forefoot Waffle husband outside shading road design, has raised friction block has extremely suitable for running grip, and can be dispersed impact, make running more comfortable. The heel BRS1000 carbon fiber rubber, more wear-resistant, good grip, but the intense friction will leave a black mark on the ground.If Nike Free 3.0 Womens flexibility rating, 0.0 for barefoot running, 5.0 for ordinary running shoes. Nike Free Run Shoes running shoes introduced a FREE 3.0, Nike Free 3.0 V3 , FREE 7.0 FREE EVERYDAY FREE RUN + FREE style.nikefree30shoessale130313