Page 1 of 1

Using Captcha

Posted: Sat Jan 09, 2010 5:45 pm
by bharanidharanit
I would like to add captcha to my registration system. I searched google and i get some. There are more number of scripts in that which are little bit complex to go on. I simply took my needs from that. Now My registration page is generating captcha, but i dont know how to check it back after the user enters from the shown image.
Here's my coding.
Captcha.php

Code: Select all

<?php 
session_start();
//Settings: You can customize the captcha here
$image_width = 120;
$image_height = 40;
$characters_on_image = 6;
$font = './monofont.ttf';
 
//The characters that can be used in the CAPTCHA code.
//avoid confusing characters (l 1 and i for example)
$possible_letters = '23456789bcdfghjkmnpqrstvwxyz';
$random_dots = 0;
$random_lines = 20;
$captcha_text_color="0x142864";
$captcha_noice_color = "0x142864";
 
$code = '';
 
 
$i = 0;
while ($i < $characters_on_image) { 
$code .= substr($possible_letters, mt_rand(0, strlen($possible_letters)-1), 1);
$i++;
}
 
 
$font_size = $image_height * 0.75;
$image = @imagecreate($image_width, $image_height);
 
 
/* setting the background, text and noise colours here */
$background_color = imagecolorallocate($image, 255, 255, 255);
 
$arr_text_color = hexrgb($captcha_text_color);
$text_color = imagecolorallocate($image, $arr_text_color['red'], 
        $arr_text_color['green'], $arr_text_color['blue']);
 
$arr_noice_color = hexrgb($captcha_noice_color);
$image_noise_color = imagecolorallocate($image, $arr_noice_color['red'], 
        $arr_noice_color['green'], $arr_noice_color['blue']);
 
 
/* generating the dots randomly in background */
for( $i=0; $i<$random_dots; $i++ ) {
imagefilledellipse($image, mt_rand(0,$image_width),
 mt_rand(0,$image_height), 2, 3, $image_noise_color);
}
 
 
/* generating lines randomly in background of image */
for( $i=0; $i<$random_lines; $i++ ) {
imageline($image, mt_rand(0,$image_width), mt_rand(0,$image_height),
 mt_rand(0,$image_width), mt_rand(0,$image_height), $image_noise_color);
}
 
 
/* create a text box and add 6 letters code in it */
$textbox = imagettfbbox($font_size, 0, $font, $code); 
$x = ($image_width - $textbox[4])/2;
$y = ($image_height - $textbox[5])/2;
imagettftext($image, $font_size, 0, $x, $y, $text_color, $font , $code);
 
 
/* Show captcha image in the page html page */
header('Content-Type: image/jpeg');// defining the image type to be shown in browser widow
imagejpeg($image);//showing the image
imagedestroy($image);//destroying the image instance
$_SESSION['6_letters_code'] = $code;
 
function hexrgb ($hexstr)
{
  $int = hexdec($hexstr);
 
  return array("red" => 0xFF & ($int >> 0x10),
               "green" => 0xFF & ($int >> 0x8),
               "blue" => 0xFF & $int);
}
?>
My Registration Page

Code: Select all

<html>
<head>
<title>Register Page</title>
<script type="text/javascript" language="javascript">
function refreshCaptcha()
{
    var img = document.images['captchaimg'];
    img.src = img.src.substring(0,img.src.lastIndexOf("?"))+"?rand="+Math.random()*1000;
}
 
</script>
</head>
<body>
<table width="100%" border="1">
<form method="POST"  action="chkregister.php">
<tr>
<td>Enter Username:</td>
<td><input type="text" id="regusrname" name="regusrname" /></td>
<td id="v1">&nbsp;</td>
</tr>
<tr>
<td>Enter Password:</td>
<td><input type="text" id="regusrpwd" name="regusrpwd" /></td>
<td id="v2">&nbsp;</td>
</tr>
<tr>
<td>Confirm Password:</td>
<td><input type="text" id="regcusrpwd" /></td>
<td id="v3">&nbsp;</td>
</tr>
<tr>
<td>Enter Email Address:</td>
<td><input type="text" id="email" name="email" /></td>
<td id="v4">&nbsp;</td>
</tr>
<tr>
<td>Enter the image shown below:</td>
<td><input type="text" id="6_letters_code" name="6_letters_code" /></td>
<td>&nbsp;</td>
</tr>
<tr>
<td>&nbsp;</td>
<td><img src="captcha.php?rand=<?php echo rand(); ?>" id='captchaimg' /></td>
<td><small>click <a href='javascript&#058; refreshCaptcha();'>here</a> to refresh</small></td>
</tr>
<tr>
<td colspan="3"><input type="submit" value="Register" /></td>
</tr>
</form>
</table>
</body>
<html>

Re: Using Captcha

Posted: Sat Jan 09, 2010 6:22 pm
by timWebUK
You need to store their answer in a $_SESSION variable. and compare it the random characters given. Be sure to hash the random characters first, then hash the ones the user entered and compare.

Re: Using Captcha

Posted: Sat Jan 09, 2010 6:50 pm
by bharanidharanit
timWebUK wrote:You need to store their answer in a $_SESSION variable. and compare it the random characters given. Be sure to hash the random characters first, then hash the ones the user entered and compare.
Hello Thankyou,
i am already storing that session in line72. But when i takes session variables. the image displaying the different code and $_SESSION['6_letters_code'] showing the different one. And how can i compare those two?

