I hate bots on the net. (Except when I’m using them to drive traffic to my blog.) But as a web programmer they are a pain in my Ethernet port if you catch my drift. So how do you keep them out but let people in? You use those little boxes of random letters and numbers that you can read and decipher but (currently) computers can’t.
The technical term for these images is Captcha. They are used to protect your site by showing something that a computer can’t recognize but a human can. (most of the time) They are usually placed on your registration page but they can be placed anywhere you want to make reasonably sure you are dealing with a person and not a bot. To use them, you simply place the image somewhere on your page, ask the user what they see and then validate the results. The concept is simple but how do you implement it without sitting at Photoshop all night creating thousands of images? Well, the boys and girls over at CodeFX.com have put together a little tutorial to show you how they did it.
Most of you will like this, it’s a lot of code and just a few lines about what it does. (If you are in management, you might want to grab a programmer before visiting the page.) The code looks reasonably complete and a quick reading shows that it should do the job. This isn’t the most complex captcha I’ve seen written in PHP. It is however, a simple one that you can use if you want to dive in and figure out what is going on. The code is clean and simple so you can easily grasp and extend it.
Reading it over, they don’t mention it directly, but it is implied that you need your copy of PHP compiled with the gd libraries. Also, you will need a TrueType font file. Most machines have some lying around somewhere but if you draw a blank, here’s a hint: Ask Google and you shall receive.
=C=
Comments (Login to leave comments)
Consider the UK law which states that disabled users should have access to all features on websites (not to mention just good practice and manners). Also what about text only browsers? 2 problems staight away - these users cannot read/see the image, and will not be able to submit forms. Some sites have gone just one step further by allowing the user to listen to the Letters, but this is still not good enough (not everyone has speakers, or can hear for that matter).
So what is the solution??
Well, why not ask the user a general question with only one posible answer? if the answer is valid then they are good to go! php.net have introduced something alone these lines in the comments section of the online manuals. This may not be bullet proof, but is certainly better than stupid messed up images that are hard or impossible to read!
php.net can do it because if your posting a comment about php you should know php!
So you came up with 100 questions that you could ask that EVERYONE apparently knows the answer to, except for a computer, well..
Why not write a script that reloads your page to grab all your questions, then I'll sit down for a few hours and come up with all the answers, put them in my script and flood your website with "user authenticated answers".
I agree captcha isnt good for text browsers and possibly some disabled people but I dont think asking questions is going to be a better alternative, for my site I'll take the security I feel captcha gives me over asking random questions to random people.
I like how php.net does it but php.net is such a specific site its hard to say "what they do works for everyone".
Just my $0.02