PDA

View Full Version : Flash-Based CAPTCHA



tech_support
03-04-2007, 02:53 AM
How do you make a Flash-Based CAPTCHA system using PHP with audio (TTS)

BLiZZaRD
03-04-2007, 04:07 AM
Is this a trick question? LOL pick one. :p

One method, I suppose is to make a bunch of sound files that spell out letters and/or numbers. Give them weird names like "Hdnk98w4.wav"

Then put them in a flash file. Use php to decide which file to load at any given time. Use flash to play the file and to check the correct password.

Like randomly select file "aheuihef927287.wav" then use AS:



//This is on a submit button supposing the visitor used an input text box
on(release){
if (_root.sound.name == aheuihef927287.wav && _root.input == test){
gotoAndStop("success frame");
}
}


Where "test" is what the aheuihef927287.wav said when played.

BLiZZaRD
03-04-2007, 04:13 AM
See the edit.

The confusion comes in I guess in that you don't need php and Flash, either or will do the same thing, and php alone more securely.

tech_support
03-04-2007, 04:18 AM
What I meant was....

Have a flash file eg. generatecaptcha.fla?captcha=[string here] and it'll generate the file.

BLiZZaRD
03-04-2007, 04:28 AM
No. Flash can talk to/from php, but Flash will be the display. I have never heard of any ability to use php type parsing to alter a flash file (in the URL meaning no flashfile.swf?captcha=....)

However, you can have the Flash file pull a string from php, and if you have php generate the random string Flash can display it on the page. The URL wouldn't change though.

Unless I am completely off the mark here and don't understand a word you are saying (this wouldn't be your fault)

tech_support
03-04-2007, 04:33 AM
but Flash will be the display

I want Flash to be the display. :) But just grab the string (?captcha=[string]) to show it.

If you still don't get me then I'll give you an example:

Say this will be the string:

9886

The filename will be generate.swf?string=9886

and on the page they'll be a flash file with the string

9886

and an audio button for the audio clip.

Note: This is NOT my pin number :D

BLiZZaRD
03-04-2007, 05:11 AM
Okay so I did understand you.

Here is how it will work:

String: 9886

filename in address bar will be: generate.swf (actually it SHOULD be generate.html)

on the page it will display: 9886

and a button for audio.

The URL will not change like it does with a php $_GET file, that is all done internally.

You will excuse me as it is about my bed time. I will be at work in about 5 hours, and back at my work computer in about 8. Once there (barring "real work") I will work on a live example for you to test and study. :)

tech_support
03-04-2007, 05:15 AM
Well let's see.... Current time: 5:14PM. 5:14+8 hrs = 1:14am. I'll be asleep by then.

Can you show me then how to play an audio file using Flash?

BLiZZaRD
03-04-2007, 05:43 AM
import the sound to your library (file>>import>>to library)

then you have 2 options.

1) drag the sound from your library to the stage directly, and it will be played when that frame is reached.

2) Use Action Script to attach it:



mySound.attachSound("idname");


The sound must still be in your library and linkage must be set (right click icon in library >>linkage>>export for action script)

Then you need to also start() and stop() sound see here (http://www.adobe.com/support/flash/action_scripts/actionscript_dictionary/actionscript_dictionary669.html) for details on those.

tech_support
03-04-2007, 05:56 AM
Scary results....

The voice is pitched and it's playing a thousand times.

BLiZZaRD
03-04-2007, 03:10 PM
Just go to your "Dummy Layer" first frame and add:



stop();

to the Actions Panel. The sound will then only play once.

Twey
03-04-2007, 03:18 PM
Why is Flash being used for this? :-\

BLiZZaRD, for reference, PHP can be used to generate Flash. The Ming library exists for exactly that purpose.

BLiZZaRD
03-04-2007, 04:55 PM
Hmm... I will have to look into that.

I don't often dwell in the Flash/php things very often. Just the high scroe list here and there :)

tech_support
03-06-2007, 04:29 AM
Why is Flash being used for this? :-\

Basically, just experimentation. But I'd like to see a CAPTCHA system with images as well.

Twey
03-06-2007, 01:43 PM
If I were you, I'd do that server-side too. Doing it with Flash would put some serious strain on the user's computer (and also deny access to people without serverside scripting support). Also, Flash is on the client, so the bots can simply extract the string used to create the CAPTCHA.

tech_support
03-07-2007, 04:28 AM
Ok. So how would I do that server-side (using PHP)?

