iEntry 10th Anniversary
CSS Snippets
JavaScript SnippetsBasic Captcha
Captchas allow you to provide additional spam protection on your forum from bots. Captcha is an acronym that means "Completely Automated Public Turing test to tell Computers and Humans Apart". Captchas may seem like they are hard to create, but in reality they can be very simple. All you need is PHP create a random number, then plug this into an equation to output either a letter or character. In our example code, we are using the numbers 2-9 and the letters a-z. We are not using i, o, or l to reduce confusion for the user. Also, by using the mat_rand method we create a random number between a set of numbers.
<?php
function captcha_text(){
$length = 6;
$options = "abc2def3ghj4kmn5pqr6stu7vwx8yz9";
$option_length = (strlen($options)-1);
$captcha = "";
$i = 0;
while ($i < $length){
$random = mt_rand(0, $option_length);
$captcha .= $options[$random];
$i++;
}
return $captcha;
}
//Creating the captcha text
$captcha = captcha_text();
//Storing the captcha text to a session
session_start();
$_SESSION['captcha'] = $captcha;
This function is what is creating the captcha text. We will go over it line by line. The first line is creating the function and giving it the name captcha_test. The first line inside the function, we are creating a variable named length. This will determine how many characters our captcha has in it. The options variable, is a list of all of the characters we would like to use in the captcha. As stated before we have chosen 2-9, a-z but not o, i, and l. The next variable, option_length is determining the number of characters in the options variable. We are then reducing this by one, so that we do not get any spaces in the captcha. The following variable, captcha, is a place holder for the while loop that is coming up soon. We also have a variable named i that is going to be used in the while loop to keep count of how many times the loop has ran.9
So far everything is simple PHP, the next part of our code is a while loop. The structure of the while loop should seem familiar to you. If not, a while loop will continue running until a condition is satisfied. In our case it will be until i is no longer smaller then value of length and anything between the brackets will be executed. Inside the loop we have a variable named random. By using the mat_rand method, we are allowing PHP to randomly choose a number between zero, and the number of characters in options minus one. Now that we have a random number we can then use this to pull a character from the options string. In PHP, strings can be treated as an array. So if we have the following code
$string = "code-sucks.com";We could return the d in the string by using $string[2]. We are doing the samething with the captcha variable. We are using the number generated in the random variable, and pulling that character from options. By using the .= operator, we are adding what ever this character is to captcha. For example if captcha equals d34, and the next number is k. Then the .= operator allows captcha to now equal d34k. The .= is just a short way of the following code.
$captcha = $captcha.""$options[$random];
When the loop exits it returns the value of captcha. Now we have a random set of six characters, and we need to do something with them. Well we set the variable captcha that is outside the loop, remember in a function the variables are local only. The next thing we do is create a session. This will allow us to later compare the value of captcha to the user's input. We set the session variable to equal captcha. The $_SESSION variable works just like $_POST, $_GET, and $_REQUEST variables.
Next, we need to display the captcha text onto an image. This will keep bots from just checking our code for the captcha text, and therefore by passing the security we are setting up. The following code would be included with the code from above. //Preparing for the image header ("Content-type: image/gif"); $image=imagecreatefromjpeg("images/captcha.jpg"); //Making the color white $white = imagecolorallocate($image, 255,255,255); //Displaying captcha text imagestring($image, 12, 15, 15, $captcha, $white); //Creating the image, then removing it from memory imagegif($image); imagedestroy($image);
If you read the image tutorials, most of this will seem like a review. We first create a
header to tell the browser that we are going to be using a gif file. The next line we
create a variable that creates and image from an existing image. Before hand we used
GIMP to create a background for our captcha. This is what the background looks like:
Next, we define the color white, since we need to make our text color white to be used
with the captcha background. After this, we tell PHP that we need to display the captcha
text onto the image. We declear that the font will be 12 pixels, and that the text will
start at 15 pixels down and 15 pixels to the right of the left edge. The final two lines
create the image in the server's memory, then removed it from memory when we are finished
with it. You can now save this as a file on your server.
Even though this creates our captcha, we have to create some code to verify that what the user inputs matches what the captcha actually is. When we need to use the captcha we will use code similar to the code below.
<?
session_start();
if ($_REQUEST['captcha_input']){
if ($_SESSION['captcha'] === $_REQUEST['captcha_input']){
echo "Captcha matches";
}else{
echo "Captcha does not match";
}
}
?>
<img src="images/captcha.php">
<form method="POST" action="<? echo $_SERVER['php_self']?>">
<input type="text" name="captcha_input">
<input type="submit" value="Submit">
</form>
The first thing we do is start the a session. This is because we need to get the value of the captcha variable we passed to the session in the code that creates our captcha. We then create an if statement. This just verifies if the user has put something into the HTML form, and if the user has then it executes. Inside the first if statement, there is a second if statement. This if statement is comparing the value stored in the $_SESSION['captcha'] variable to the users input. If the values are the same, then the statement echoes "Captach matches". If the values do not match, then the statement echoes "Captcha does not match."
After the PHP code, there is an image tag, and a basic HTML form. The image tag is calling for the captcha code that we created. The header part of that code will tell the browser to treat the PHP code as a gif image. After this there is a simple form that when submitted it reloads the page, and passes the value entered into the text field to $_REQUEST via post.