beta it republik » News

News

Untitled Document
News

Tutorial on Improving Security with a PHP Captcha

Stark in the Fuzzy Opinions web site provides you a tutorial on improving security with a PHP Captcha. For the unacquainted, he explains a captcha is one of those little boxes you see that asks you to type in a random for verification of your identity. There are many different varieties, but the basic idea is an image that is obscured slightly but readable by a human and used as a passcode for secure entry to a system or task. He gives the following captcha to facilitate better understanding:



He says, the user is asked to type in the string buried inside the image, and if it matches, they are given access to a specific resource, such as posting a comment or logging into a site.

He gives the following seven steps to know about the basic idea behind adding a captcha to any web site:

  • Generate some random text.
  • Add that text to a cookie/session/database so you can retrieve it again from another page
  • Write the text onto an existing image
  • Display the image to the user wanting access to a resource
  • Provide a form, where the user enters the code and submits the form
  • Verify the code against the key you stored in step 2
  • If the codes match, then grant access


He describes the following section to step through a code for a very basic example of a captcha script for your web site. The sections are as follows:

Generating the Key and Storing It for Verification

He says, the first step in the process of building a working captcha system is to generate a string of random text. He uses the functions microtime( ) and mktime( ) to create a totally random string, and then encrypt it using the md5( ) encryption tools built into PHP. He explains with an example code.

Displaying the Random Text on the Captcha Image

After generating the captcha key and storing it in the session for later verification, he says that it is necessary to display it. This is accomplished using the PHP GD image package and he provides a code example to clarify the concept.

Setting Up the Captcha Entry Page

To verify correct entry of the captcha code, you need to setup a form, which allows the user to see the captcha, and has a text field for them to type in the text they see. You will also need a submit button to send the entered results for verification, he says. To provide a better clarification, he gives an example.

He concludes by saying, this tutorial covers the very basics of a captcha solution written in PHP but it is far from the most robust solution available. He says, there are many improvements that can be made, using this tutorial as a base, which will make things difficult for spammers to break.

Download the example code here.

Links

Comments



Name:




Comment:

Captcha Verification !
captcha_image