Creation of captcha / Part II /Secure forms

[Jaan]

Okay here's our code of this captcha image:

PHP Code:

<?php
header('Content-type: image/jpg');
$im = imagecreatefromjpeg ("image.jpg");
$rand1 = rand(1,255);
$rand2 = rand(1,255);
$rand3 = rand(1,255);
$color = imagecolorallocate($im, $rand1, $rand2, $rand3);
$text = rand(1000, 9999);
$font = 'text-font.otf';
$size = 30;
imagettftext($im, $size, 0, 70, 45, $color, $font, $text);
imagejpeg($im);
imagedestroy($im);
?>

But if we want to use this image on our sites we must add:

PHP Code:

$_SESSION['captcha'] = $text; 


on the bottom of our captcha file. So.. now let's make our form secure.

First of all we must start the session

PHP Code:

<?php
session_start();

session_start(); - Starts the session

Now I'm using a form for checking that is the security code correct

PHP Code:

if(isset($_POST['submit'])){
$ses = $_SESSION['captcha'];
if($ses == $_POST['code']){
echo "Code is correct!";
}else{
echo "Code is incorrect!";
} 


if(isset($_POST['submit']) && !empty($_POST['code'])){ - If someone has clicked the submit button let's continue with our script
$ses = $_SESSION['captcha']; - Let's get the captcha code from the session
if($ses == $_POST['code']){ - If captcha's code is same as the code you posted
echo "Code is correct!"; - let's say that the code was correct
}else{ - but if they are not same
echo "Code is incorrect!"; - let's say that the code is not correct
} - This ends the if and else statement

PHP Code:

}else{
echo "<img src='captcha.php'><br>";
echo "<form action='' method='post'>"
    ."<input type='text' name='code'>"
    ."<input type='submit' name='submit' value='Enter'>"
    ."</form>";
} 


}else{ - If anyone hasnt clicked the submit button let's display our form
echo "<img src='captcha.php'><br>"; - Shows our captcha image
echo "<form action='' method='post'>"
."<input type='text' name='code'>"
."<input type='submit' name='submit' value='Enter'>"
."</form>"; - Our form
} - This ends the if and else statement



And we are done.. that was so simple
You can customize this script for your forms

Here's the full script:

captcha.php

PHP Code:

<?php
session_start();
$im = imagecreatefromjpeg ("image.jpg");
$rand1 = rand(1,255);
$rand2 = rand(1,255);
$rand3 = rand(1,255);
$color = imagecolorallocate($im, $rand1, $rand2, $rand3);
$text = rand(1000, 9999);
$font = 'text-font.otf';
$size = 30;
imagettftext($im, $size, 0, 70, 45, $color, $font, $text);
header('Content-type: image/jpg');
imagejpeg($im);
imagedestroy($im);
$_SESSION['captcha'] = $text;
?>

index.php

PHP Code:

<?php
session_start();

if(isset($_POST['submit']) && !empty($_POST['code'])){
$ses = $_SESSION['captcha'];
if($ses == $_POST['code']){
echo "Code is correct!";
}else{
echo "Code is incorrect!";
}
}else{
echo "<img src='captcha.php'><br>";
echo "<form action='' method='post'>"
    ."<input type='text' name='code'>"
    ."<input type='submit' name='submit' value='Enter'>"
    ."</form>";
}
?>

I attached the files also
Enjoy!

[Xav]

Thanks, Jaan! There are various premade scripts available, but creating your own is easier to integrate.
I think the other type of captchas are better, where it is just plain black text with a warped line through it. It does not require a background, and so fits in to web pages more smoothly. Nice tutorial, though.

[Jaan]

thanks

[John]

Quote:

Originally Posted by Xav

Thanks, Jaan! There are various premade scripts available, but creating your own is easier to integrate.
I think the other type of captchas are better, where it is just plain black text with a warped line through it. It does not require a background, and so fits in to web pages more smoothly. Nice tutorial, though.

Those types of captchas are useless. I've considered writing a tutorial on how to bypass captchas like that...

[Xav]

Really? I thought it was difficult to distinguish the letters when there was a line through them? How about the fuzzy-letters one?

[Metanet]

Thanks for the tutorial

[knaleffect]

Thank for the tutorial

[Jaan]

you're welcome

[TcM]

What about the captcha that rapidshare.com has? It has a captcha with 6 digits, but 4 of them have a cat behind them, and you have to write the ones with the cat... does that work the same way?

[Jaan]

hmmm..this rapidshare thingy is really lame..
that's why i bought a premium account..
uumm.. i believe rapidshare uses a little trick there..