BLiZZaRD
03-08-2007, 01:27 PM
Working on an example, give me a bit of time :D

tech_support
03-09-2007, 05:08 AM
No prob.

BLiZZaRD
03-10-2007, 04:10 PM
Well, I finally got a free minute.

It isn't pretty, just giving some examples, but I made a Flash CAPTCHA.

Right now it loads 1 of 5 random numerical and 1 of 5 random alphabetical strings from an array into a textbox that is "blocked" by a design.

You enter the letters you see in the empty text box and click the button.

If the alpha numeric code matches it tells you it matches, if they don't match it resets and gives you a new string.

And if you just click the button it prompts you to enter the code.

Not bad really, if I do say so myself.

I could probably add the audio too, if I was positive on how you wanted that to work along with the strings.

tech_support
03-11-2007, 07:11 AM
I was kinda looking for something like this: http://www.xpanel.com/images/check_flash.swf?dcol=0&lcol=16777215&cval=4kg8d

You see the "cval=4kg8d"?

If you click on the link, it'll show 4kg8d.

It uses JavaScript for the rest.

BLiZZaRD
03-11-2007, 02:06 PM
So besides using javascript, what does it do that mine doesn't? (note that in my example the CAPTCHA strings can be as short, as long or as simle or complex as you want, it's all defined in the fla.)

tech_support
03-12-2007, 05:47 AM
You can put the text in using GET.

You see if I change http://www.xpanel.com/images/check_flash.swf?dcol=0&lcol=16777215&cval=4kg8d
to
http://www.xpanel.com/images/check_flash.swf?dcol=0&lcol=16777215&cval=hello

It'll show 'hello'

BLiZZaRD
03-12-2007, 10:38 PM
Okay, I see your meaning now. I guess I just misunderstood what you wanted to actually accomplish with CAPTCHA.

I thought you wanted a Flash version of the GD CAPTCHA :)

Twey
03-13-2007, 08:36 PM
Also note that if you've got the text in plain form in the file URL, it's kind of pointless having a CAPTCHA in the first place...

BLiZZaRD
03-13-2007, 08:55 PM
Agreed. Which is why I set mine up to avoid the "hacks" and pulling the strings out of the swf automatically.

If the 2 random strings don't match the input box, there is no link, if you randomize it yourself you might get lucky (I was only doing 2 strings of 5 each you know) but more complex, 10 characters from an array of 45 each would do just nicely :)

tech_support
03-13-2007, 09:39 PM
Also note that if you've got the text in plain form in the file URL, it's kind of pointless having a CAPTCHA in the first place...
Well, It would be better if there was distorted text in a background.

BLiZZaRD
03-13-2007, 09:45 PM
Yes, but bots can't see text in Flash movies, unless it is on an input box or you have your dynamic text marked as selectable. Even then it is still hard and only the most sophisticated bots could have a chance of extracting it.

Twey
03-13-2007, 11:46 PM
Not so. The virtual machine is on the client; therefore, if the client really wants, it can read any and every variable and value used in the "movie."

Client-side CAPTCHAs are not secure. No, not even if they are in a compiled language. :)

BLiZZaRD
03-14-2007, 12:39 AM
IS SO! :p

If I have something to the effect of:



var array= [1,4,7,9,i,r,d,t,T,e,G,u,8,3],
[6,u,R,H,2,J,d,5,6,7,1,q,W],
[p,r,T,8,3,d,e,1,D,t,s,a,v,5],
[1,4,7,9,i,r,d,t,T,e,G,u,8,3],
[1,4,7,9,i,r,d,t,T,e,G,u,8,3],


blah blah you get the idea...

and I then have the Flash pull out 1 from each string in that array at random and display it on the screen, and then you have to enter the exact case sensitive string and then click a button, and then the on click event checks the two text boxes for a match, and then IF it matches exactly it will pull an URL from a file (php I use for security, but a xml or txt file will work as well) the bots won't be able to match the randomization.

If thy can, it won't be often enough to fill up my inbox (if on a form) or whathaveyou.

Granted I know what you are saying, and to a point I agree, but the difference here is inside the fla, inside the actionscript (which I can write into an external file all by itself so the fla/swf has limited or no AS actually in it at all) and not in the source code, as with JS.

