Hi all,
I am making a captcha image for my site to stop bots and such. -
//captcha.php
-
<?php
-
session_start();
-
-
class CaptchaSecurityImages {
-
-
var $font = 'calibri.ttf';
-
-
function generateCode($characters) {
-
// list all possible characters, similar looking characters and vowels have been removed
-
$possible = '23456789bcdfghjkmnpqrstvwxyz';
-
$code = '';
-
$i = 0;
-
while ($i < $characters) {
-
$code .= substr($possible, mt_rand(0, strlen($possible)-1), 1);
-
$i++;
-
}
-
return $code;
-
}
-
-
function CaptchaSecurityImages($width='200',$height='80',$characters='4') {
-
$code = $this->generateCode($characters);
-
// font size will be 75% of the image height
-
$font_size = $height * 0.45;
-
$image = imagecreate($width, $height) or die('Cannot initialize new GD image stream');
-
// set the colours
-
$background_color = imagecolorallocate($image, 155, 155, 200);
-
$text_color = imagecolorallocate($image, 215, 205, 255);
-
$noise_color = imagecolorallocate($image, 0, 0, 0);
-
/* generate random dots in background */
-
for( $i=0; $i<($width*$height)/3; $i++ ) {
-
imagefilledellipse($image, mt_rand(0,$width), mt_rand(0,$height), 1, 1, $noise_color);
-
}
-
// generate random lines in background
-
for( $i=0; $i<($width*$height)/150; $i++ ) {
-
imageline($image, mt_rand(0,$width), mt_rand(0,$height), mt_rand(0,$width), mt_rand(0,$height), $noise_color);
-
}
-
// create textbox and add text
-
$textbox = imagettfbbox($font_size, 0, $this->font, $code) or die('Error in imagettfbbox function');
-
$x = ($width - $textbox[4])/2;
-
$y = ($height - $textbox[5])/2;
-
imagettftext($image, $font_size, -15, $x, $y, $text_color, $this->font , $code) or die('Error in imagettftext function');
-
// output captcha image to browser
-
header('Content-Type: image/jpeg');
-
imagejpeg($image);
-
imagepng($image, "captcha.png");
-
imagedestroy($image);
-
$_SESSION['security_code'] = $code;
-
}
-
-
}
-
-
$width = isset($_GET['width']) && $_GET['height'] < 600 ? $_GET['width'] : '200';
-
$height = isset($_GET['height']) && $_GET['height'] < 200 ? $_GET['height'] : '80';
-
$characters = isset($_GET['characters']) && $_GET['characters'] > 2 ? $_GET['characters'] : '4';
-
-
$captcha = new CaptchaSecurityImages($width,$height,$characters);
-
-
?>
-
-
//submission page
-
<?php
-
session_start();
-
if(($_SESSION['security_code'] == $_POST['security_code']) && (!empty($_SESSION['security_code'])) ) {
-
// Your code for processing the form here, e.g emailing the submission, entering it into a database.
-
unset($_SESSION['security_code']);
-
} else {
-
// Your code for showing an error message here
-
}
-
?>
-
But that is pretty basic in terms of being hackable. The code string can probably be read easily by an image analyzer.
How would I use (if I can at all) md5 or other encryption to encrypt the code string for the image to read but have normal characters in the captcha image?
Hope that makes sense,
Thanks,
Sam
1 1752
Hi,
First of all you could use hash('sha256', ...) as it is strnger than MD% and no more work for you.
I would think it possible to simply generate the text, run it throught the hash alogrithm and store that to the $_SESSION. Then take what the user enters, run it through the same algorithm and check it against the $_SESSION. If there's a match then great, if not then get them to do it again.
Does that answer the question?
Cheers
nathj
Sign in to post your reply or Sign up for a free account.
Similar topics
by: Jp Calderone |
last post by:
I've been trying to implement support for this authentication scheme for a
little while now, and in the last couple days I've been completely stumped.
I know about the digest authentication code...
|
by: John Reese |
last post by:
Hello there. I've run into some missing functionality with HTTP Digest
authentication in the 2.3 library and I was wondering if I'm just
missing something.
Missing functionality the first:...
|
by: john |
last post by:
I'm trying to access the XML version of my Tivo now playing list with
python. It uses auth digest HTTP authentication. I could really use
some help!
I'm able to get this page using curl:
curl...
|
by: trapeze.jsg |
last post by:
Hi.
Is there anybody who have tried to use python to access Microsofts
MapPoint soap services? I am trying hard but I have run into a big
thick wall called md5 digest authentication. The...
|
by: paul |
last post by:
I must (as a client application) connect via HTTP, authenticate using
DIGEST authentication, and then make subsequent HTTP requests.
The Problem:
If I use System.Net.WebClient or...
|
by: Thomas Liesner |
last post by:
Hi all,
this may have been asked before, but as a newbie with xmlrpc i can't
find any suitable info on that. Sorry.
I am trying to write a simple xmlrpc-client in python and the server i
am...
|
by: mofoloom |
last post by:
java program that will tae as input,an arbitrary block of plaintext and genere a message digest using MD-5. show that with high probability, about halve bits are on.also show that no different...
|
by: poolboi |
last post by:
hey guys,
I've stored password in mysql using SHA1 encryption
do i need the module digest::SHA1 when i'm verifying password for user put in?
|
by: embeddedbob |
last post by:
Hi there, I appreciate any help on the following issue. I can't seem to find any other similar topic.
(CS4, ActionScript 3.0, Flash 10)
I have a SWF embedded within a page that is protected by...
|
by: DolphinDB |
last post by:
Tired of spending countless mintues downsampling your data? Look no further!
In this article, you’ll learn how to efficiently downsample 6.48 billion high-frequency records to 61 million...
|
by: ryjfgjl |
last post by:
ExcelToDatabase: batch import excel into database automatically...
|
by: isladogs |
last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM).
In this month's session, we are pleased to welcome back...
|
by: isladogs |
last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM).
In this month's session, we are pleased to welcome back...
|
by: PapaRatzi |
last post by:
Hello,
I am teaching myself MS Access forms design and Visual Basic. I've created a table to capture a list of Top 30 singles and forms to capture new entries. The final step is a form (unbound)...
|
by: CloudSolutions |
last post by:
Introduction:
For many beginners and individual users, requiring a credit card and email registration may pose a barrier when starting to use cloud servers. However, some cloud server providers now...
|
by: Shællîpôpï 09 |
last post by:
If u are using a keypad phone, how do u turn on JavaScript, to access features like WhatsApp, Facebook, Instagram....
|
by: Faith0G |
last post by:
I am starting a new it consulting business and it's been a while since I setup a new website. Is wordpress still the best web based software for hosting a 5 page website? The webpages will be...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 3 Apr 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome former...
| |