Saturday, November 14, 2009

How to Use a CAPTCHA in php

To put it simply a captcha works by generating a random string, writing it to an image, then storing the string inside of a session or cookie or by some other method. This is then checked when the form or operation is performed.
Their are 7 basic Step
  1. Random text generated
  2. Text written to image
  3. Text stored in session/cookie/database
  4. Image displayed to user
  5. User enters the code
  6. User entered code is checked against the stored key
  7. If they match then something is done
Random text

I will use the php functions, microtime() and mktime() to generate a number. This number will then be encrypted using md5(). With this 32 character long encrypted string we will then use substr() to cut it down to a 5 letter long string. This is our random text.

//Start the session so we can store what the code actually is.

//Now lets use md5 to generate a totally random string
$md5 = md5(microtime() * mktime());

We dont need a 32 character long string so we trim it down to 5


$string = substr($md5,0,5);

Text to the image

Now for the GD stuff, for ease of use lets create

the image from a background image.


$captcha = imagecreatefrompng("./captcha.png");

Lets set the colours, the colour $line is used to generate lines.

Using a blue misty colours. The colour codes are in RGB


$black = imagecolorallocate($captcha, 0, 0, 0);
$line = imagecolorallocate($captcha,233,239,239);

Now to make it a little bit harder for any bots to break,

assuming they can break it so far. Lets add some lines

in (static lines) to attempt to make the bots life a little harder



Text stored in session/cookie

Now for the all important writing of the randomly generated string to the image.


imagestring($captcha, 5, 20, 10, $string, $black);

Encrypt and store the key inside of a session


$_SESSION['key'] = md5($string);

Output the image


header("Content-type: image/png");


Image displayed to user/User Enter COde

User simple img tag and input box

Check Enter Code is correct or not


//Encrypt the posted code field and then compare with the stored key

if(md5($_POST['code']) != $_SESSION['key'])

"Error: You must enter the code correctly");

'You entered the code correctly';

No comments:

Post a Comment