|
 |
|||
| Register--Login--Top 20 Posters--Search Topics |
Forum Main>>Tutorials>>Math Captcha image validation | ||
Chipmunk Rank:Settler of Bobland Group: Head Administrator Posts: 2867 IP Logged PM ID and RPS ID: 1 PM [Chipmunk] View Member Photo | Last replied to on Wed Aug 01, 2007 00:25:43 Edit Post|Quote With all the Captcha decoders these days, its impossible to build a solid Captcha image validator with a string. The solution? Have a captcha that asks simple math addition questions! Decoders are not very good at breaking these. This tutorial will show you how to make a basic math CAPTCHA validtion form. This requires that you have the GD library for PHP installed to work. This tutorial requires 2 files, login.php and action.php. The first step is to create a sub-folder to store the temporary images, for the purposes of this tutorial,this folder should be called images. Now upload a image in there called verify.php and chmod just that image(not the folder) to 777 so that image can change as our functions generate new images. Ok, after you've done that, we can get to the code: in login.php:
The first step is to create the image, the ImageCreate function in php does just that. The 200 and the 40 are the dimensions of the image created. The image created is stored in $img. $white and $black define the text color of the numbers and the background color of the image respectively. In this tutorial, the background color is greenish and the text is black for easy contrast. Next we set the random seed with the srand function. We do this by time so when we do call the random function, we get a different number each time. Then we generated two numbers between one and ten with the rand() function and store them in $string and $string2. In $string3, we combine them to make the actual text on the image. $string3 is not actually the sum of the numbers, it is just the text string and is not numeric. $thevalue is the actual sum of the two numbers when they are added. There's no real reason to set $verification equal to $string3 because we can just directly use $string3 but I do it by habit. Then these lines of code:
Fill the image with our defined ours and stores the image into images/verify.jpeg. Now we have to write the form. Its a pretty basic form. We store the actual value of the answer in the form field 'hidden value', which is a non-visible hidden field. The answer to the math question the user types in is $yourcode. Of couse we have to display images/verify.php so people can actually see what the math question really is. Now we move to action.php:
This is a very simple file that basically gets the two variables from the two input fields from login.php and compares them to see if they are equal. If they are equal, it goes to the "You are correct" case, if they are not equal, it goes to the "your code is incorrect case". In a real application, you would put your actual content in the "You are correct" case and a redirect back to some other page in the "You are incorrect" case. ----------------------------- Chipmunk, Supreme Administrator | |||
| Pain_Man Rank:squirreling Group: members Posts: 170 IP Logged PM ID and RPS ID: 799 [PM Pain_Man] | Posted at Fri Feb 23, 2007 16:35:22 Edit post|Quote Nice ive got the same but with questions | |||
| Chipmunk Rank:Settler of Bobland Group: Head Administrator Posts: 2867 IP Logged PM ID and RPS ID: 1 [PM Chipmunk] View Member Photo | Posted at Fri Feb 23, 2007 22:30:39 Edit post|Quote Well, you could ask random questions on Shakespeare if you want but you need pre-defined answers for those. ----------------------------- Chipmunk, Supreme Administrator | |||
| hackerzlab Rank:acorn Group: members Posts: 6 IP Logged PM ID and RPS ID: 12329 [PM hackerzlab] RPS score: 0 RPS challenge | Posted at Thu Apr 12, 2007 09:50:15 Edit post|Quote how do I put this two together. i'm not able to code them together. The email keeps coming and it just doesn't work out. thank you. ----------------------------- learn to live peacefully/ | |||
