Page 1 of 1

Best Capthas

Posted: Thu Jul 27, 2006 8:17 am
by shiznatix
I have been looking for a captcha script that actually works. So far I have found none :(.

Anyone have any good expierence with one that is easy to setup?

Posted: Thu Jul 27, 2006 10:35 am
by Weirdan
as I recommended in another thread: http://hotcaptcha.com ;)

Posted: Thu Jul 27, 2006 10:52 am
by pickle
I've found the best method is question/answer. Questions like "What colour is between yellow and blue in the rainbow" are very easy for humans to answer, but bots don't have a chance.

Posted: Thu Jul 27, 2006 11:38 am
by shiznatix
Weirdan wrote:as I recommended in another thread: http://hotcaptcha.com ;)
hahahaha that is fantastic! that captcha couldn't be better!
pickle wrote: I've found the best method is question/answer. Questions like "What colour is between yellow and blue in the rainbow" are very easy for humans to answer, but bots don't have a chance.
nice idea but i don't know what the answer is so there is a bit of a flaw there :P . no i like it, ill think about that one.

Posted: Thu Jul 27, 2006 11:43 am
by pickle
Another advantage that has over the image based Captchas I've seen, is you don't need to store the string in a cookie. The implementations I've seen require you to store the actual word in the image, in a cookie or a session. Complex bots should be able to read those contents & get through the image. Using the Q&A, you can just store the ID of the question, rather than the correct answer.

Posted: Thu Jul 27, 2006 11:51 am
by jayshields
Weirdan wrote:as I recommended in another thread: http://hotcaptcha.com ;)
that is truly awesome.

Posted: Thu Jul 27, 2006 12:05 pm
by anjanesh
Excellent new idea.

Posted: Thu Jul 27, 2006 1:08 pm
by bokehman
pickle wrote:Another advantage that has over the image based Captchas I've seen, is you don't need to store the string in a cookie. The implementations I've seen require you to store the actual word in the image, in a cookie or a session.
How could a bot read the string from a session variable if the information never leaves the server?

Anyway here's a super basic captcha to help understand how one works:

Code: Select all

<?php

session_start();

if(isset($_GET['i'])){
    
    // image creation section
    captcha_image();
}elseif(isset($_POST['captcha'])){
    
    // validation section
    echo(captcha_validate())?'That was correct.<br>':'That was not correct.<br>';
    echo '<a href="http://'.$_SERVER['HTTP_HOST'].htmlentities($_SERVER['PHP_SELF']).'">Try another?</a>';
    exit;
    
}else{
    
    // form section
    echo 
    '<p><a href="http://'.$_SERVER['HTTP_HOST'].htmlentities($_SERVER['PHP_SELF']).
    '" onclick="document.getElementById(\'captcha\').src=\'http://'.
    $_SERVER['HTTP_HOST'].htmlentities($_SERVER['PHP_SELF']).
    '?i=\' + new Date; return false;">Give me an easier one!</a></p>'."\n".
    '<p><img id="captcha" src="http://'.$_SERVER['HTTP_HOST'].htmlentities($_SERVER['PHP_SELF']).
    '?i='.uniqid().'" alt=""></p>'."\n".
    '<form action="http://'.$_SERVER['HTTP_HOST'].htmlentities($_SERVER['PHP_SELF']).'" method="POST">'."\n".
    '<input type="text" name="captcha" ><input type="submit" value="test it"></form>';
    
}
    

function captcha_validate()
{
    if($_POST['captcha'] == $_SESSION['captcha'])
    {
	    $_SESSION['captcha'] = null;
	    return true;
    }
	return false;
}

function captcha_image($length = 
{
    $fontsize = 5;
	$_SESSION['captcha'] = substr(base64_encode(md5(rand())), 0, $length);
    $image = imagecreate(($length*imagefontwidth($fontsize))+1, imagefontheight($fontsize)+1);
    $background_colour = imagecolorallocate($image, 255,255,255);
    $text_shadow = imagecolorallocate($image, 127,127,127);
    $text_colour = imagecolorallocate($image, 0,0,0);
    imagestring($image, $fontsize, 1, 1, $_SESSION['captcha'], $text_shadow);
    imagestring($image, $fontsize, 0, 0, $_SESSION['captcha'], $text_colour);
    header ('Content-type: image/png');
    imagepng($image);
    imagedestroy($image);    
    exit;
}

?>
If you want one with audio check this out

Posted: Thu Jul 27, 2006 1:15 pm
by pickle
bokehman wrote:How could a bot read the string from a session variable if the information never leaves the server?
Good point. Let's limit my comment to only cookies then.

Posted: Fri Jul 28, 2006 2:17 am
by julian_lp
Weirdan wrote:as I recommended in another thread: http://hotcaptcha.com ;)
truly amazing, just two things about it:

1° I've failed twice selecting what I thought were the hot girls (I really like any sort of next door girl ;) )

2° If my old algebra course is still there in my brain, the number of posibilities wich a robot should try is:

Comb(9,3) = 9!/(6!*3!) = 84 very few compared with a simple 3-digit alphanumeric captcha

Posted: Fri Jul 28, 2006 2:30 am
by bokehman
julian_lp wrote:
Weirdan wrote:as I recommended in another thread: http://hotcaptcha.com ;)
truly amazing, just two things about it:

1° I've failed twice selecting what I thought were the hot girls (I really like any sort of next door girl ;) )

2° If my old algebra course is still there in my brain, the number of posibilities wich a robot should try is:

Comb(9,3) = 9!/(6!*3!) = 84 very few compared with a simple 3-digit alphanumeric captcha
Yeah, a 3 digit captcha code... 26 lower case... 26 upper case... 10 digits... >>> 62^3 === 238328... quite a bit more than 84.