CAPTCHA/Printable version
| This is the print version of CAPTCHA You won't see this message or any elements not part of the book's content when you print or preview this page. |
The current, editable version of this book is available in Wikibooks, the open-content textbooks collection, at
https://en.wikibooks.org/wiki/CAPTCHA
Why?
There are advantages to using a CAPTCHA:
- Preventing spam
- Preventing abuse
- Slowing abusers down
Usages
- User X wants to send email to Y. They go to example.com/mail.php and notice some words. The form says that he has had over 100 spam emails sent via the form.
- Spammer S edits a page on wiki W. The wiki had been spammed before. They notice that the page is not saved with their spamming software.
Integration
You can integrate a CAPTCHA into your website or form. Select the way you wish to do it:
Integration/Pre-made
Examples of Pre-made CAPTCHA edit
- hCAPTCHA
- reCAPTCHA
Integration/Roll your own
There are ways to roll your own CAPTCHA.
Examples currently covered in this book edit
Integration/The Anti-CAPTCHA
This is a CAPTCHA killer. It needs nothing on the form except a hidden field and some server-side code.
PHP Example edit
//... Your lovely form here
// Example, please adapt
echo "<input type=hidden name=url />";
//... Rest of your lovely form here
verification edit
// compare
if ($_POST['url'] != "") {
// abort!
}
// processing code here
See also edit
Integration/The Anti-CAPTCHA/Stronger
This version of the Anti-CAPTCHA is stronger.
Form Code edit
JavaScript edit
document.write("<input type=hidden name=code value="+Math.random()+" />");
This must be in your form.
Use in an HTML form:
<script type="text/javascript">
document.write("<input type=hidden name=code value="+Math.random()+" />");
</script>
Server-Side Code edit
Use this:
<?php
if (!$_POST['code']) {
// abort
}
?>
Problems with this version edit
It hinders the usability, as people with JavaScript disabled (for example, for security reasons) won't be able to access your form.
See also edit
Integration/Images and PHP
image.php edit
<?php
$width = 50;
$height = 25;
session_start();
unset($_SESSION['code']); // added security
$len = 6; // you can change this
mt_srand(time());
// generate random values
$r = 0;
$g = 0;
$b = 0;
$r = mt_rand(80, 255);
$g = mt_rand(80, 255);
$b = mt_rand(80, 255);
$s = 0;
$h = 0;
$c = 0;
$s = mt_rand(0, 80);
$h = mt_rand(80, 80);
$c = mt_rand(80, 100);
$code = mt_rand(100000,999999);
$size = 0.75 * 40;
$image = imagecreate($width, $height) or die("couldn't generate image");
$bg = imagecolorallocate($image, $s, $h, $c);
$c1 = imagecolorallocate($image, $r, $g, $b);
imagestring($image,2,3,3,$code,$c1);
header('Content-Type: image/png');
imagepng($image);
$_SESSION=$code;
imagedestroy($image);
?>
This is the CAPTCHA itself.
form.php edit
<?php
echo "<img src='/image.php' /><input name=code />";
?>
This is the form code.
validate.php edit
<?php
session_start();
if ($_POST['code'] != $_SESSION['code']) {
//fail
}
?>
This will validate the CAPTCHA.
Integration/Plugins for software
WordPress edit
There are many CAPTCHA plugins available for WordPress. Search with Google.
DokuWiki edit
A DokuWiki plugin is available and has many types of CAPTCHAs available.
MediaWiki edit
ConfirmEdit is a extension for MediaWiki that provides a CAPTCHA and is configurable. It is well known as Wikimedia Foundation projects use them.