mr_mind Posted January 9, 2008 Share Posted January 9, 2008 Alright i was searching for captcha a while back and i found one that worked, though after a while it was giving me lots and lots of problems, So i have come up with my own and would like to beta test it on you guys. The hardest part was making a random string generator, because it was so hard i have made it a lot bigger to use it later on in my site. here is the random string script: <?php function str_rand($string_length, $string_type='numeric') { $string_array = array('numeric','alpha','alnum','alnum_cap','alnum_low','alpha_cap','alpha_low'); if(array_search($string_type, $string_array) !== FALSE) { if($string_length < 40) { switch($string_type) { case 'numeric': $string_seed = range('1','9'); break; case 'alpha': $string_seed = array_merge(range('A','Z'), range('a','z')); break; case 'alpha_cap': $string_seed = range('A','Z'); break; case 'alpha_low': $string_seed = range('a','z'); break; case 'alnum': $string_seed = array_merge(range('1','9'), array_merge(range('A','Z'), range('a','z'))); break; case 'alnum_cap': $string_seed = array_merge(range('1','9'), range('A','Z')); break; case 'alnum_low': $string_seed = array_merge(range('1','9'), range('a','z')); break; } $string_random = ''; for($i=0;$i<$string_length;$i++) { $string_key = array_rand($string_seed, 1); $string_random .= $string_seed[$string_key]; } return $string_random; } else { return 'Invalid string length'; } } else { return 'Invalid string type'; } } ?> Now we have the image generating function <?php require_once "/var/www/localhost/htdocs/inc/functions.php"; $image_width = 270; $image_height = 40; $image_base = imagecreatetruecolor($image_width,$image_height); $image_background = imagecolorallocate($image_base, 250, 250, 250); imagefill($image_base, 0, 0, $image_background); if(isset($_GET['s'])) { $image_text = $_GET['s']; } else { $image_text = str_rand(6, 'alnum'); } $image_text_array = str_split($image_text, 1); $image_text_color = imagecolorallocate($image_base,0,0,0); $image_font = '/var/www/localhost/htdocs/fonts/verdana.ttf'; $image_letter = ($image_width/8); header('Content-type: image/png'); for($i=0;$i<=16;$i++) { $image_line_color = imagecolorallocatealpha($image_base,mt_rand('0','200'),mt_rand('0','200'),mt_rand('0','200'),mt_rand('20','115')); imagesetthickness($image_base,mt_rand('1','3')); imageline($image_base,mt_rand('0',$image_width),mt_rand('0',$image_height),mt_rand('0',$image_width),mt_rand('0',$image_height),$image_line_color); } $image_dots_spacing = 10; $image_dots_y = $image_height/$image_dots_spacing; for($i=0;$i<=$image_dots_y;$i++) { $image_line_color = imagecolorallocatealpha($image_base,mt_rand('0','200'),mt_rand('0','200'),mt_rand('0','200'),mt_rand('20','115')); imagesetthickness($image_base,2); } for($i=0;$i<=6;$i++) { $image_text_direction = mt_rand('1','2'); if($image_text_direction == 1) { imagettftext($image_base, 20,-mt_rand('5','15'),$image_letter,30,$image_text_color,$image_font,$image_text_array[$i]); } else { imagettftext($image_base, 20,mt_rand('5','15'),$image_letter,30,$image_text_color,$image_font,$image_text_array[$i]); } $image_letter = $image_letter+($image_width/8); } imagepng($image_base); imagedestroy($image_base); ?> Then we have the verification that the image is correct <?php function captcha_check($response, $captcha) { $captch_check = @substr_compare($captcha, $response, 0, strlen($captcha), TRUE); if($captch_check == 0) { return '1'; } else { return '2'; } } ?> There you go, tell me your opinions. Link to comment Share on other sites More sharing options...
Coreye Posted January 9, 2008 Share Posted January 9, 2008 Do you want us to test it? If so, you should add it to a website and post the link. If you want us to rate the script then you should post it on the critique forum. Link to comment Share on other sites More sharing options...
mr_mind Posted January 10, 2008 Author Share Posted January 10, 2008 I think this is easy enought to upload to your own server and test. The last time i gave out my link i had people announcing vulnerabilities with my site to the world. Im sorry but thats not how i work Link to comment Share on other sites More sharing options...
helraizer Posted January 10, 2008 Share Posted January 10, 2008 I think this is easy enought to upload to your own server and test. The last time i gave out my link i had people announcing vulnerabilities with my site to the world. Im sorry but thats not how i work Isn't people announcing vunerabilities all part and parcel of asking people to check for vunerabilities? That's the whole idea. The captcha code works, but there is no connection between the captcha image and testing it, you need to store the random string from the imgae as the '$captcha' somewhere in order for it to be any use. Sam Link to comment Share on other sites More sharing options...
dooper3 Posted January 10, 2008 Share Posted January 10, 2008 last time i gave out my link i had people announcing vulnerabilities with my site to the world. Im sorry but thats not how i work Well, I hate to point it out, but it's pretty selfish to expect people to test your stuff by uploading it themselves, at the end of the day you're asking for a favour, so either deal with it and let people help you, or don't bother. You could post a link and ask people to reply via private message then they wouldn't "announce vulnarabilities to the world"! Link to comment Share on other sites More sharing options...
twostars Posted January 12, 2008 Share Posted January 12, 2008 If people 'announce your vulnerabilities to the world', you can easily fix them so they no longer work. Simple. Link to comment Share on other sites More sharing options...
mr_mind Posted January 13, 2008 Author Share Posted January 13, 2008 ahh yes but the last time i did that my server passwords were exposed to the world and i do not have time to be on here 24/7 to monitor posts as soonas they come out Link to comment Share on other sites More sharing options...
Recommended Posts