Monday, February 16, 2009

What is CAPTCHA? How can I use it?

What is CAPTCHA? How can I use it?

What is Captcha?
In a CAPTCHA test (an acronym for "Completely Automated Public Turing test to tell Computers and Humans Apart," also sometimes spelled in lowercase), an image of letters is dynamically generated. The letters, because they're part of an image and not text (e.g. text that you could cut and paste), are difficult for a spambot or other computer program to read. Yet, a person has little trouble reading the letters in a captcha image.

Using a captcha test on a website is a great way to ensure, for instance, that a person and not a spambot is filling out a web form. Also, a captcha can make it difficult for a person to continuously resubmit form information and overwhelm the form's purpose.

For users who have a solid grounding in PHP and how HTML forms work, this example will show how to implement a captcha test:

  1. Enable the GD extention in your site's PHP settings by logging into OnSite. Once you are logged in go to the PHP Configurator which is under the Other Tools heading. Within the PHP Configurator click on the Extensions link on the left hand side of the page. You will now see a heading for Graphics, make sure the checkbox for the GD extention is checked. Now click on the Save Changes button near the top of the page.


  2. Download (in Firefox, right-click and choose "Save link as..." or in Internet Explorer, right-click and choose "Save target as...") this captcha-gen.php PHP script and place it in the same directory as your form.


  3. Add the following image and text input to your form:


    Captcha Text:


  4. Inside the action script of your form, make sure to call session_start(); and add the following check before you process the form information.

    if( isset($_REQUEST['phrase']) &&
    isset($_SESSION['phrase']) &&
    strlen($_REQUEST['phrase']) > 0 &&
    strlen($_SESSION['phrase']) > 0 )
    {

    if( $_REQUEST['phrase'] == $_SESSION['phrase'] )
    {

    //This is where you will process the form input.

    //This will prevent the form from being
    //resubmitted multiple times.
    unset($_SESSION['phrase']);
    }
    else
    {

    //This is where you want to process
    // a bad guess at the Captcha phrase.

    print( "I'm sorry the Captcha phrase was incorrect!" );
    }

    }
    else
    {

    //This is where you want to process
    // a direct request or a re-submision
    // after the phrase was removed from
    // the session.

    print( "You must pass the Captcha test to use this form!" );

    }

    ?>


Make sure that all three of the above files are in the same directory and it should work.

The above method uses a PEAR module to create the captcha image. You can either look at the source code of captcha-gen.php or look at the Test_CAPTCHA site http://pear.php.net/package/Text_CAPTCHA/docs to learn more. The site also has another example of how to implement a captcha test.

You can read more about the CAPTCHA project here: Captcha.net
Posted by at
Labels: ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)