[SOLVED] Anti bot check

[L]

Hey,

For an anti-bot check I thought I would create a hidden input, and if it was filled(because bots usually fill in everything) it wouldn't let it to register. But for some reason the opposite is happening for me..when it's not set it gives the error and vice versa

//in form tag
<input type="hidden" name="notcool" id="notcool" value="" />
if (isset($_POST['register'])) {
if (isset($_POST['notcool'])) {
$msg = "You have been deemed a bot...if you are not a bot, then try again...";
confirm($msg);
}
//above is first part of check in the registration page

When I put !isset($_POST['notcool'])) then it works fine...can someone explain to me what's wrong here because I'm confused. ???

 

Thanks for your time,

~L

[Ken2k7]

Just put up a new input field and ask a simple question like: Is ice cream hot or cold? Bots don't usually answer them right.

[adam291086]

you could always make a random number generator and ask the user to verify the number. I gave a random number generator script if you need some help.

[L]

Yah, that'd be appreciated...I don't know how I could make one.

 

 

[Ken2k7]

echo rand();

 

?

 

You should run rand(), store it in a variable and use that.

[adam291086]

i Got this from a tutorial i will try and find where it was

 

Here is the code

 

<?php
session_start(); 
// generate 5 digit random number
$rand = rand(10000, 99999);

// create the hash for the random number and put it in the session
$_SESSION['image_random_value'] = md5($rand);

// create the image
$image = imagecreate(60, 30);

// use white as the background image
$bgColor = imagecolorallocate ($image, 255, 255, 255); 

// the text color is black
$textColor = imagecolorallocate ($image, 0, 0, 0); 

// write the random number
imagestring ($image, 5, 5, 8, $rand, $textColor); 

// send several headers to make sure the image is not cached 
// taken directly from the PHP Manual

// Date in the past 
header("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); 

// always modified 
header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT"); 

// HTTP/1.1 
header("Cache-Control: no-store, no-cache, must-revalidate"); 
header("Cache-Control: post-check=0, pre-check=0", false); 

// HTTP/1.0 
header("Pragma: no-cache"); 


// send the content type header so the image is displayed properly
header('Content-type: image/jpeg');

// send the image to the browser
imagejpeg($image);

// destroy the image to free up the memory
imagedestroy($image);
?>

 

Then in your register page. Add in

 

<img src="randomImage.php">

 

That will create a random number for you. Then when you send in the details for the registration you check the number the user entered agaist the session set by the radomimage.php. If it is correct then continue.

 

Hope that makes sense

[Daniel0]

Hey,

For an anti-bot check I thought I would create a hidden input, and if it was filled(because bots usually fill in everything) it wouldn't let it to register. But for some reason the opposite is happening for me..when it's not set it gives the error and vice versa

//in form tag
<input type="hidden" name="notcool" id="notcool" value="" />
if (isset($_POST['register'])) {
if (isset($_POST['notcool'])) {
$msg = "You have been deemed a bot...if you are not a bot, then try again...";
confirm($msg);
}
//above is first part of check in the registration page

When I put !isset($_POST['notcool'])) then it works fine...can someone explain to me what's wrong here because I'm confused. ???

 

Thanks for your time,

~L

 

Check if it's empty() instead. Even if it is set it can still be empty.

[Yesideez]

I've seen many requests for captcha/anti bot scripts like this and to help make things a little easier I've always posted a link to my website and say "if you want the code to use that script you can have it - PM me"

 

http://www.pictureinthesky.net

 

The captcha script can be found on the guestbook and the contact me page. As I said, if you want it you can have it.

 

This is what it makes:

[L]

@adam

The script seems to work(the image appears), but when I check it against what the user types it fails every time. Here's my code.

 
if (md5($_POST['image']) != $_SESSION['image_random_value']) {
$msg="You have been deemed a bot...if you are not a bot then contact the admin at ninjitsudude@gmail.com";
confirm($msg);
}

 

@Daniel

Would be overkill if I were to use this method and a captcha one?

 

@Yesideez

I sent you the pm.

[Daniel0]

@Daniel

Would be overkill if I were to use this method and a captcha one?

 

Probably. CAPTCHA works ok. It's not perfect, but it works. First of all there is the problem with blind people. Their screen readers cannot read the CAPTCHA image. Bots can read some CAPTCHAs using OCR (optical character recognition), which is the same technique used when scanning paper documents into digital documents. Unless the CAPTCHA is obscure enough you could create a program which will read your CAPTCHA image. If it's too obscure humans cannot read it either. You can deal with the blind people by having a service which reads the contents of the image aloud. reCAPTCHA offers an API which will generate CAPTCHAs and audio challenges for you. It's free to use.

 

Another solution is to give the user a task to perform. It could be a math challenge for instance. Or it could be like showing nine pictures for instance, eight being dogs and the last one being a cat. The user must select the cat image in order to proceed - then of course you still have the problem with the blind people, but like CAPTCHA you could offer an alternative challenge for them.

[helraizer]

@Daniel

Would be overkill if I were to use this method and a captcha one?

 

Probably. CAPTCHA works ok. It's not perfect, but it works. First of all there is the problem with blind people. Their screen readers cannot read the CAPTCHA image. Bots can read some CAPTCHAs using OCR (optical character recognition), which is the same technique used when scanning paper documents into digital documents. Unless the CAPTCHA is obscure enough you could create a program which will read your CAPTCHA image. If it's too obscure humans cannot read it either. You can deal with the blind people by having a service which reads the contents of the image aloud. reCAPTCHA offers an API which will generate CAPTCHAs and audio challenges for you. It's free to use.

 

Another solution is to give the user a task to perform. It could be a math challenge for instance. Or it could be like showing nine pictures for instance, eight being dogs and the last one being a cat. The user must select the cat image in order to proceed - then of course you still have the problem with the blind people, but like CAPTCHA you could offer an alternative challenge for them.

 

Although they say as the captchas become more advanced so do the bots; the bots can read the characters on the image, yes. If your captcha code is a string that the user then inputs it'll be easy for a bot, however, if you split the string (str_split()) into an array, then ask the user to input certain characters, such as 1, 5, 6. So if the string is 6 characters long AV43D2 -the user would need to input AD2 to pass. Then have it randomly choose the characters. So one time it would be 1, 5, 6 (AD2) and the next, 6, 2, 2 (2VV).

 

A bot would have trouble with that, would it not?

 

Sam