/ Home/ Contact/ Code///
 

 

 

Login to customize this site
and access restricted areas
Username
Password
Create Account
 

A captcha is a way to determine human users from computers, and usually involves in image that is hard for computers to decode, but easy for humans to do so. More information on captcha's on captcha.net.

I threw together a quick Captcha script in PHP for an upcoming project, and wasn't able to find any that would be sufficiently discouraging for someone to write a script to circumvent. I have a couple more ideas for different approaches, this is the first I came up with and relatively easy to implement. It does on occasion create an image that's too difficult to read and I'm not sure how well it will stand up to an attack, but I believe it will stand up better than many of the ones I've seen. Image recognition programs usually have a lot of problems stitching characters back together. I've thrown in some black noise as well to further complicate the job of finding characters in the image. To verify the user entered the correct input, simply compare what they entered with the session variable "captcha" ($_SESSION["captcha"]). It might also be a good idea to provide them a way to reload the image/page if they happen to get one they can't understand. Other possibly security measures might include limiting the number of failed attempts from a single IP, and limiting the number of reloads while looking for a "cleaner" image.

LINES
First attempt. Not really happy with it, but it's here anyway.
This random text is designed to filter out bots. However it will also filter out blind users. Sorry!
Possible weaknesses: Lots of weaknesses with this one. I don't recommend you use it, it's just here because it was my starting point. I quickly realized that it's too insecure to use.

Double Vision (version 2)
My second attempt - slightly more secure than the first, and cleaner looking. If you've requested the first (very beta) version of this Captcha send me a message and I'll send you the upgrade. It's been pretty much completely rewritten and now contains plenty of easy to configure settings, new features, and much cleaner code. Thanks to everyone who submitted comments!
This random text is designed to filter out bots. However it will also filter out blind users. Sorry!
Possible weaknesses: Overlay possible characters over parts of the image and compare densities. If the density under that character is less than the densities of the rest of the image that character may be correct. This weakness is slightly reduced by randomizing the fonts, font sizes, and string positions.

Static
More legible than second and possibly more secure.
This random text is designed to filter out bots. However it will also filter out blind users. Sorry!
Possible weaknesses: Same as above. Overlay characters and test if there are any static dots inside the character area. If none, then the character may be correct. Again, this is slightly reduced by randomizing the font size and position.

--Unnamed--
I'm working on a fourth captcha based on Static (which I started building as a proof of concept) that should be by far the most secure yet, and addresses all the weaknesses mentioned above. However it's pretty flaky at the moment, so it's not posted here.

If you are having difficulty making out the images above, click on it to load a new one. Blind or visually impaired users will not be able to use this page until I get audio feedback working, sorry!

As with most captchas this will obviously cause problems with blind users. Workarounds include phoning to verify their account, or providing audio of the answer (again, look at the session variable to determine the audio to be generated). The audio should be randomly distorted enough to mess with audio recognition software, but still be understandable by humans. Regardless, you should indicate in the ALT text of your image that this is a set of random characters, so that blind users will at least know what's going on, even if they can't get past it.

This script is free for your use, but since it's still being developed I'm not posting a zip here yet. Let me know if you would like to have a copy and I'll email it to you.