1.5. CAPTCHA

The word CAPTCHA stands for Completely Automated Public Turing Test to Tell Computers and Humans Apart. Besides being a painfully contrived acronym, CAPTCHAs are often used as a deterrent to keep spammers and other malicious users from automatically registering user accounts.

The user is presented with a challenge, oftentimes as a graphical image containing letters and numbers. He or she then has to read the text and enter it in an input field. If the two values match, then it is assumed an intelligent human being and not a computer is requesting the account sign-up.

It's not a perfect solution, however. CAPTCHAs cause problems for legitimate users with special accessibility needs, and some modern software can read the text in CAPTCHA images (see www.cs.sfu.ca/~mori/research/gimpy/). There are other types of challenges which can be presented to a user. For example, there are audio CAPTCHAs where the user enters the letters and numbers after hearing them recited in an audio file. Some even present math problems to the user.

CAPTCHAs should be considered a tool in the web master's arsenal to deter lazy miscreants and not a replacement for proper monitoring and security. Inconvenience to the visitor increases with the complexity of the challenge method, so I'll stick with a simple image-based CAPTCHA example here.

<?php
include '../../lib/functions.php';

// must start or continue session and save CAPTCHA string in $_SESSION for it
// to be available to other requests
if (!isset($_SESSION))
{
    session_start();
    header('Cache-control: private'),
}

// create a 65×20 pixel image
$width = 65;
$height = 20;
$image = imagecreate(65, 20);

// fill the image background color
$bg_color = imagecolorallocate($image, 0x33, 0x66, 0xFF);
imagefilledrectangle($image, 0, 0, $width, $height, $bg_color);

// fetch random text
$text = random_text(5);

// determine x and y coordinates for centering text
$font = 5;
$x = imagesx($image) / 2 - strlen($text) * imagefontwidth($font) / 2;
$y = imagesy($image) / 2 - imagefontheight($font) / 2;

// write text on image
$fg_color = imagecolorallocate($image, 0xFF, 0xFF, 0xFF);
imagestring($image, $font, $x, $y, $text, $fg_color);

// save the CAPTCHA string for later comparison
$_SESSION['captcha'] = $text;

// output the image
header('Content-type: image/png'),
imagepng($image);

imagedestroy($image);
?>

I recommend saving the script in the public_files/img folder (since it needs to be publically accessible and outputs a graphic image) as captcha.php. The image it creates is a 65×20 pixel PNG graphic with blue background and a white random text string five characters long, as seen in Figure 1-1. The string must be stored as a $_SESSION variable so you can check later to see if the user enters it correctly. To make the image more complex, you can use different fonts, colors, and background images.

Figure 1-1. Figure 1-1

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
18.216.49.228