Secure capcha script

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • script Secure capcha script

    Heres a little script that I've been working on.

    It's basically a capcha script.

    It uses the base64 encryption to hide the image code from spam bots.
    And also because spam bots reads your source, i included a little hidden checkbox which many of them
    would click anyway.

    They will then be redirected to they're localhost, and it will also be logged that the bot has been there.
    You will have to work around with my code to implement it on your websites if you wish too.

    But please, do not use any of my work on websites containing adult content.

    ==========
    Also a word of thanks to Gumslone for giving me the idea, and leading me in the right path of encoding some stuff.

    Here you go, and enjoy guys.

    Quintin
    Attached Files
    Last edited by Android404; 18.08.15, 11:59.

  • #2
    base64 isn't safe from bots - gums way he advised is a better way of doing it by making a unique encryption

    Comment


    • #3
      for encoding and decoding you could use this functions: http://coding-talk.com/forum/main-fo...8233#post48233

      Comment


      • #4
        The best way to implement captcha is to set the text to draw and & the answer within the captcha file set the "answer" as session in captcha and verify user input / post data against the captcha session on the file you are verifying data, this way you don't need to put answer in source and is more safe , so no need to encode the captcha answer in order to verify it since you have it as session on server side.

        Setup random captcha background color codes so if they use any ocr recognize scripts won't be easy to catch the answer .



        Here's my captcha
        PHP Code:
        <?php
        session_start
        ();

        $number1 mt_rand(1040);
        $number2 mt_rand(110);
        $sign mt_rand(12);

        if (
        $sign == 1) {
            
        $rep $number1 $number2;
            
        $string "$number1 + $number2 = ";
        } else {
            
        $rep $number1 $number2;
            
        $string "$number1 - $number2 = ";
        }

        $_SESSION['check_login'] = $rep;

        $im imagecreate(13030);



        $bg imagecolorallocate($immt_rand('150''250'), mt_rand('120''250'), mt_rand('10''250'));

        $textcolor imagecolorallocate($im000);

        $font '/fonts/Candice.ttf';

        imagettftext($im2201020$textcolor$font$string);

        for (
        $c 0$c 200$c++) {
            
        $x rand(0200 1);
            
        $y rand(030 1);
            
        imagesetpixel($im$x$y$textcolor);
        }

        header('Content-type: image/png');

        imagepng($im);
        imagedestroy($im);
        ?>
        Preview:

        Click image for larger version

Name:	captcha.png
Views:	1
Size:	536 Bytes
ID:	152748

        And check it like this :

        PHP Code:
        <?php
            
        if($_POST['form-captcha'] != $_SESSION['check_login'] ){

                 if(isset(
        $_SESSION['login_error'])){unset($_SESSION['login_error']);}

                 
        $_SESSION['login_error'] = "
                 <span class='error_login_msg'>
                 Error : Answer is not matching captcha !
                 </span>"
        ;
                
                 
        header('Location: ' $address '/login.php');
                 exit;
            }
        ?>
        On login.php display error :

        PHP Code:
        <?php echo $_SESSION['login_error'] ; ?>
        Last edited by just_m3.; 26.12.15, 15:56.

        Comment


        • #5
          The best way to implement captcha is https://developers.google.com/recaptcha/intro
          It is free. Why reinvent the wheel with a clunky solution that wouldn't be that great anyway?

          Comment


          • #6
            Originally posted by frostymarvelous View Post
            Why reinvent the wheel with a clunky solution that wouldn't be that great anyway?
            Because if no one tried reinventing wheels, we would be stuck with wooden wheels on our cars....
            Non metaphorical: If we all jumped straight to the "best way" then no new "better way" would be made (other than who is working on the original). Yes they may be clunky but the main thing is other ways are being explored.

            + Also you may not want to be sending user data to google

            Comment


            • frostymarvelous
              frostymarvelous commented
              Editing a comment
              Your argument is fallacious.
              Captcha is like Crypto and Auth. You don't want to roll your own. You want to use a tried and trusted solution.
              You use the best way and work on a better way that is at least as good as the best way.
              You don't go back to using captcha techniques that we used back in 2008 that no longer work.

              It is great to learn how to do these things, especially as a learning experience. But to assume that you are going to best some of the best engineers in the world with rudimentary techniques is...

              + I guess you don't use analytics, google search, chrome or android. Google already owns all user data. Get used to it.

          • #7
            [sarcasm]
            Oh I understand now:
            If someone makes the best (door lock/Operating system/[insert your word(s) here]) in the world, no one else should ever try to make a different one.
            We shouldn't experiment and find out what works and what doesn't for ourself's. We should believe everything that is wrote on text books/internet and not try to break the moulds.
            It Makes perfect sense now.

            + Yes I definitely mentioned myself. Yes Google owns all user data
            [/sarcasm]

            As for this topic, I'm done here, I come here to help others with there coding's, not to get into silly debates over "the best way".

            Peace out.

            Comment


            • #8
              [facepalm]

              Comment


              • #9
                I think for captchas using ReCaptcha would always turn out better atm. It doesn't mean you can't try to re-invent something else.
                ReCaptcha has a proven record and is better than almost every other solution at detecting bots/spam.

                Comment


                • Ghost
                  Ghost commented
                  Editing a comment
                  Originally posted by kevk3v View Post
                  try to re-invent something else.
                  why whats wrong with him LOL

              • #10
                PHP Code:
                <?php
                // Set the content-type
                header('Content-Type: image/png');

                // Create the image
                $im imagecreatetruecolor(7030);
                // Create some colors
                $white imagecolorallocate($im255255255);
                $grey imagecolorallocate($im128128128);
                $black imagecolorallocate($im000);
                imagefilledrectangle($im0039929$white);

                // The text to draw
                $text base64_decode($_GET['text']);
                // Replace path by your own font path
                $font 'georgia.ttf';


                // Add the text
                imagettftext($im2001020$black$font$text);

                // Using imagepng() results in clearer text compared with imagejpeg()
                imagepng($im);
                imagedestroy($im);
                ?>
                I would do

                PHP Code:
                <?php
                // Set the content-type
                header('Content-Type: image/png');

                // Create the image
                $im imagecreatetruecolor(7030);
                // Create some colors
                $white imagecolorallocate($im255255255);
                $grey imagecolorallocate($im128128128);
                $black imagecolorallocate($im000);
                imagefilledrectangle($im0039929$white);

                // The text to draw
                $text rand();
                // Replace path by your own font path
                $font 'georgia.ttf';


                // Add the text
                imagettftext($im2001020$black$font$text);

                // Using imagepng() results in clearer text compared with imagejpeg()
                imagepng($im);
                imagedestroy($im);
                ?>
                If none numbers mix..

                Comment

                Working...
                X