PHP Written Captcha

Hello,

This is just a small script to have the user enter a captcha without images. This captcha is generated by text.

Code:

---

//Quick script
<html>
<body>

<?php

$captcha = 'captcha';

$capshuffle = str_shuffle($captcha);

$halfcaptcha = substr($captcha, 1, strlen($capshuffle)/2);

echo $capshuffle;

if (isset($captcha)) //This can be changed to if (script) == 1 for positive redirect include form
{
//Code to execute here example...
/*
*@You can set this to include(@YourLoginScript) so that it will redirect to your home.php or html
*/


}

else if ($_GET['captcha'] = '') {

echo "The captcha you entered was incorrect.";

}

?>

<form action = "home.php" method = "get" />
Username: <input type = "text" name = "username" />
Password: <input type = "password" name = "password" />
Captcha: <input type = "text" name = "captcha" value = "..." onclick = "this.value=''">
<input type = "submit" name = "submit" value = "Login" />

</form>

</body>
</html>

---

I did not test this in a HTML supported browser so I only had access to making sure that the script for php had worked which it did. HTML Login alignment may or will be messed up or inaccurate but the function does work.


Let me break each line down:

Code:

---

$captcha = 'captcha';  //

---

On this line we are creating a string which we gave a value. I used the word 'captcha' but any other word will work.

next:

Code:

---

$capshuffle = str_shuffle($captcha); //

---

Next we use the 'str_shuffle' command to randomize our string word named captcha.

next:

Code:

---

$halfcaptcha = substr($captcha, 1, strlen($capshuffle)/2);

---

We assign a new variable and use the 'substr' to return a small portion of our string that is specificed from it's arugments. the 'substr' function allows 3 arguments to be passed. 'strlen' is used to count the amount of characters used in our string we made then divide that string by 2.

next:

Code:

---

echo $capshuffle;

---

Now we want to print out our yet shuffled word but also shortened string. Your output should be 5 characters long randomized to it's best.

next:

Code:

---

if (isset($captcha))

---

After most of our needed functions for the captcha to work are done. We then are now checking if the user entered the captcha.
This line of code checks if our string $captcha is set and is not 'nulled' or empty.

After the check it will execute whatever code you want it to below.

Code:

---

else if ($_GET['captcha'] = '')

---

This line of code will return the captcha and check if it's blank or a value is set . If not then it will return your desired message, in this example I made it execute "no string has been entered".

next:

Code:

---

<form action = "home.php" method = "get" />

---

This line will redirect the page from it's current to the desired 'home.php' while using the method GET.


next:

Code:

---

Captcha: <input type = "text" name = "captcha" value = "..." onclick = "this.value=''">

---

This line of code will be used based on the information that is represented in your PHP script. Since I've set a value to '...' it will appear in the text box. I included onclick so that once the user has pressed or clicked inside the box it will automatically disappear.
You may want to write the captcha inside a different .php then have it just "require_once(".php") for more understanding.


~ I hope you have use for it.

This method could easily be bypassed simply by parsing the page content for the captcha then printing its value into the textbox.

So if you're looking for a safe registering system, sadly, this wont do the trick...

Quote:

---

Originally Posted by Hilroy

This method could easily be bypassed simply by parsing the page content for the captcha then printing its value into the textbox.

---

It sure can but the whole point is that the user still has to insert something and that's all that matters. Copy / Paste no difference, Main point is keeping that user from logging in without writing something into the captcha box.

If the guest / user is capable of even writing the text or copying it we will know that it's human.

I mean the source of the script is above, anyone can feel free to add more security if needed.

Quote:

---

Originally Posted by WizCoder

It sure can but the whole point is that the user still has to insert something and that's all that matters. Copy / Paste no difference, Main point is keeping that user from logging in without writing something into the captcha box.

If the guest / user is capable of even writing the text or copying it we will know that it's human.

---

Actually, no...
If the bot parse the page, get the captcha and print it into the textbox, you wont have a clue if the captcha entered is human.. duh

Quote:

---

Originally Posted by WizCoder

It sure can but the whole point is that the user still has to insert something and that's all that matters. Copy / Paste no difference, Main point is keeping that user from logging in without writing something into the captcha box.

If the guest / user is capable of even writing the text or copying it we will know that it's human.

I mean the source of the script is above, anyone can feel free to add more security if needed.

---

na bro, scripts can do that. even GD captcha's can get cracked with some decent OCR. it's all about obscure images and shit like recaptcha.

Quote:

---

Originally Posted by EliteGM

na bro, scripts can do that. even GD captcha's can get cracked with some decent OCR. it's all about obscure images and shit like recaptcha.

---

Exactly! I'd just like to point this out because it reminded me of a client once who wanted a website of his own. Here's what happened: I added my own captcha to his website, and my captcha works just as well as recaptcha but he wouldn't accept unless it's recaptcha.

Somewhat a mind numbing experience that was.

Ah alright, Good to know. I'm guessing it's best to use recaptcha.

Whatever, feel free to use this since it's posted.
I wasns't aware of that stuff but I know I can make something more complex.

An old one of mine:

Code:

---

<?php               
session_start(); 
// Set the content-type
header('Content-type: image/png');

// Create the image
$im = imagecreatetruecolor(179, 43);
$transparent = imagecolorallocate($im, 0, 0, 0);
imagecolortransparent($im, $transparent);
imagefilledrectangle($im, 4, 4, 50, 25, $transparent);

// Create some colors
$white = imagecolorallocate($im, 255, 255, 255);

// The text to draw
$charset = "abcdefghijklmnopqrstuvwxyz0123456789";
for ( $i = 0; $i < 5; ++$i )
{
    $rand = rand(0, 35);
    $sesstext = $sesstext.$charset[$rand];
    $text[$i] = $charset[$rand]; 
}

// Place the text to session variable
$_SESSION['captcha'] = $sesstext;

// Replace path by your own font path
$font = "verdanai.ttf";

$leftmargin[0] = 5;
for ( $i = 1; $i < 9; ++$i )
{
    //Add chars!
    $anglerand = rand(-5, 6);
    $leftmargin[$i] = $leftmargin[$i-1] + rand(15, 30);
    $topmargin = rand(30, 30);
    imagettftext($im, 15, $anglerand, $leftmargin[$i], $topmargin, $white, $font, $text[$i-1]);     
}

// Using imagepng() results in clearer text compared with imagejpeg()
imagepng($im);
imagedestroy($im);
?>

---

Captchas are image based for a reason...

*cough*