Wikibooks

CAPTCHA/Printable version

< CAPTCHA
This is the print version of CAPTCHA
You won't see this message or any elements not part of the book's content when you print or preview this page.


CAPTCHA

The current, editable version of this book is available in Wikibooks, the open-content textbooks collection, at
https://en.wikibooks.org/wiki/CAPTCHA

Permission is granted to copy, distribute, and/or modify this document under the terms of the Creative Commons Attribution-ShareAlike 3.0 License.

Why?

There are advantages to using a CAPTCHA:

  • Preventing spam
  • Preventing abuse
  • Slowing abusers down


Usages

  • User X wants to send email to Y. They go to example.com/mail.php and notice some words. The form says that he has had over 100 spam emails sent via the form.
  • Spammer S edits a page on wiki W. The wiki had been spammed before. They notice that the page is not saved with their spamming software.


Integration

You can integrate a CAPTCHA into your website or form. Select the way you wish to do it:


Integration/Pre-made

Examples of Pre-made CAPTCHA

edit
  • hCAPTCHA
  • reCAPTCHA



Integration/Roll your own

There are ways to roll your own CAPTCHA.

Examples currently covered in this book

edit


Integration/The Anti-CAPTCHA

This is a CAPTCHA killer. It needs nothing on the form except a hidden field and some server-side code.

PHP Example

edit 
//... Your lovely form here
// Example, please adapt
echo "<input type=hidden name=url />";
//... Rest of your lovely form here

verification

edit 
// compare
if ($_POST['url'] != "") {
 // abort!
}
// processing code here

See also

edit


Integration/The Anti-CAPTCHA/Stronger

This version of the Anti-CAPTCHA is stronger.

Form Code

edit

JavaScript

edit 
document.write("<input type=hidden name=code value="+Math.random()+" />");

This must be in your form.

Use in an HTML form: 

<script type="text/javascript">
document.write("<input type=hidden name=code value="+Math.random()+" />");
</script>

Server-Side Code

edit

Use this: 

<?php

if (!$_POST['code']) {
   // abort
}

?>

Problems with this version

edit

It hinders the usability, as people with JavaScript disabled (for example, for security reasons) won't be able to access your form.

See also

edit


Integration/Images and PHP

image.php

edit 
<?php

$width = 50;
$height = 25;

session_start();

unset($_SESSION['code']); // added security

$len = 6; // you can change this
mt_srand(time());
// generate random values
$r = 0;
$g = 0;
$b = 0;
$r = mt_rand(80, 255);
$g = mt_rand(80, 255);
$b = mt_rand(80, 255);

$s = 0;
$h = 0;
$c = 0;
$s = mt_rand(0, 80);
$h = mt_rand(80, 80);
$c = mt_rand(80, 100);

$code = mt_rand(100000,999999);

$size = 0.75 * 40;
$image = imagecreate($width, $height) or die("couldn't generate image");
$bg = imagecolorallocate($image, $s, $h, $c);
$c1 = imagecolorallocate($image, $r, $g, $b);

imagestring($image,2,3,3,$code,$c1);

header('Content-Type: image/png');

imagepng($image);
$_SESSION=$code;
imagedestroy($image);

?>

This is the CAPTCHA itself.

form.php

edit 
<?php

echo "<img src='/image.php' /><input name=code />";

?>

This is the form code.

validate.php

edit 
<?php

session_start();

if ($_POST['code'] != $_SESSION['code']) {
 //fail
}

?>

This will validate the CAPTCHA.


Integration/Plugins for software

WordPress

edit

There are many CAPTCHA plugins available for WordPress. Search with Google.

DokuWiki

edit

A DokuWiki plugin is available and has many types of CAPTCHAs available.

MediaWiki

edit

ConfirmEdit is a extension for MediaWiki that provides a CAPTCHA and is configurable. It is well known as Wikimedia Foundation projects use them.


Retrieved from "https://en.wikibooks.org/w/index.php?title=CAPTCHA/Printable_version&oldid=4099163"