It's a little more secure than I think you are giving it credit for.

mburt
03-14-2007, 12:55 AM
How would you de-compile a compiled flash program? :p Sounds impossible to me, but... meh.
Compiled flash program in Notepad:

&#208;&#207;&#224;&#161;&#177;&#225; >  &#254;&#255;      &#254;&#255;&#255;&#255;  &#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255; &#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255; &#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;R o o t E n t r y   &#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255; p&#170;|Y&#170;r&#207;ƒRASH €;^6c&#199; € C o n t e n t s   &#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255; E &#244;F P a g e 1   &#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255; 5 ' S y m b o l 3  &#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;  — 4 &#253;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#254;&#255;&#255;&#255;  6 &#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255; &#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#254;&#255;&#255;&#255;= 7 8 9 : ; < &#254;&#255;&#255;&#255;> ? @ A B C D &#254;&#255;&#255;&#255;F G H I J K L M N O P Q R S T U V W X Y Z [ \ ] ^ _ ` c &#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;d e f g h i j &#254;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;R o o t E n t r y   &#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255; p&#170;|Y&#170;r&#207;ƒRASH &#208;
6c&#199; € C o n t e n t s   &#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;  &#244;F P a g e 1   &#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255; &#213; S y m b o l 3  &#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;  — &#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255; &#253;&#255;&#255;&#255;&#254;&#255;&#255;&#255;&#254;&#255;&#255;&#255;  6

    &#254;&#255;&#255;&#255;             ! " # $ &#37; & ' ( ) * + , - . / 0 1 2 3 a &#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;7 8 9 : ; < &#254;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;b &#254;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;S y m b o l 2    &#255;&#255;&#255;&#255;  &#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255; &#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255; &#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;        

