Captcha’s have become the most popular method to prevent these automatic programs from completing a form submission. A Capthca is a simple challenge-response test, usually requiring the person to repeat a text string that appears in an image, in a field on the form. Images are used to present the challenge because it is difficult for an automatic program to read from the image.
Download our Free Script First of all, you’ll need to download our free PHP Capthca Script here. The package will contain 2 files; post.php and validate.php, along with a validation folder for our images that will be presented to the user as the challenge. How the Script Works post.php post.php contains the code that generates the random test, as well as the html for displaying the form. Let’s take a look at the important parts of the script… In between the <head></head> tag of our document we first start the PHP session. A session in PHP is a way of storing information behind the scenes. In the case of this script, we will be storing the users name, comment as well as the validation challenge and the users answer to that challenge. switch ($rndimg){ case 2: case 3: case 4: case 5: Next our script randomly generates a number between 1 and 5 as we are going to have 5 different challeneges on our website. The switch function then chooses the image that represents the challenge chosen by the random generator. Our images are named 1, 2, 3, 4, 5 to keep things simple. Once the random image has been chosen, our comment form will then be displayed to the user along with the chosen validation image. However, before this happens, there are three different states at which the user could currently be at; filling in the form for the first time, filling in required fields that were missed, recieving the success message. Our script determines at what state the user is respectively at and either outputs; a blank form, the half completed form with message asking for remaining fields to be completed, a blank form with a success message. The script uses the information we stored in our PHP session to determine the current state of the process. In our session we have a variable (a container that stores information) called ‘output’. Should this variable be blank then the user has only just begun viewing the form. Should it have error messages in it, then the user hasn’t completed the required fields of the form. Should it have a success message, then the process is complete. The session variable is controlled in the validate.php file… validate.php validate.php is the ‘behind the scenes’ file that will test whether the user inputted the correct answer to the challenge and filled out all of the required fields in the form. Let’s take a look at the important parts of the script… $_SESSION['name'] = $_POST['name']; We begin by starting our session so we can store information there. In the above lines of code we are storing the posted name and comment into session variables. //check for comment Next we are checking whether the form was submitted (further down the script we redirect the user back to the form should they somehow have come straight to the validate.php script) and adding errors to the output variable should the user not input a name and comment. if ($_POST['validate'] != $val){ Above we have the important bit, checking the answer to the challenge was correct. First of all, we check atleast some sort of answer was inputted and if not, add an error to the output variable. Then, we need to take the number that was randomly generated in post.php, match that number with the challenge it corresponds to and see if the user has inputted the validation number that matches the challenge answer. Should they not, we can add another error message to the output variable. The above code will redirect from validate.php to post.php. Once our script is finished and the necessary status/error messages are stored in the session we can return to the post.php page where we can determine the state of the process. The Validation Images Example validation image Our example validation image above contains the answer to the challenge but to make it difficult for an automatic program to read, we’ve added an abstract pattern over the top of the answer to try and stop it from being easily readable. Should you want to change your validation images, we recommend making the text difficult to read by using a strange font, distoring the text, adding a pattern of the top and spreading each letter/number out etc. Although our image above has prevented exploitation on websites we have implemented it on, should this script and particular validation image become popular, the image may be too easy to read. We recommend making your own validation images as well as making a greater amount of them. Customizing the Script and Validation Image So now you have the script working on your website and you understand how it works, how can you customise it? Well, that’s