Saturday, November 14, 2009

How to Use a CAPTCHA in php

To put it simply a captcha works by generating a random string, writing it to an image, then storing the string inside of a session or cookie or by some other method. This is then checked when the form or operation is performed.
Their are 7 basic Step
  1. Random text generated
  2. Text written to image
  3. Text stored in session/cookie/database
  4. Image displayed to user
  5. User enters the code
  6. User entered code is checked against the stored key
  7. If they match then something is done
Random text

I will use the php functions, microtime() and mktime() to generate a number. This number will then be encrypted using md5(). With this 32 character long encrypted string we will then use substr() to cut it down to a 5 letter long string. This is our random text.


//Start the session so we can store what the code actually is.
session_start();

//Now lets use md5 to generate a totally random string
$md5 = md5(microtime() * mktime());

/*
We dont need a 32 character long string so we trim it down to 5
*/
$string = substr($md5,0,5);
?>


Text to the image


/*
Now for the GD stuff, for ease of use lets create
the image from a background image.
*/

$captcha = imagecreatefrompng("./captcha.png");

/*
Lets set the colours, the colour $line is used to generate lines.
Using a blue misty colours. The colour codes are in RGB
*/

$black = imagecolorallocate($captcha, 0, 0, 0);
$line = imagecolorallocate($captcha,233,239,239);

/*
Now to make it a little bit harder for any bots to break,
assuming they can break it so far. Lets add some lines
in (static lines) to attempt to make the bots life a little harder
*/
imageline($captcha,0,0,39,29,$line);
imageline($captcha,40,0,64,29,$line);
?>


Text stored in session/cookie


 /*
Now for the all important writing of the randomly generated string to the image.
*/
imagestring($captcha, 5, 20, 10, $string, $black);


/*
Encrypt and store the key inside of a session
*/

$_SESSION['key'] = md5($string);

/*
Output the image
*/
header("Content-type: image/png");
imagepng($captcha);

?>

Image displayed to user/User Enter COde

User simple img tag and input box


Check Enter Code is correct or not


session_start();

//Encrypt the posted code field and then compare with the stored key

if(md5($_POST['code']) != $_SESSION['key'])
{
die("Error: You must enter the code correctly");
}else{
echo 'You entered the code correctly';
}
?>


Posted by Unknown at 1:02 AM
Labels: , , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)