     &#254;&#255;&#255;&#255;          &#254;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255; &#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255; &#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;&#255;  CPicPage &#255;&#255; CPicLayer &#255;&#255; CPicFrame &#255;&#255; CPicShape € €    …&#234;&#255;&#255;&#185;&#249;&#255;&#255;Y  &#204;&#204;&#204;&#255; 3&#204;&#255; &#204;3&#255; &#255; &#255; &#211; &#198;<… €&#177;0&#192; 0 h0@&#252; 0 {&#251;&#212; %&#250;&#223; &#244;€<&#248;&#254;F „&#253;F <Œ&#254; „&#253;&#186;&#255;<&#248;&#254;&#186;&#255;&#248;&#254;V&#255;4 &#206;V&#255;<&#186;&#255;|&#186;&#255;<t |F %&#161; €&#247; ”&#246;›PŠ&#240;&#251;j&#254;~&#255;4 &#165; &#192;J&#255;&#202;&#254;4 &#165;&#182; &#200;&#254;4 [ &#192;&#182;€&#255;<  &#182;€ 4 [ A&#182; 84 [J&#255;64&#176;&#170;&#240;<j&#254;‚ &#240; L 0 h0&#209;&#247; &#212; 
&#248;@@€&#231; u &#224; g &#178; g &#210; &#178; ™t&#239;@&#203;€&#231; ‹&#240; &#249; 0 ˜&#254;0&#226; &#244; &#170;&#198;Ž> t&#254; š N š . N f4V&#198;T> Œ&#240; – &#209;  &#224; &#215; l e&#252; x&#212;! x€Q &#172;/ ˆ€Q&#247; &#255;E |&#255;&#168;4 &#201; X&#244;&#254;&#176; 4 &#177; &#242;&#254;P&#255;4 &#201; &#168;’&#255;X&#254;4 „n X&#254;4 8 &#168;P&#255;4 O &#176; 4 8 Xp &#168;&#243; ‚&#235;&#240;&#249;† 0  02&#208; 0 &#226;&#246;0, &#208;   &#244; xk&#232;pz 4 O =ž & Z &#254; &#209;&#244;.D &#179; w&#199;&#245;&#229; &#235; 4‚&#183; .&#172;&#254;\ 4  ‚&#254;†&#255;4 &#177; &#195;b&#255;&#218;&#254;4 &#170;ž &#218;&#254;4ˆL&#232;&#196;p†&#255;&#247; &#225;ˆ€&#248;&#196;&#241;&#255;&#252;&#254; W&#230;  &#206;&#180; W  24 F&#241;&#255;&#255; [&#239;4&#255;B&#180;&#255;
&#180;&#255;<&#200;
L <BL B&#184; 4 6&#190;&#254;&#184; <&#190;&#254;L &#246;&#252;L <8&#254; &#246;&#252;&#180;&#255;<&#190;&#254;&#180;&#255;&#190;&#254;H&#255;4 &#202;BH&#255;&#243; &#248;t&#254;&#161;&#254; 0 &#254;0 0 &#224;0a&#243; &#212;  H`€z L4 5 Lj p4 l–&#255;p &#204; L  L4 &#181; &#255;h&#255;4 &#204; &#180;˜&#255;&#254;4 ”h &#254;X3`&#182;€{ &#180;&#209;  &#247; € €        &#255;&#255;&#255;?&#255;&#255;&#255;&#254;&#255;   &#202; &#255;&#254;&#255; &#255;&#254;&#255;   € € &#255;&#254;&#255;L a y e r 1  &#255;&#255;&#255;&#255;O&#255;O&#255;   € €   &#255;&#255;  CPicPage &#255;&#255; CPicLayer &#255;&#255; CPicFrame &#255;&#255; CPicShape € €    &#173;&#234;&#255;&#255;&#167;&#231;&#255;&#255;
 &#255;&#255;&#255; &#238;&#255;&#255;&#255;5 &#191;&#233;&#255;&#255;&#238;&#255;&#255;&#255;T L 
&#228;5&#199;&#255;&#255;&#255;&#255;d &#247;  n6~. ‘ ‘&#232;&#253;"&#255;0&#162;&#236; <&#198;&#254; &#230;&#253;&#222; 4 ‘ p"&#255;< :&#222; 4 p p&#224; 0^ <:  &#255;4 p ‘&#224; &#232;&#253;< &#198;&#254; &#255;&#230;&#253; &#255;&#255;  CPicText € €
  &#252;&#255;&#255;&#186;&#254;&#255;&#255; &#208; &#255;&#255;  CPicPage &#255;&#255; CPicLayer &#255;&#255; CPicFrame € €        &#255;&#255;&#255;?&#255;&#255;&#255;&#254;&#255;   &#203;c &#255;&#254;&#255; &#255;&#254;&#255;   € &#255;&#255;  CPicText € €
  &#176; ( — ? ƒ@ &#255;&#254;&#255; p C o u r i e r N e w &#204;&#204;&#204;&#255;1  (  &#255;&#254;&#255;t e x t B o x &#255;&#254;&#255; &#255;&#254;&#255; € € €
  + 
–&#239;&#255;&#255;&#202;
Ÿ  &#255;&#254;&#255; A  C o u r i e r N e w &#255;&#255;&#255;&#255;1  (  E n t e r t h e t e x t y o u s e e a b o v e
i n t h e s p a c e b e l o w t h e n c l i c k
c h e c k . &#255;&#254;&#255; &#255;&#254;&#255; &#255;&#254;&#255; € € €
  &#176; 3 # &#252; A@ &#255;&#254;&#255; p C o u r i e r N e w &#255;1  (  &#255;&#254;&#255; i n p u t _ t x t &#255;&#254;&#255; &#255;&#254;&#255; &#255;&#255;
CPicSprite S Y    S Y       &#255;&#255;&#255;&#255;&#255;&#254;&#255;     ‰k &#255;&#254;&#255;&#255;Ao n ( r e l e a s e ) {

i f ( _ r o o t . i n p u t _ t x t . t e x t = = " " ) {

_ r o o t . a n s w e r _ t x t = " P l e a s e E n t e r t h e c o d e ! " ;

} e l s e i f ( _ r o o t . i n p u t _ t x t . t e x t = = _ r o o t . t e x t B o x . t e x t ) {

_ r o o t . a n s w e r _ t x t = " C o r r e c t ! T h e y M a t c h ! " ;

} e l s e i f ( _ r o o t . i n p u t _ t x t . t e x t ! = _ r o o t . t e x t B o x . t e x t ) {

_ r o o t . a n s w e r _ t x t = " S o r r y ! T h e y D o n ' t M a t c h ! " ;

