473,836 Members | 1,562 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

Poor man's captcha: why wouldn't this work?

Let's say we're trying to keep blog and forum spammers out
of our site--we're not trying to protect fort knox.

1) Step one is a one-time-only step.
We create six different css files that define the
same six color names differently, but each such
css file assigns red to one and only
one of those same six color names, and then store
the six somewhere in the document_root.

2) We make a dynamically generated GET page that mods a random number
to
between 1 and 6 and sets that number as session variable.
That number will tell us in a later POST which of the six
css files to use when we generate a dynamic POST page.

We also randomly create 6 digits between 1 - 256 and concatenate
them
into a comma delimeted string. We set that string
as a session variable.

3) In the post we generate a page that specifies one
of the six css files in its header, according the value
of first session variable. Because we have that session
variable, and because we know which of the six different
css schemes we are now using, we know which css attribute
in the current scheme means red. We don't care about the other
colors.

4) Now we generate 256 random digits (between 1 - 256) into an array.
We loop through the array and concatenate a <b class="xx">$dig it</b>
onto a string. Foreachsuch <btag we randomly choose one of
the css colors known not to red, except for the N array index digits

we get from the exploded comma-delimeted session var #2.
We set those <b class="yy"tags to the color known (only to us)
to be red.

5) Now we echo the string of <btags. Six out of the
256 randomly generated digits will be red, all the others
some undetermined color. But we know which ones are
red.

6) Now we do another post, asking the user to tell us which
of the 256 digits are red.

7) if the post variable matches the session stuff, we proceed,
else we tell the client computer to chop the fingers off
the spammer's hands and smoke the seat of his pants.

Sep 20 '06
12 10244
The blind can't build boats - I have to disagree my friend -
http://66.102.9.104/search?q=cache:h...&ct=clnk&cd=16

Joe

"pittendrig h" <Sa************ ***@gmail.comwr ote in message
news:11******** **************@ k70g2000cwa.goo glegroups.com.. .
Let's say we're trying to keep blog and forum spammers out
of our site--we're not trying to protect fort knox.

1) Step one is a one-time-only step.
We create six different css files that define the
same six color names differently, but each such
css file assigns red to one and only
one of those same six color names, and then store
the six somewhere in the document_root.

2) We make a dynamically generated GET page that mods a random number
to
between 1 and 6 and sets that number as session variable.
That number will tell us in a later POST which of the six
css files to use when we generate a dynamic POST page.

We also randomly create 6 digits between 1 - 256 and concatenate
them
into a comma delimeted string. We set that string
as a session variable.

3) In the post we generate a page that specifies one
of the six css files in its header, according the value
of first session variable. Because we have that session
variable, and because we know which of the six different
css schemes we are now using, we know which css attribute
in the current scheme means red. We don't care about the other
colors.

4) Now we generate 256 random digits (between 1 - 256) into an array.
We loop through the array and concatenate a <b class="xx">$dig it</b>
onto a string. Foreachsuch <btag we randomly choose one of
the css colors known not to red, except for the N array index digits

we get from the exploded comma-delimeted session var #2.
We set those <b class="yy"tags to the color known (only to us)
to be red.

5) Now we echo the string of <btags. Six out of the
256 randomly generated digits will be red, all the others
some undetermined color. But we know which ones are
red.

6) Now we do another post, asking the user to tell us which
of the 256 digits are red.

7) if the post variable matches the session stuff, we proceed,
else we tell the client computer to chop the fingers off
the spammer's hands and smoke the seat of his pants.

Sep 21 '06 #11
I have made a CAPTCHA that requires no GD library, TrueType fonts or
database.

see an example of it by visiting:
http://www.ThePhpPro.com/products/captcha/

- Tim

Jerry Stuckle wrote:
There are any number of them around. You might try www.hotscripts.com
for a start. Also www.freshmeat.com, www.phpclasses.org...

