Skip to main content

Learning time : CAPTCHA

We’re going to learn how how CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart) works and how it minimizes automatic sign-up of forms. We will also be creating a simple CAPTCHA script in PHP to illustrate this.

Basically CAPTCHA works in the following manner:
  1. Create Random Value: Some random string is generated, random values are often hard to guess and predict.
  2. Generate an Image: Images are used as these are generally a lot harder to read for computers while being nice and readable to humans. This is also the most important step as simple text in images can be read (and CAPTCHA cracked) quite easily. To make it difficult for them, developers employ different techniques so that the text in the image becomes hard to read for computers. Some create zig-zag lines for background while others twist-and-turn individual characters in the image. Possibilities are many and new techniques are being developed all the time as crackers are always into finding ways to break them.
  3. Store it: The random string generated (which is also in the image) is stored for matching the user input. The easiest way to do so is to use the Session variables.
  4. Matching: After the above step, the CAPTCHA image is generated and shown on some form which we want to protect from being abused. The users fills in the form along with the CAPTCHA text and submits it. Now we have the following:
    • All submitted form data.
    • CAPTCHA string (from form), input by user.
    • CAPTCHA string (real one, generated by us), from session variable. Session variable is generally used as it can keep stored values across page requests. Here, we needed to preserve stored values from one page (form page) to another (action page-that receives form data).
  5. If both match, it’s okay otherwise not, in that case we can give the user a message that the CAPTCHA they had entered was wrong and their form could not be submitted. You could also ask them to verify it again.

CAPTCHA Generation and Matching

From the above image it’s quite clear that when someone requests the form page, the CAPTCHA text is generated and sent back to requesting user, but only in the form of an image. If the requester is a human he’d not have much difficulty reading the image and inputting the text when asked but if it’s a bot it might face difficulties guessing whats in the image. In the next step when we match the string generated and the one the user had input, we can restrict automated form submissions.

The following is the code that does this, it’ll just output the CAPTCHA image to the browser when the script is requested:

/********************************************************
* File:        captcha.php                             *
* Author:      Snehal Masne                            *
* Date:        12-Mar-2009                             *
* Description: This file can be embedded as image      *
*              to show CAPTCHA/                        *
********************************************************/

// The number of characters you
// want your CAPTCHA text to have
define('CAPTCHA_STRENGTH', 5);

/****************************
*        INITIALISE        *
****************************/
// Tell PHP we're going to use
// Session vars
session_start();

// Md5 to generate the random string
$random_str = md5(microtime());

// Trim required number of characters
$captcha_str = substr($random_str, 0, CAPTCHA_STRENGTH);

// Allocate new image
$width = (CAPTCHA_STRENGTH * 10)+10;
$height = 20;

$captcha_img =ImageCreate($width, $height);

// ALLOCATE COLORS
// Background color-black
$back_color = ImageColorAllocate($captcha_img, 0, 0, 0);

// Text color-white
$text_color = ImageColorAllocate($captcha_img, 255, 255, 255);

// Line color-red
$line_color = ImageColorAllocate($captcha_img, 255, 0, 0);

/****************************
*     DRAW BACKGROUND &    *
*           LINES          *
****************************/
// Fill background color
ImageFill($captcha_img, 0, 0, $back_color);

// Draw lines accross the x-axis
for($i = 0; $i < $width; $i += 5)
ImageLine($captcha_img, $i, 0, $i, 20, $line_color);

// Draw lines accross the y-axis
for($i = 0; $i < 20; $i += 5)
ImageLine($captcha_img, 0, $i, $width, $i , $line_color);

/****************************
*      DRAW AND OUTPUT     *
*          IMAGE           *
****************************/
// Draw the random string
ImageString($captcha_img, 5, 5, 2, $captcha_str, $text_color);

// Carry the data (KEY) through session
$_SESSION['key'] = $captcha_str;

// Send data type
header("Content-type: image/jpeg");

// Output image to browser
ImageJPEG($captcha_img);

// Free-Up resources
ImageDestroy($captcha_img);
Labels:

Comments

Post a Comment

Popular posts from this blog

Ask a Question and get the best possible Answer!

What’s the best way to ask a question ? The easiest way to contact me about any computer problems or issues is via email. You can reach me via email at snehal [at] techproceed [dot] com. I will respond to as many emails as I can, but due to the large volume of emails that I recieve every day, there is no guarantee that I will get back to you.  If you have any other inquires, questions, comments, ideas, etc, feel free to fill the form given below and I will do my best to respond.  Submit an article to see it on Techproceed ! Are you interested to see your article on TechProceed for the benefit of IT community?  I believe that personally accessible technology is the foundation of humanity’s future. To that end I help people to understand and safely use personal computers and related technology so that they can do more, be more, grow more and connect more than ever before, and be an active participant in that future.  You could submit...
Read more

What's Hot

Ask Snehal AI The world's best virtual tarot This Virtual tarot that that can answer all kinds of questions. Questions about the present, the past, and your future. He can be a bit temperamental, requiring that each question be presented with a petition of "Snehal, please answer the following question" or "Snehal, please answer" before each question is asked. Failure to correctly petition will not bring results.    http://asksnehal.techproceed.com/        What's Hot ?                 This section provides a snapshot of what's on the public's collective mind by allowing users to view the fastest-rising searches for different points of time. It also highlights search terms that have suddenly become the most popular among the rest.  Following list is updated day by day, dynamically: Share Files of Any Size Online via Private Torrent in...
Post a Comment
Read more

How To Read Medium Articles for Free

I’m a regular Medium user and I read Medium articles almost every day. A few years back I didn’t have Medium membership—so, I had to find ways how to read Medium articles for free. I was able to find some ways to bypass Medium’s paywall system and read an unlimited amount of articles every day. I’ll share exactly how to read Medium articles for free in this article. Medium is a great blogging platform. This platform allows anyone to publish and read articles, but some of the articles on Medium are behind a paywall, which means they require a paid membership to read. Medium offers every user 3 free articles to read every month. That means you can read up to 3 articles that are published behind the Medium paywall. Stories that aren’t behind the Medium paywall are forever free to read. Here’s how to read Medium articles for free: You can read Medium articles for free by using the incognito mode of your browser, using extensions of Chrome, using the Telegram instant view from...
Post a Comment
Read more