}

}

&#255;&#254;&#255;c h e c k B t n    &#255;&#254;&#255;„< c o m p o n e n t m e t a D a t a F e t c h e d = ' t r u e ' s c h e m a U r l = ' ' s c h e m a O p e r a t i o n = ' ' s c e n e R o o t L a b e l = ' S c e n e 1 ' o l d C o p i e d C o m p o n e n t P a t h = ' 1 ' >
< / c o m p o n e n t >
€ € €
  ™ 0 &#167; T ƒ@ &#255;&#254;&#255;
a n s w e r _ t x t , C o u r i e r N e w &#255; &#255;  (  &#255;&#254;&#255;
a n s w e r _ t x t &#255;&#254;&#255; &#255;&#254;&#255; € €        &#255;&#255;&#255;?&#255;&#255;&#255;&#254;&#255;  
& &#255;&#254;&#255; &#255;&#254;&#255;   € € &#255;&#254;&#255;L a y e r 1  &#255;&#255;&#255;&#255;O&#255;O&#255;  € € € €        &#255;&#255;&#255;?&#255;&#255;&#255;&#254;&#255;   &#212; &#255;&#254;&#255; &#255;&#254;&#255;   € € { G    { G  &#166;     A &#255;&#255;&#254;&#255;     ;2 &#255;&#254;&#255; &#255;&#254;&#255;    &#255;&#254;&#255;„< c o m p o n e n t m e t a D a t a F e t c h e d = ' t r u e ' s c h e m a U r l = ' ' s c h e m a O p e r a t i o n = ' ' s c e n e R o o t L a b e l = ' S c e n e 1 ' o l d C o p i e d C o m p o n e n t P a t h = ' 2 ' >
< / c o m p o n e n t >
€ €        &#255;&#255;&#255;?&#255;&#255;&#255;&#254;&#255;   EN &#255;&#254;&#255; &#255;&#254;&#255;   € € &#255;&#254;&#255;L a y e r ....
It goes on.

tech_support
03-14-2007, 05:12 AM
Not so. The virtual machine is on the client; therefore, if the client really wants, it can read any and every variable and value used in the "movie."

Client-side CAPTCHAs are not secure. No, not even if they are in a compiled language. :)
Meh. I can't spend 3 days working on a CAPTCHA system that fools the bots. What if the user signs up and advertises? I'll just ban.

So... how can I do this?

Twey
03-14-2007, 08:53 AM
It's a little more secure than I think you are giving it credit for.It's certainly slightly secure; the elaborate scheme you created would probably fool most non-specific bots. However, a bot built specifically to spam on your site would have no problem getting through it. This just all seems very pointless to me, especially when it's so much easier to do serverside.
How would you de-compile a compiled flash program?With a Flash decompiler (http://www.decompiler-swf.com/) :)

tech_support
03-14-2007, 08:54 AM
I remember asking for that before...


But I'd like to see a CAPTCHA system with images as well.

BLiZZaRD
03-17-2007, 02:30 PM
What type of images?

Tell me exactly how you want the CAPTCHA system to operate, what it should have, what it is preventing sign ups for (i.e. email, to view a page, send a contact form, etc) and what you want it to entail.

I will build you an example, and if you like it we can then move on to better graphics and functionality, if you like :)

tech_support
03-18-2007, 05:31 AM
A CAPTCHA to prevent automated registration.

Here's an image that I like:

http://sam.zoy.org/pwntcha/cfxcaptcha71.jpeg

BLiZZaRD
03-18-2007, 02:01 PM
Okay, but you mentioned audio too, so what do you want to do with that?

tech_support
03-18-2007, 09:48 PM
Just a little "Play" button would do.

Twey
03-18-2007, 10:22 PM
Are we still talking Flash here? Anyone with a screenreader will be unable to view this anyway...

tech_support
03-19-2007, 12:11 AM
I'd like to see both Flash and Graphics.

tech_support
03-26-2007, 01:06 AM
Hello?

tech_support
03-31-2007, 04:05 AM
Hello........
I really need this you know.

deedee
04-22-2007, 04:37 PM
Just completed a captcha php script ( requires Ming installed ) that automatic can generate a flash movie from cratch. It will embed only fontoutlines and can embed the sound files ( mp3 ) from different language dirs also ( and with color image background options etc. ) . Package can be downloaded from http://scripts.titude.nl/