quite a few things we can do. Let’s take a look at changing the validation images, adding more validation images and getting validate.php to do more than just return a success message. Changing the Validation Images Our validation images are stored in the validation folder. So let’s start by replacing the images. One of our new validation image We’ve made our new validation images and named them 1, 2, 3, 4, 5. In our example above we’ve attempted to make the image a little more complex by using different fonts, placing some of the numbers together and putting a texture over the top. It takes a little more time to read this one by eye, so it should be great for stopping an automatic program from reading it. Our new set of challenge answers now need to be put into the script. Example: image 1 (the one above) has an answer of 578933. So when the PHP script randomly generates image 1, it needs to know the answer to that image challenge. Open validate.php and find the following code: We need to change the answers for each image. Line 1 above is the answer for image 1. So let’s change that first… Above, we’ve simply replaced $val = “1498″; with $val=”578933″; That’s all we have to do for each new validation image. It’s crucial that the answers we’re putting into the script match the answers in each image else the system will never work! $_SESSION['val'] == “1″ should also have the same number as the name of the image file (1.jpg). Adding More Validation Images If you’re website is popular, we recommend you use more than 5 images but how can we add more? Let’s make another 5 validation images to have 10 in total. These new images will be called: 6.jpg, 7.jpg, 8.jpg, 9.jpg, 10.jpg and we’re going to save them in the same validation folder as the other images. Open post.php and look for the following: The top line of code determines the range of numbers to randomly generate one from. Currently it’s set to 1 - 5 so let’s make it generate any number from 1 - 10. Simple! We now have a range of 1 - 10. Now look for the switch function: case 2: case 4: case 5: Currently, the switch function is saying: “If number 1 is generated, the image to use is 1.jpg. If number 2 is generated, the image to use is 2.jpg.” and so on. We need to add anoter 5 cases for our new set of images. case 2: case 4: case 5: case 6: case 8: case 9: case 10: Using the above our script will now choose from any of the 10 validation images. Now we need to add the answers for the 5 new images. Open validate.php and find the following: Let’s add 5 more of these “if” statements for the newly added set of 5 images. And there we have it! Our script can now challenge a user to 10 different validation images. Remember when you’ve made these new changes to upload them to your website. Your new PHP Captcha Script can be implemented our any type of form that you think may be exploited by automatic programs. We find it particularly useful on registration, comment and contact forms.
$_SESSION['val'] = $rndimg;
case 1:
$imgsrc = “1.jpg”;
break;
$imgsrc = “2.jpg”;
break;
$imgsrc = “3.jpg”;
break;
$imgsrc = “4.jpg”;
break;
$imgsrc = “5.jpg”;
break;
}
$_SESSION['comment'] = $_POST['comment'];
$output = array();if (empty($_POST['name'])){
$output[] = “Please enter a name.”;
}
if (empty($_POST['comment'])){
$output[] = “Please enter a comment.”;
}
$output[] = “Please enter the validation number.”;
unset($_SESSION['val']);
}else{
if ($_SESSION['val'] == “1″){$val = “1498″;}
if ($_SESSION['val'] == “2″){$val = “5409″;}
if ($_SESSION['val'] == “3″){$val = “6112″;}
if ($_SESSION['val'] == “4″){$val = “7415″;}
if ($_SESSION['val'] == “5″){$val = “8743″;}
$output[] = “Please enter the correct validation number.”;
}
}
if ($_SESSION['val'] == “2″){$val = “5409″;}
if ($_SESSION['val'] == “3″){$val = “6112″;}
if ($_SESSION['val'] == “4″){$val = “7415″;}
if ($_SESSION['val'] == “5″){$val = “8743″;}
$_SESSION['val'] = $rndimg;
$_SESSION['val'] = $rndimg;
case 1:
$imgsrc = “1.jpg”;
break;
$imgsrc = “2.jpg”;
break;case 3:
$imgsrc = “3.jpg”;
break;
$imgsrc = “4.jpg”;
break;
$imgsrc = “5.jpg”;
break;
}
case 1:
$imgsrc = “1.jpg”;
break;
$imgsrc = “2.jpg”;
break;case 3:
$imgsrc = “3.jpg”;
break;
$imgsrc = “4.jpg”;
break;
$imgsrc = “5.jpg”;
break;
}
$imgsrc = “6.jpg”;
break;case 7:
$imgsrc = “7.jpg”;
break;
$imgsrc = “8.jpg”;
break;
$imgsrc = “9.jpg”;
break;
$imgsrc = “10.jpg”;
break;
}
if ($_SESSION['val'] == “2″){$val = “5409″;}
if ($_SESSION['val'] == “3″){$val = “6112″;}
if ($_SESSION['val'] == “4″){$val = “7415″;}
if ($_SESSION['val'] == “5″){$val = “8743″;}
if ($_SESSION['val'] == “2″){$val = “5409″;}
if ($_SESSION['val'] == “3″){$val = “6112″;}
if ($_SESSION['val'] == “4″){$val = “7415″;}
if ($_SESSION['val'] == “5″){$val = “8743″;}
if ($_SESSION['val'] == “6″){$val = “7776″;}
if ($_SESSION['val'] == “7″){$val = “6782″;}
if ($_SESSION['val'] == “8″){$val = “1125″;}
if ($_SESSION['val'] == “9″){$val = “5254″;}
if ($_SESSION['val'] == “10″){$val = “2002″;}