| hackerzlab Rank:acorn Group: members Posts: 6 IP Logged PM ID and RPS ID: 12329 [PM hackerzlab] RPS score: 0 RPS challenge | Posted at Thu Apr 12, 2007 09:54:00 Edit post|Quote <?php if(isset($_POST['submit'])) { $yourcode=$_POST['yourcode']; $hiddenvalue=$_POST['hiddenvalue']; if($yourcode==$hiddenvalue) { print "Correct, put your content here"; } else { print "You verification code is not right. Please go back and try again."; } } ?> <?php $adminemail = 'email address'; $version = '1.10'; $controlvars = ' thankspage submitteremail ccsubmitter '; $messagetoadmin = $HTTP_POST_VARS['submitteremail'] ." has filled out a form with this content: "; $messagetosubmitter = "You have submitted a form with the content listed below. thank you. "; while(list($key, $value) = each($HTTP_POST_VARS)) { if (!stristr($controlvars, ' '. $key .' ')) { $messagetoadmin .= $key .': '. $value .' '; $messagetosubmitter .= $key .': '. $value .' '; } } mail($adminemail, 'Form Submitted: '. stripslashes($HTTP_POST_VARS['subject']), stripslashes($messagetoadmin), 'From: '. $HTTP_POST_VARS['submitteremail']); if ($HTTP_POST_VARS['ccsubmitter'] == 'yes') { mail($HTTP_POST_VARS['submitteremail'], 'Form Submitted: '. stripslashes($HTTP_POST_VARS['subject']), stripslashes($messagetosubmitter), 'From: '. $adminemail); } if ($_POST['autoresponse'] != '') { $body = geturl($autoresponse); mail($submitteremail, 'Re: '. stripslashes($HTTP_POST_VARS['subject']), stripslashes($body), 'From: '. $adminemail); } header('Location: '. $HTTP_POST_VARS['thankspage']); // just in case redirect doesn't work die('<meta http-eqiv="refresh" content="0;url='. $HTTP_POST_VARS['thankspage'] .'">'); function geturl($url) { if (version_compare("4.3.0", phpversion(), "<")) { $filecontents = @file_get_contents($url); } else { $fd = @fopen($url, 'rb'); $filecontents = @fread ($fd, 30000000); @fclose ($fd); } return $filecontents; } ?> ----------------------------- learn to live peacefully/ | |||
| Chipmunk Rank:Settler of Bobland Group: Head Administrator Posts: 2867 IP Logged PM ID and RPS ID: 1 [PM Chipmunk] View Member Photo | Posted at Thu Apr 12, 2007 12:02:00 Edit post|Quote Where's your form? ----------------------------- Chipmunk, Supreme Administrator | |||
| hackerzlab Rank:acorn Group: members Posts: 6 IP Logged PM ID and RPS ID: 12329 [PM hackerzlab] RPS score: 0 RPS challenge | Posted at Thu Apr 12, 2007 12:34:38 Edit post|Quote sorry i thought you wont need it. i cant seem to code my codes. sorry. <?php $im = ImageCreate(200, 40); //create image $white = ImageColorAllocate($im, 0,0, 0); $black = ImageColorAllocate($im, 120, 200, 68); srand((double)microtime()*1000000); $string = rand(1,10); //the first number $string2=rand(1,10); //the second number $string3="$string + $string2"; $verification = $string3; $thevalue=$string+$string2; ImageFill($im, 0, 0, $black); ImageString($im, 4, 70, 10, $verification, $white); Imagejpeg($im, "images/verify.jpeg"); ImageDestroy($im); print "<form action='formemail.php' method='post'><input type='hidden' name='thankspage' value='thanx.php'><input type='hidden' name='ccsubmitter' value='yes'>"; print "<table><tr><td><font face='Arial' size='2'><b>Name</b></font></td><td>"; print "<input type='text' size='35' maxlength='256' name='name' style='border: 1px solid #000000'></td></tr>"; print "<tr><td><font face='Arial' size='2'><b>E-Mail</b></font></td><td><input type='text' size='35' maxlength='256' name='email' style='border: 1px solid #000000'></td></tr>"; print "<tr><td><font face='Arial' size='2'><b>Location</b></font></td><td><input type='text' size='35' maxlength='256' name='location' style='border: 1px solid #000000'></td></tr>"; print "<tr><td><font face='Arial' size='2'><b>Website</b></font></td><td><input