Help With Captcha

[sufian]

Hey, I'm building a captcha for a register page on my site. So far I have got it showing the image of text, the code  for the captcha.php is:

 

 

<?php

session_start();

$string = '';

for ($i = 0; $i < 5; $i++) {
// this numbers refer to numbers of the ascii table (lower case)
$string .= chr(rand(97, 122));
}

$_SESSION['rand_code'] = $string;

$dir = 'fonts/';

$image = imagecreatetruecolor(170, 60);
$black = imagecolorallocate($image, 0, 0, 0);
$color = imagecolorallocate($image, 200, 100, 90); // red
$white = imagecolorallocate($image, 255, 255, 255);

imagefilledrectangle($image,0,0,399,99,$white);
imagettftext ($image, 30, 0, 10, 40, $color, $dir."duepuntozero.ttf", $_SESSION['rand_code']);

header("Content-type: image/png");
imagepng($image);

?>

 

 

And inside the register.php page I have the following:

 

At the top of the page:

<?php

session_start();

if(isset($_POST['submit'])) {

	if($_POST['code'] == $_SESSION['rand_code']) {

		// send email
		$accept = "Account Created Please Log In.";

	} else {

		$error = "Please verify that you typed in the correct code.";

	}

} else {

	$error = "Please fill out the entire form.";

}

}

?>

 

And at the top of the register page:

<?php if(!empty($error)) echo '<div class="error">'.$error.'</div>'; ?>
<?php if(!empty($accept)) echo '<div class="accept">'.$accept.'</div>'; ?>

 

And the form for the register section is:

<?php if(!empty($error)) echo '<div class="error">'.$error.'</div>'; ?>
<?php if(!empty($accept)) echo '<div class="accept">'.$accept.'</div>'; ?>

<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post" enctype="multipart/form-data">
<p><span id="sprytextfield1">
    <input type="text" name="name" />
    <span class="textfieldRequiredMsg">A value is required.</span><span class="textfieldInvalidFormatMsg">Invalid format.</span></span> Name</p>
<p><span id="sprytextfield2">
<input type="text" name="email" />
<span class="textfieldRequiredMsg">A value is required.</span><span class="textfieldInvalidFormatMsg">Invalid format.</span></span> Email</p>
<p><span id="sprypassword1">
  <label>
    <input type="password" name="password" id="password" />
  </label>
  <span class="passwordRequiredMsg">A value is required.</span></span>password</p>
<img src="captcha.php"/>
<p><span id="sprytextfield3">
  <input type="text" name="code" />
  <span class="textfieldRequiredMsg">A value is required.</span></span> Captcha</p>
  <p><input type="submit" name="submit" value="Send" class="button" /></p>
</form>
<script type="text/javascript">
<!--
var sprytextfield1 = new Spry.Widget.ValidationTextField("sprytextfield1", "custom");
var sprytextfield2 = new Spry.Widget.ValidationTextField("sprytextfield2", "email");
var sprypassword1 = new Spry.Widget.ValidationPassword("sprypassword1");
var sprytextfield3 = new Spry.Widget.ValidationTextField("sprytextfield3");
//-->
</script>

 

 

 

 

 

[lynxus]

While im not sure what the problem is?

I would suggest using a pre made captcha .

Something like: http://www.phpcaptcha.org/

 

It works and you dont need to worry about any bad code etc.

[vineld]

While im not sure what the problem is?

I would suggest using a pre made captcha .

Something like: http://www.phpcaptcha.org/

 

It works and you dont need to worry about any bad code etc.

 

I definitely agree although I would suggest using another method of protection other than captcha since it is not really user friendly. If you still want to use captcha make sure that it's one that is both readable and exists in a spoken version as well.

[lynxus]

I suppose another thing is to verify accounts.

 

One thing i do is have a very readable captcha on my site ( it will stop most bots )

then also have it so they have to verify their e-mail ( click a link thats sent to it )