"please enter the code as you see in the image" - how does it work?

On 25 Mar 2005 10:35:44 -0800, "siliconmike" <si*********@yahoo.com> wrote:

On many websites they have a blurred image with a code which you're
supposed to reenter in a text box to validate your form submission.

How do I implement such a thing using php?
Search for the keyword "captcha" - it's an acronym.
Apart from preventing automatic form submission by any malicious robot,
does this serve any other purpose?

That's pretty much all they're for.

--
Andy Hassall / <an**@andyh.co.uk> / <http://www.andyh.co.uk>
<http://www.andyhsoftware.co.uk/space> Space: disk usage analysis tool

>On many websites they have a blurred image with a code which you're

supposed to reenter in a text box to validate your form submission.

How do I implement such a thing using php?
Make up a bunch of images with blurry pieces (e.g. a single letter
each). Select a code randomly. Put together the pieces showing
that code into a big one with the complete code (this might be just
HTML putting the images side-by-side). Be careful how you name
your images (e.g. calling them A.jpg, B.jpg, C.jpg, ... might let
a bot figure out the code without actually looking at the image.)
You may want to have several differently-blurry images for each
letter. Compare the code the user input against the correct answer.
Apart from preventing automatic form submission by any malicious robot,
does this serve any other purpose?

It slows down automatic rapid-fire form submission by a
not-necessarily-malicious robot or user (load throttling). Other
than that, this is pretty much the only point of doing it.

Beware that some bots have volunteer humans working for them to
solve these puzzles. The bot will promise (usually in SPAM) the
human something, like free access to a porn site, and then relay
your images to him. When he inputs the code, the bot passes it on
to your site. The bot may or may not deliver on its promises to
the human.

Gordon L. Burditt

siliconmike wrote:

[Turing numbers]

How do I implement such a thing using php?

Apart from preventing automatic form submission by any malicious robot,
does this serve any other purpose?

It stops those pesky blind visitors using up your bandwidth.

(Actually to be fair I've come across one or two sites that provide an audio
alternative, but they seem to be the exception...)

--
phil [dot] ronan @ virgin [dot] net
http://vzone.virgin.net/phil.ronan/

"Gordon Burditt" <go***********@burditt.org> wrote in message
news:42**********************@news.airnews.net...

On many websites they have a blurred image with a code which you're
supposed to reenter in a text box to validate your form submission.

How do I implement such a thing using php?

Make up a bunch of images with blurry pieces (e.g. a single letter
each). Select a code randomly. Put together the pieces showing
that code into a big one with the complete code (this might be just
HTML putting the images side-by-side). Be careful how you name
your images (e.g. calling them A.jpg, B.jpg, C.jpg, ... might let
a bot figure out the code without actually looking at the image.)
You may want to have several differently-blurry images for each
letter. Compare the code the user input against the correct answer.

That wouldn't work. A cracker would figure out in no time which letter is
contained in which image and program that into the bot. It doesn't help much
even if you stitch the images into one file, as a simple pixel by pixel
comparison would yield the answer.

Most implementations I have seen use a random noise background (a random
spot in a large static image, perhaps), with each letter in a differnet font
and size, usually at a small tilt.

siliconmike wrote:

On many websites they have a blurred image with a code which you're
supposed to reenter in a text box to validate your form submission.

How do I implement such a thing using php?

There is a PEAR module for that:

http://pear.php.net/package/Text_CAPTCHA/

Never used it and it's an alpha version, I have no idea how useful it is.

JP
--
Sorry, <de*****@cauce.org> is a spam trap.
Real e-mail address unavailable. 5000+ spams per month.