type='text' size='35' maxlength='256' name='website' style='border: 1px solid #000000'></td></tr>"; print "<tr><td><font face='Arial' size='2'><b>Reason</b></font></td><td><input type='text' size='35' maxlength='256' name='website' style='border: 1px solid #000000'></td></tr>"; print "<tr><td><font face='Arial' size='2'><b>Add me</b></font></td><td><input type='hidden' value='$thevalue' name='hiddenvalue'><input type='text' name='yourcode' size='20'><img src='images/verify.jpeg' border='0'> <td></tr>"; print "<tr><td><font face='Arial' size='2'><b>Comment</b></font></td><td><textarea rows='10' name='comment' cols='37' style='border: 1px solid #000000'></textarea></td></tr>"; print "<tr><td></td><td><input type='submit' name='submit' value='::.. Send ..::' style='color: #000000; background-color: #F5F5FF' ></td></tr>"; print "</table></form>"; ?> Please help me. i'm getting the mails but not the way i wanted. Please help me. thank you. ----------------------------- learn to live peacefully/ | |||
| Chipmunk Rank:Settler of Bobland Group: Head Administrator Posts: 2867 IP Logged PM ID and RPS ID: 1 [PM Chipmunk] View Member Photo | Posted at Thu Apr 12, 2007 13:54:59 Edit post|Quote You have to define your problem clearer. What are you getting and what do you want to get? ----------------------------- Chipmunk, Supreme Administrator | |||
| hackerzlab Rank:acorn Group: members Posts: 6 IP Logged PM ID and RPS ID: 12329 [PM hackerzlab] RPS score: 0 RPS challenge | Posted at Thu Apr 12, 2007 14:04:24 Edit post|Quote I want my users to be able to send me mails through the form but after he puts the correct sum. I dont want emails from them unless they fill the "sum" correctly. The script works but keeps sending me mails even though the sum is entered incorrectly. please help. When i get the sum wrong it says, You verification code is not right. Please go back and try again. yet i get mails and so there's no point of using the captcha. ----------------------------- learn to live peacefully/ | |||
| hackerzlab Rank:acorn Group: members Posts: 6 IP Logged PM ID and RPS ID: 12329 [PM hackerzlab] RPS score: 0 RPS challenge | Posted at Fri Apr 13, 2007 12:16:41 Edit post|Quote is anyone there to look into my problem. thank you. I'm not such a coder to understand the codes. Thank you. ----------------------------- learn to live peacefully/ | |||
| sundaramkumar Rank:acorn Group: members Posts: 1 IP Logged PM ID and RPS ID: 12377 [PM sundaramkumar] RPS score: 0 RPS challenge | Posted at Mon Apr 16, 2007 06:26:08 Edit post|Quote
----------------------------- Regards, Kumar S | |||
| hackerzlab Rank:acorn Group: members Posts: 6 IP Logged PM ID and RPS ID: 12329 [PM hackerzlab] RPS score: 0 RPS challenge | Posted at Tue Apr 17, 2007 04:13:13 Edit post|Quote if i do that, the mail will never reach me!! dont you think so?it doesn't work. i think we have to put the mail form in the print "Correct, put your content here"; ----------------------------- learn to live peacefully/ | |||
| Steve Rank:acorn Group: members Posts: 1 IP Logged PM ID and RPS ID: 13260 [PM Steve] RPS score: 0 RPS challenge | Posted at Tue Jul 31, 2007 10:57:14 Edit post|Quote Well, asking simple maths questions is a good idea, but you've missed an important security flaw in your implementation: you include the answer to the question in the code of the form. It's not going to take a genius to write a script to just take the value from your hidden field and submit that as the answer. | |||
| Chipmunk Rank:Settler of Bobland Group: Head Administrator Posts: 2867 IP Logged PM ID and RPS ID: 1 [PM Chipmunk] View Member Photo | Posted at Wed Aug 01, 2007 00:25:43 Edit post|Quote Yes, but 99% percent of these "hackers" are too lazy to do that and most of them couldn't code if their life depended on it. Its safer to include it in a session. ----------------------------- Chipmunk, Supreme Administrator | |||
Page: 1 |