Captcha without graphics libraries |

Home > php > Captcha without graphics libraries

Captcha without graphics libraries

May 23rd, 2009 Leave a comment Go to comments

Sometimes we need to perform Captcha on a form, but we don’t have access to a method of dynamically generating graphics, you can if you wish to bring in a third party and use something like reCaptcha. But if you aren’t keen on the third party idea, than this is an alternative.

Another possible use for this method is context based captcha, so say for example you presented your user with the following picture

What show am I on?

Since there are multiple answers, you can add multiple entries into your has hash

<?php
$cc_hashtable["star trek"] = "img/sjirlzqoaopd.jpg";
$cc_hashtable["startrek"] = "img/sjirlzqoaopd.jpg";
$cc_hashtable["star trek: TOS"] = "img/sjirlzqoaopd.jpg";
$cc_hashtable["old star trek"] = "img/sjirlzqoaopd.jpg";
...
?>

There are limitations to this method, such as language issues, for example, due to my poor choice in question construction if someone from German came across my form they may enter “Raumschiff Enterprise” which is correct to them, but would not work for your site. So be aware of that, it is best to come up with single answer questions, and localization may require a hash for each language.

With all that said, the first thing you will need to do is to gain access to images that contain captcha data, the easiest way to do this, is to find a site that can dynamically generate captcha images and copy and image from there, and refresh and repeat till you have built up enough images to meet your needs, the more images, the more the system will seem dynamic, and decrease the chances of your method being found out. Once you have your images, you want to add them to the cc_hash.php, you also want to load the captcha phrase from each image as its key in the hash table.

The second thing is to integrate the code into your form, the functions are set up in such away placing the following function calls in your form will generate two new fields in your form variables

adds the captcha image to the form.

<?=cc_form_image($cc_hashtable)?>

adds the input field for the captcha to the form

<?=cc_form_text_field()?>

try it out for yourself

Cheap Check Example

continue reading for the code examples.

cc_hash.php

Each of the images in the hash, should contain the phrase that is used as its key, so that if a user’s randomly loaded captcha image is the file “ptytfyiwonsq.jpg” his correct challenge input would be rwet
I separate this file from the rest, because it is likely that I would use a database to populate $cc_hashtable, but have not for this example.

<?php
$cc_hashtable['wert'] = "img/sjirlzqoaopd.jpg";
$cc_hashtable['rwet'] = "img/ptytfyiwonsq.jpg";
$cc_hashtable['bars'] = "img/rmglpqghaozm.jpg";
?>

cc_functions.php

This is the core file of the script, it contains the configuration, as well as the 3 primary functions used to make this method work

<?php
/*#######################################################################
this program is designed to recreate the dynamic images on many contact
forms used to prevent automated emailers from spamming via contact forms.
#######################################################################*/

/*Config*/
$GLOBALS['cc_error'] = "";
$GLOBALS['cc_form_text_field_name'] = "cc_contacttext";
$GLOBALS['cc_form_image_name'] = "cc_contactimage";
 /*if they enter a key that exist but not the correct one*/
$GLOBALS['cc_error_match_fail'] = "Input does not match current image";
/*if they enter completely incorrect input*/
$GLOBALS['cc_error_invalid_input'] = $GLOBALS['cc_error_match_fail'];  

/*file containing hash of images and phrases*/
require "cc_hash.php";

/*#######################################################################
######################Do not edit below#######################################
#######################################################################*/

function cc_parser($cc_posted_image,$cc_posted_text,$cc_hashtable)
{
 if(array_key_exists($cc_posted_text,$cc_hashtable))
  {
   if($cc_hashtable[$cc_posted_text] == $cc_posted_image)
    {
	 return true;
	}
  else
   {
    $GLOBALS['cc_error'] = $GLOBALS['cc_error_match_fail'];
    return false;
   }
  }
 else
  {
  $GLOBALS['cc_error'] = $GLOBALS['cc_error_invalid_input'];
   return false;
  }
}

function cc_form_image($cc_hashtable)
{
 $foo = $cc_hashtable[array_rand($cc_hashtable)];
 return "<img src="".$foo."">
";
}

function cc_form_text_field()
{
 return "
";
}

?>

demo.php

Below is an example of how one can deploy the script

<?php
require "cc_functions.php";

function print_form($cc_hashtable)
{
?>

<?=cc_form_image($cc_hashtable)?>

<?=cc_form_text_field()?>



<?

}

if($_POST)
{
	if(cc_parser($_POST['cc_contactimage'],$_POST['cc_contacttext'],$cc_hashtable))
	 {
	  //process form
	  echo "Success";
	 }
	else
	 {
	 	echo "Image verification failed ";
		print_form($cc_hashtable);
	 }
}
else
 {
  print_form($cc_hashtable);
 }
?>

(the cc_ prefix used in the code stands for “cheap check” and is used to reduce the likelihood of conflicting function names.)

Comments (1) Trackbacks (0) Leave a comment Trackback

jkat

March 3rd, 2010 at 02:22 | #1

Reply | Quote

Well, look at the big brains on Bruce! I’m diggin the context-based captcha thing.

Smart looks good on you!

No trackbacks yet.

Sharing .net library DLLs between Asp classic and Asp.net Progress