Registering Form Validation

**mburt** · 10-20-2006, 01:41 PM

I made a register/user login page (http://mburt.mb.funpic.org/reg_info.php) but I want to be able to validate my register page... ya' know, those images where you have to type in the letter/number combination in it. There's a name for it, but I have temporarily forgotten it

Is there a PHP function for this?

**mwinter** · 10-20-2006, 01:46 PM

You're referring to a CAPTCHA, yes? There's no single function for these that I know of: you'd use the GD library to generate the image dynamically. There probably are existing examples around, though.

Mike

**mburt** · 10-20-2006, 01:48 PM

Yes, that's the name. See the problem was that I forgot the name, so couldn't google it, and I've not much knowledge for it anyway. Thanks (again lol)

**mburt** · 10-20-2006, 05:01 PM

I didn't use captcha; I used a different method.
Something along these lines:

Code:

$texts = array("el301kfs","s94kf9ds","si340fsk","4iogfd0h","49ffle95","fo40fsl4","903mvlsmf");
$rand = rand(0,count($texts)-1);
header("Content-type: image/png");
$im = @imagecreate(80, 50)
   or die("Cannot Initialize new GD image stream");
$background_color = imagecolorallocate($im, 255, 255, 255);
$text_color = imagecolorallocate($im, 255, 0, 0);
imagestring($im, 2, 6, 5, $texts[$rand], $text_color);
imagepng($im);
imagedestroy($im);

**Twey** · 10-20-2006, 05:16 PM

CAPTCHA: Completely Automated Public Turing test to tell Computers and Humans Apart. This qualifies as a CAPTCHA, although it's bypassable by even the most rudimentary of bots and so not really worth the effort.

**mburt** · 10-20-2006, 07:22 PM

So how exactly could I make it more secure?

**Twey** · 10-20-2006, 08:08 PM

Look at Yahoo for some examples. There was a particularly good site that had a list of principles for a good CAPTCHA, but I can't find it now. They are, as far as I can remember:

Use a random string, not a dictionary word
Use a background that is technically indistinguishable from the text and requires human logic to figure out
Don't use well-formed or regularly-distorted letters; skew some parts, stretch others, fade from one colour to another...
Don't make all the letters the same size
Don't use the same shape for a single letter if repeated; apply transformations dynamically and randomly
Don't put the letters in a straight line.

Also, you must provide an audio CAPTCHA as an alternative for visually-impaired people. This should speak the letters at different intervals, different volumes, in different pitches and in different timbres, with a background sound that varies to cover the whole of the frequency range used by the voices, with the transformations again applied randomly to each letter.

**djr33** · 10-20-2006, 10:28 PM

Haha. Twey, audio? How would you even start going about that?
How about audio that says "please get a friend who can read this to you". I mean.. yeah, it sucks for someone who's blind... but a random string into an audio file? Ouch.

**mburt** · 10-20-2006, 10:38 PM

Alot of work to do there, lol

**Twey** · 10-21-2006, 11:37 AM

I mean.. yeah, it sucks for someone who's blind... but a random string into an audio file? Ouch.

There are several text-to-speech systems available. Have a look at Festival. You'd have to create the background sound first using something else, then create the sound using TTS, then merge the two. If you're not going to do the audio, then don't use a CAPTCHA at all: better to have a few spam messages on your pages than to block access to visually-impaired people (and since image CAPTCHAs are by necessity quite hard to read, it will be pretty much all visually-impaired people, not only those who are completely blind).

Thread: Registering Form Validation

Thread Tools

Search Thread

Registering Form Validation

Bookmarks

Bookmarks

Posting Permissions