Welcome to Scribd, the world's digital library. Read, publish, and share books and documents. See more
Download
Standard view
Full view
of .
Look up keyword
Like this
7Activity
0 of .
Results for:
No results containing your search query
P. 1
Designing a Captcha System with PHP and MySQL

Designing a Captcha System with PHP and MySQL

Ratings: (0)|Views: 1,117|Likes:
Published by Abhilash V Pillai
Spam is one of the biggest problems on the Internet. It is getting harder to fight with the advent of spam bots that visit websites and automatically fetch email addresses, fill out forms and do other nasty things, such as blog spam comments, that could degrade your integrity. Fortunately, using captcha can help. This article will show you how to implement captcha on your site.
Spam is one of the biggest problems on the Internet. It is getting harder to fight with the advent of spam bots that visit websites and automatically fetch email addresses, fill out forms and do other nasty things, such as blog spam comments, that could degrade your integrity. Fortunately, using captcha can help. This article will show you how to implement captcha on your site.

More info:

Published by: Abhilash V Pillai on Jun 11, 2009
Copyright:Attribution Non-commercial

Availability:

Read on Scribd mobile: iPhone, iPad and Android.
download as DOC, PDF, TXT or read online from Scribd
See more
See less

02/03/2013

pdf

text

original

 
Designing a Captcha System with PHP and MySQL
 
Spam is one of the biggest problems on the Internet. It is getting harder to fight with theadvent of spam bots that visit websites and automatically fetch email addresses, fill out formsand do other nasty things, such as blog spam comments, that could degrade your integrity.Fortunately, using captcha can help. This article will show you how to implement captcha onyour site.
Spam is a really serious problem. If you fail to correct this issue with your website or blog,spammers and possibly malicious hackers will take over your domain. The following things canhappen:
If spam is uncontrolled, it can hurt the good visitors to your site. A classic example of this iswhen a spammer puts a link on your site that points to a malware-infected site, in the hopethat visitors might click that link -- which in turn will infect the good visitor's computer.
Your reputation will be affected. If you let those spammers make comments on your site, itwill cause others to wonder how serious you are about presenting great content.
Spammers and malicious types could hack your site, for example using aMySQL injection.There are basically two ways you can generate captcha using PHP. One uses PHP alone; the other can be done using a MySQL database. This tutorial is intended for an independent web developer needing protection from spam usingcaptcha.
PHP Captcha generation: Basic Principles
 Without using a database, one can generate captcha using PHPwith GD support enabled. PHP needs GD support to be enabled to perform image processing tasks, such as the generation of captcha images. You can, however, check to see if the GD support was enabled in your Apacheserver by uploading a script with the
phpinfo()
function on the root directory, such as the one below:
<?php
 
echo phpinfo();
 
?>
 Then open it in the browser. For example, if your domain is http://www.domainname.com , then allinformation about the PHP you are using will be available by typing:
http://www.domainname.com/phpinfo.php
 Go to the GD support portion of the PHPinfo results. Yous should see something like the screenshot below:
 
If you do not have GD support enabled, contact your web hosting agency and ask them to turn iton. If this is not possible, you will need to generate captcha and store images using MySQL, whichwill not use GD support. This will be discussed in the last part of the tutorial.Please take this piece of security advice:
 Remove the phpinfo.php in your server after getting thisinformation. Letting the public access your phpinfo.php poses a security risk.
 Suppose you have GD support enabled, which should be true in all cases. You can use the followingstrategy to generate captcha:1.You need a separate PHP file containing the script that will solely generate the captchaimages. This file will be stored in the local server in the same path as the PHP form script.2.You will be calling this PHP script file in the form. When it is called, the captcha imageswill be displayed on the form.3.Using PHP sessions you can store the generated string to a session variable, which will then be compared with the actual answer by the query.The form can only be processed if the captcha has been entered correctly. Only humans have theability to get text information from images; this is what separates bots from humans.
Designing a Captcha System with PHP and MySQL - The Captcha Image Generation Script
 For simplicity of this illustration, we will use random numbers and convert them to images to beused as captcha. Then we will use session and other GD components to generate images. Below isthe PHPscript, which we call
captxt.php
 
<?php
 
//start session which will be used to store generated numbers ofvalidation in the form
 
session_start();
 
//generate random number between 10,000 and 99999
 
$number =mt_rand(10000, 99999);
 
//store generate random number to a session
 
$_SESSION['answer']=$number;
 
//create image 50 x 50 pixels
 
$imagecreate = imagecreate(50, 50);
 
// white background and blue text
 
$background = imagecolorallocate($imagecreate, 255, 255, 255);
 
$textcolor = imagecolorallocate($imagecreate, 0, 0, 255);
 
// write the string at the top left
 
imagestring($imagecreate, 5, 5, 10, $number, $textcolor);// output the image
 
header("Content-type: image/png");
 
$image= imagepng($imagecreate);
 
?>
 Let's discuss the process for you to improve this design:1.
session_start();
is required in the first line of every PHP script if we want to storevariables in the session. Storing variables in the session makes it available for use in other files thatalso use the session. This will be used to test whether the generated random number matches theone typed in by the user.2.
$number =mt_rand(10000, 99999);
will generate random numbers in the range of 10,000 to 99,999 and store them the
$number
variable.3.
$_SESSION['answer']=$number;
will store the generated random number to a sessionarray so that it can be used in the PHP form script that will test if the user's answer matches thegenerated code.4. And finally this piece code:
//create image 50 x 50 pixels
 
$imagecreate = imagecreate(50, 50);
 
// white background and blue text
 
$background = imagecolorallocate($imagecreate, 255, 255, 255);
 

Activity (7)

You've already reviewed this. Edit your review.
1 hundred reads
1 thousand reads
rhikunia liked this
santosh17081986 liked this
Punith Etikala liked this

You're Reading a Free Preview

Download
scribd
/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->