Hi,

I've tried to use Captcha on my server (RedHat Enterprise 4) using what came with it (PHP, MYSQL, APACHE) but it didn't display the image (gave me box with cross inside) So I downloaded XAMPP the latest version 1.6 and installed on this server, but still get the same result.

Here is the code that I'm using:

<?php
error_reporting(E_ALL);
session_start();

/*
* File: CaptchaSecurityImages.php
* Author: Simon Jarvis
* Copyright: 2006 Simon Jarvis
* Date: 03/08/06
* Updated: 07/02/07
* Requirements: PHP 4/5 with GD and FreeType libraries
* Link: http://www.white-hat-web-design.co.uk/articles/php-captcha.php
* 
* This program is free software; you can redistribute it and/or 
* modify it under the terms of the GNU General Public License 
* as published by the Free Software Foundation; either version 2 
* of the License, or (at your option) any later version.
* 
* This program is distributed in the hope that it will be useful, 
* but WITHOUT ANY WARRANTY; without even the implied warranty of 
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 
* GNU General Public License for more details: 
* http://www.gnu.org/licenses/gpl.html
*
*/

class CaptchaSecurityImages {

  var $font = 'monofont.ttf';

  function generateCode($characters) {
        /* list all possible characters, similar looking characters and vowels have been removed */
        $possible = '23456789bcdfghjkmnpqrstvwxyz';
        $code = '';
        $i = 0;
        while ($i < $characters) { 
              $code .= substr($possible, mt_rand(0, strlen($possible)-1), 1);
              $i++;
        }
        return $code;
  }

  function CaptchaSecurityImages($width='120',$height='40',$characters='6') {
        $code = $this->generateCode($characters);
        /* font size will be 75% of the image height */
        $font_size = $height * 0.75;
        $image = @imagecreate($width, $height) or die('Cannot initialize new GD image stream');
        /* set the colours */
        $background_color = imagecolorallocate($image, 255, 255, 255);
        $text_color = imagecolorallocate($image, 20, 40, 100);
        $noise_color = imagecolorallocate($image, 100, 120, 180);
        /* generate random dots in background */
        for( $i=0; $i<($width*$height)/3; $i++ ) {
              imagefilledellipse($image, mt_rand(0,$width), mt_rand(0,$height), 1, 1, $noise_color);
        }
        /* generate random lines in background */
        for( $i=0; $i<($width*$height)/150; $i++ ) {
              imageline($image, mt_rand(0,$width), mt_rand(0,$height), mt_rand(0,$width), mt_rand(0,$height), $noise_color);
        }
        /* create textbox and add text */
        $textbox = imagettfbbox($font_size, 0, $this->font, $code) or die('Error in imagettfbbox function');
        $x = ($width - $textbox[4])/2;
        $y = ($height - $textbox[5])/2;
        imagettftext($image, $font_size, 0, $x, $y, $text_color, $this->font , $code) or die('Error in imagettftext function');
        /* output captcha image to browser */
        header('Content-Type: image/jpeg');
        imagejpeg($image);
        imagedestroy($image);
        $_SESSION['security_code'] = $code;
  }

}

$width = isset($_GET['width']) ? $_GET['width'] : '120';
$height = isset($_GET['height']) ? $_GET['height'] : '40';
$characters = isset($_GET['characters']) && $_GET['characters'] > 1 ? $_GET['characters'] : '6';

$captcha = new CaptchaSecurityImages($width,$height,$characters);

?>

And here is the code that using it:

<?php 
session_start();

if( isset($_POST['submit'])) {
   if( $_SESSION['security_code'] == $_POST['security_code'] && !empty($_SESSION['security_code'] ) ) {
      // Insert you code for processing the form here, e.g emailing the submission, entering it into a database. 
        echo 'Thank you. Your message said "'.$_POST['message'].'"';
   } else {
      // Insert your code for showing an error message here
        echo 'Sorry, you have provided an invalid security code';
   }
} else {
?>

  <form action="form.php" method="post">
        <label for="name">Name: </label><input type="text" name="name" id="name" /><br />
        <label for="email">Email: </label><input type="text" name="email" id="email" /><br />
        <label for="message">Message: </label><textarea rows="5" cols="30" name="message" id="message"></textarea><br />
        <img src="CaptchaSecurityImages.php?width=100&height=40&characters=5" /><br />
        <label for="security_code">Security Code: </label><input id="security_code" name="security_code" type="text" /><br />
        <input type="submit" name="submit" value="Submit" />
  </form>

<?php
      }
?>

I've uploaded it on a remote server and it worked fine. When I ran phpinfo(); on the remote GD was there but not on the local server, I thought XAMP will solve it but it didn't and I don't know how to make it working on Linux, on windows its just remove ; from:

;extension=php_gd2.dll

Can you please help me?

Thank you

    This might not be the most helpful response, but its worth mentioning. Current captcha methods rely mostly on obscured images, which is fairly effective at thwarting automation because computers have a tough time figuring out what the box says. However, as image analysis software becomes more advanced this method will work less and less and the images will have to be more and more difficult to read for humans. There are times already when I have trouble making out what is in that box.

    The other more immediate issue with this method is that it completely violates accessibility standards by preventing blind users from ever being able to complete them.

    A more effective method from an accessibility stand point, and possibly from the standpoint of thwarting automation would be extremely simple quiz-type questions. Examples:

    What is the third letter in Fishing?
    How many days are in a week and two days?
    What is the sum of 5 and nine?

    By randomizing the structure, content, and grammar of the questions it should be pretty easy to randomize and create an effective captcha system that could thwart automation. Plus, this system would adhere to all accessibility standards and would potentially use less processing time. The only downside is that it would require the building of a database of possible values or question types and some long thought about how to make them as unpredictable as possible. I am working on one myself for my project.

    PS: You won't get as much assistance from this forum if you are asking about someone else's script and not one you wrote yourself.

      Quite a nice idea, the only problem that I see is the answer is open to interpretation, spelling errors and so forth. If you provide multiple choice answers, it will become to easy too get around.

        I can't see that there would be room for interperation with the questions that examancer show here. There are more than one correct answer to the second and third question, but by checking for both the number and the english word converted into lower case it should not be more than 2 possible answers. Spelling errors should not be a big problem either, although people might not now how to spell to thirteen they would be able to write 13 instead.

          I think the key to such a system would be keeping the questions simple, so asking for the answer in numerics or single letters, or asking questions with answers that are easy to spell. If by chance the user doesn't understand the question or is really that dumb, you can just show them another question :-P

            Write a Reply...