Just searching google for

captcha php

came up with most of the above (except hotscripts) and more on the first
page. Most with usable code. But you generally have to have the gd
libs installed and running properly for any captcha to work.
Oct 11 '06 #12

Klaus Brune wrote:
I've always thought that the whole use of graphics images could be
avoided completely, and even keep text-readers for the blind happy, with
something like this...
<snip>

I've written an accessible captcha system, which asks random multiple
choice questions,
it's available under the gpl with all php source code
http://system-x.info/?pageid=18&menutree=47

Oct 12 '06 #13

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

4
2801
by: Krishna Kumar | last post by:
Hai all, I am doing a project in .net and in that project I have a problem in capturing text from an image. i.e images like CAPTCHA images . which has inbuilt text with in the image.So, Can any one suggest me how to continue my work or give their valuable suggestions for capturing text in the CAPTCHA image . yours KrishnaKumar
12
3392
by: Francois Bonzon | last post by:
After a Google search, I see that quite a few CAPTCHA implementations in PHP are available. I'd like one that's not (easily) OCR-able, or otherwise crackable. Open source or commercial is not important. Any recommendations, or experience with a specific one to share? I get a lot of SPAM entries on a guestbook, and want to protect it. I'll require users to solve a CAPTCHA before their entry is accepted. I might use CAPTCHAs to protect...
7
5016
by: kyle.reddoch | last post by:
I am having trouble setting up my formmail to work with the captcha.php script i have. Any help would be greatly appreciated. Thanks!
4
5797
by: xeiter | last post by:
Hi, I have a captcha script on my website located at /captcha.php. What it does it generates an image with the code, displays the image (gd2) and saves the value of the code in session. How do I access that code in session from my c# windows application. I have a form in my application for registering users. The application then calls to the webserver and uses regular .php page to submit user registration. It has captcha and thats why I need...
11
2446
by: Twayne | last post by:
Hi, Learning PHP code; playing with various methods of generating captcha codes: In the code below, how would I change the size of the text displayed in the captcha code? Is it even possible with this method? TIA, Twayne
4
2183
by: Jeigh | last post by:
My host has been 'upgrading' lately and its caused me a whole mess of problems. The last of which being that my CAPTCHA form no longer works. I remember to get the CAPTCHA working it took me weeks to do (this was a long time ago too), and at some point I recall editing it in a Hex editor before finally getting it to work, basically I do not have a clue what this thing needs to do to work. One day I tried my registration form (without editing...
7
1495
by: =?Utf-8?B?bWF0dCBw?= | last post by:
Steve Orr has a neat Captcha control: http://steveorr.net/articles/CAPTCHASP.aspx but aside from "dragging the control onto your toolbox.." Does anyone have any installation instructions: e.g. aspx code, etc... ?? I could not find any..
7
1751
by: Joel Fireman | last post by:
I'm looking at the results of searching for "captcha" and "php" - there's a couple hundred of hits that seem to be uniquish... Before I start flogging them, I thought I'd ask the good folks here which one(s) you prefer... and if you disagree with another's choice, why?
10
7862
by: jeddiki | last post by:
Hi, I have a captcha script which should pick up a background image and add some random letters to it and re-display This is the part of the form that the captcha image is part of: <span >Verification Image:</span> <span ><img src="captcha.php" id="captcha" /> <a href="#renew" onclick="javascript: document.getElementById('captcha').src = 'captcha.php?' + Math.random();">refresh</a> </span>
0
9818
marktang
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look ! Part I. Meaning of...
0
9668
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it. First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
0
10546
jinu1996
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth. The Art of Business Website Design Your website is...
0
9371
agi2029
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own.... Now, this would greatly impact the work of software developers. The idea...
1
7790
isladogs
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules. He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms. Adolph will...
0
5648
by: TSSRALBI | last post by:
Hello I'm a network technician in training and I need your help. I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs. The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols. I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
0
5825
by: adsilva | last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
1
4448
by: 6302768590 | last post by:
Hai team i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
2
4015
muto222
by: muto222 | last post by:
How can i add a mobile payment intergratation into php mysql website.

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.