Image Security Verification (A.K.A Captcha)

[mr_mind]

Alright i was searching for captcha a while back and i found one that worked, though after a while it was giving me lots and lots of problems, So i have come up with my own and would like to beta test it on you guys. The hardest part was making a random string generator, because it was so hard i have made it a lot bigger to use it later on in my site. here is the random string script:

 

<?php
function str_rand($string_length, $string_type='numeric') {
	$string_array = array('numeric','alpha','alnum','alnum_cap','alnum_low','alpha_cap','alpha_low');
	if(array_search($string_type, $string_array) !== FALSE) {
		if($string_length < 40) {
			switch($string_type) {
				case 'numeric':
					$string_seed = range('1','9');
				break;
				case 'alpha':
					$string_seed = array_merge(range('A','Z'), range('a','z'));
				break;
				case 'alpha_cap':
					$string_seed = range('A','Z');
				break;
				case 'alpha_low':
					$string_seed = range('a','z');
				break;
				case 'alnum':
					$string_seed = array_merge(range('1','9'), array_merge(range('A','Z'), range('a','z')));
				break;
				case 'alnum_cap':
					$string_seed = array_merge(range('1','9'), range('A','Z'));
				break;
				case 'alnum_low':
					$string_seed = array_merge(range('1','9'), range('a','z'));
				break;
			}
			$string_random = '';
			for($i=0;$i<$string_length;$i++) {
				$string_key = array_rand($string_seed, 1);
				$string_random .= $string_seed[$string_key];
			}
			return $string_random;
		}
		else {
			return 'Invalid string length';
		}
	}
	else {
		return 'Invalid string type';
	}
}
?>

 

Now we have the image generating function

 

<?php
require_once "/var/www/localhost/htdocs/inc/functions.php";
$image_width = 270;
$image_height = 40;
$image_base = imagecreatetruecolor($image_width,$image_height);
$image_background = imagecolorallocate($image_base, 250, 250, 250);
imagefill($image_base, 0, 0, $image_background);
if(isset($_GET['s'])) {
	$image_text = $_GET['s'];
}
else {
	$image_text = str_rand(6, 'alnum');
}
$image_text_array = str_split($image_text, 1);
$image_text_color = imagecolorallocate($image_base,0,0,0);
$image_font = '/var/www/localhost/htdocs/fonts/verdana.ttf';
$image_letter = ($image_width/8);
header('Content-type: image/png');
for($i=0;$i<=16;$i++) {
	$image_line_color = imagecolorallocatealpha($image_base,mt_rand('0','200'),mt_rand('0','200'),mt_rand('0','200'),mt_rand('20','115'));
	imagesetthickness($image_base,mt_rand('1','3'));
	imageline($image_base,mt_rand('0',$image_width),mt_rand('0',$image_height),mt_rand('0',$image_width),mt_rand('0',$image_height),$image_line_color);
}
$image_dots_spacing = 10;
$image_dots_y = $image_height/$image_dots_spacing;
for($i=0;$i<=$image_dots_y;$i++) {
	$image_line_color = imagecolorallocatealpha($image_base,mt_rand('0','200'),mt_rand('0','200'),mt_rand('0','200'),mt_rand('20','115'));
	imagesetthickness($image_base,2);
}
for($i=0;$i<=6;$i++) {
	$image_text_direction = mt_rand('1','2');
	if($image_text_direction == 1) {
		imagettftext($image_base, 20,-mt_rand('5','15'),$image_letter,30,$image_text_color,$image_font,$image_text_array[$i]);
	}
	else {
		imagettftext($image_base, 20,mt_rand('5','15'),$image_letter,30,$image_text_color,$image_font,$image_text_array[$i]);
	}
	$image_letter = $image_letter+($image_width/8);
}
imagepng($image_base);
imagedestroy($image_base);
?>

 

Then we have the verification that the image is correct

 

 

<?php
function captcha_check($response, $captcha) {
	$captch_check = @substr_compare($captcha, $response, 0, strlen($captcha), TRUE);
	if($captch_check == 0) {
		return '1';
	}
	else {
		return '2';
	}
}
?>

 

There you go, tell me your opinions.

[Coreye]

Do you want us to test it? If so, you should add it to a website and post the link. If you want us to rate the script then you should post it on the critique forum.

[mr_mind]

I think this is easy enought to upload to your own server and test. The last time i gave out my link i had people announcing vulnerabilities with my site to the world. Im sorry but thats not how i work

[helraizer]

I think this is easy enought to upload to your own server and test. The last time i gave out my link i had people announcing vulnerabilities with my site to the world. Im sorry but thats not how i work

 

Isn't people announcing vunerabilities all part and parcel of asking people to check for vunerabilities? That's the whole idea.

 

The captcha code works, but there is no connection between the captcha image and testing it, you need to store the random string from the imgae as the '$captcha' somewhere in order for it to be any use.

 

Sam

[dooper3]

last time i gave out my link i had people announcing vulnerabilities with my site to the world. Im sorry but thats not how i work

 

Well, I hate to point it out, but it's pretty selfish to expect people to test your stuff by uploading it themselves, at the end of the day you're asking for a favour, so either deal with it and let people help you, or don't bother. You could post a link and ask people to reply via private message then they wouldn't "announce vulnarabilities to the world"!

[twostars]

If people 'announce your vulnerabilities to the world', you can easily fix them so they no longer work. Simple. 

[mr_mind]

ahh yes but the last time i did that my server passwords were exposed to the world and i do not have time to be on here 24/7 to monitor posts as soonas they come out