Ya for eg: when the page loads at first, the image shows jkls45 and the $_SESSION['6_letters_code'] shows something different, When i again load the page, the shows some other captcha and now the SESSION shows the previous captcha jkls45

Re: Using Captcha

Posted: Sat Jan 09, 2010 10:59 pm
by SidewinderX
At the top of your registration page:

Code: Select all

if($_POST['6_letters_code'] == $_SESSION['6_letters_code']) {
    //the captcha was correct perhaps use a header() redirect to a new page
}
//display your form here
P.S.
Your captcha is really easy to crack (see: http://www.johnciacia.com/2010/01/basic-ocr/). I would recommend using reCaptcha.

Re: Using Captcha

Posted: Sun Jan 10, 2010 9:21 am
by Charles256
You could also try out http://www.ejeliot.com/pages/2 that does audio and visual captcha. It's pretty simple to set up and the instructions are excellent.

Re: Using Captcha

Posted: Sun Jan 10, 2010 10:51 am
by timWebUK
My captcha doesn't use black text, it has background colours and lines to distort the flow of text. So that code shouldn't crack mine as easily.

Re: Using Captcha

Posted: Sun Jan 10, 2010 1:40 pm
by bharanidharanit
Hi,
I used recaptcha, i added to my, i am having already javascript validation, i also want this to be validated. I dont know how to proceed from this step. Now i am able to see captcha in my page. But i dont know how to display error message. When the user register, he must be checked with every fields that he has return correctly and also checks with captcha, then the page must redirect to the next page. Here is my coding,

Code: Select all

<html>
<head>
<title>Register Page</title>
<script type="text/javascript" language="javascript">
function validate_register(){
    alert('hi');
    var usrname = document.getElementById('regusrname').value;
    var usrpwd = document.getElementById('regusrpwd').value;
    var cusrpwd = document.getElementById('regcusrpwd').value;
    if (usrname==""){
        document.getElementById('v1').innerHTML = "Enter Username";
        return false;
    }
    if (usrpwd==""){
        document.getElementById('v2').innerHTML = "Enter Password";
        return false;
    }
    if (usrpwd != cusrpwd){
        document.getElementById('v3').innerHTML = "Password Missmatch";
        return false;   
    }   
    return true;
}
</script>
</head>
<body>
<table width="100%" border="1">
<form method="POST"  action="chkregister.php">
<tr>
<td>Enter Username:</td>
<td><input type="text" id="regusrname" name="regusrname" /></td>
<td id="v1">&nbsp;</td>
</tr>
<tr>
<td>Enter Password:</td>
<td><input type="text" id="regusrpwd" name="regusrpwd" /></td>
<td id="v2">&nbsp;</td>
</tr>
<tr>
<td>Confirm Password:</td>
<td><input type="text" id="regcusrpwd" /></td>
<td id="v3">&nbsp;</td>
</tr>
<tr>
<td>Enter Email Address:</td>
<td><input type="text" id="email" name="email" /></td>
<td id="v4">&nbsp;</td>
</tr>
<tr>
<td>Enter Captcha Verification</td>
<td>
<?php
 
require_once('recaptchalib.php');
 
// Get a key from http://recaptcha.net/api/getkey
$publickey = "6LePbAoAAAAAALvKwRXXsD8fhSCCqR_yKTHq4wfQ";
$privatekey = "6LePbAoAAAAAAGG3kNPiaSUfiHx0mexGYwOueBrt";
 
# the response from reCAPTCHA
$resp = null;
# the error code from reCAPTCHA, if any
$error = null;
 
# was there a reCAPTCHA response?
if ($_POST["recaptcha_response_field"]) {
        $resp = recaptcha_check_answer ($privatekey,
                                        $_SERVER["REMOTE_ADDR"],
                                        $_POST["recaptcha_challenge_field"],
                                        $_POST["recaptcha_response_field"]);
 
        if ($resp->is_valid) {
                echo "You got it!";
        } else {
                # set the error code so that we can display it
                $error = $resp->error;
        }
}
echo recaptcha_get_html($publickey, $error);
?>
</td>
</tr>
<tr>
<td colspan="3"><input type="submit" value="Register" /></td>
</tr>
</form>
</table>
</body>
<html>
 
 

Re: Using Captcha

Posted: Mon Jan 11, 2010 7:30 pm
by SidewinderX
Ditch the JavaScript and validate in PHP. Also, it is called a "private key" for a reason. 8O
The following is where you would place your error message:

Code: Select all

 
        else {
                # set the error code so that we can display it
                $error = $resp->error;
        }

Re: Using Captcha

Posted: Tue Jan 12, 2010 4:36 am
by timWebUK
Sidewinder,there's nothing wrong with validating in Javascript if you validate in PHP as well. At least it prevents sending data to the server if you already know it's invalid.

Re: Using Captcha

Posted: Tue Jan 12, 2010 9:46 am
by SidewinderX
timWebUK wrote:Sidewinder,there's nothing wrong with validating in Javascript if you validate in PHP as well. At least it prevents sending data to the server if you already know it's invalid.
Agreed. JavaScript is a great way to complement PHP validation.