Jump to content

Recommended Posts

Basically it generates a random series of numbers/letters using either premade images or created on the fly using the gd library or imagemagick.  It asks you to input the letters/numbers that you see into a textbox and submit.  If you type in what it has stored, it lets you in.  Theres millions of them out there that are free, just be creative with your search terms.  'php create captcha'.

http://www.google.com/search?q=php+create+captcha

CAPTCHA in PHP is fairly simple; you can use PHP's gd library (image functions) to make them.

 

It would follow this process:

  1) Make a random string of letters

  2) Store the string in session (not in a hidden field or cookie)

  3) Use PHP's gd library (image functions) to:

        * to create an image

        * populate the image with letters that match the random strings from #1

        * maybe add lines or "noise" so more sophisticated screen-reading bots can't read it... be creative with this, you can even make the letters different sizes and fonts, etc.

  4) compare the string in session and what they entered into the textbox!

 

done!

CAPTCHA in PHP is fairly simple; you can use PHP's gd library (image functions) to make them.

 

It would follow this process:

   1) Make a random string of letters

   2) Store the string in session (not in a hidden field or cookie)

   3) Use PHP's gd library (image functions) to:

         * to create an image

         * populate the image with letters that match the random strings from #1

         * maybe add lines or "noise" so more sophisticated screen-reading bots can't read it... be creative with this, you can even make the letters different sizes and fonts, etc.

   4) compare the string in session and what they entered into the textbox!

 

done!

 

So I can put the letters in the $_SESSION and bots will not be able to read the code from session?

Typically yes, because sessions are stored on the server. However, sessions can be hijacked, but it'd be incredibly unlikely a bot could do so. Unless you make it easy for them to do so (you list session ID's of all users on the main page, XD but, if anyone did that, they'd deserve it).

 

Even for people, finding another person's session ID isn't as easy as 123. So it's reasonable to say you can rely on sessions.

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.