PHP email form for dummies???

[katiebugla]

I will work on this now and let you know how it goes... I really appreciate all your help and understanding!

[katiebugla]

A couple of dumb questions:

1) In the part of the code where its says "<img src="http://yourdomain.com/captcha.php"..." - does the yourdoman need to be replaced with my site name?

2) I am brand new to php and not sure how to customize things - where/how would I got about making this fairly small as I don't have a lot of room to work with (see gscapedesign.com/contact_us.html)

I think I am beginning to understand the notes in the php file for captcha - I need to save some font files in my root folder???

[JShor]

You could just leave it as:

Code:

<img src="captcha.php alt="captcha" />

(assuming captcha.php is in the same directory as your form).

Yes, you need to save three font files named 1.ttf, 2.ttf and 3.ttf (they should be different).

This is so that different fonts are displayed at different times, randomly.

[katiebugla]

Same directory as in same root folder, right? As of now I have the blue box with a question mark? I could be missing other things I need to customize.

[katiebugla]

PHP Code:

<?php

session_start();
 
$str = "";
$length = 0;
for ($i = 0; $i < 6; $i++) {
    // these numbers represent ASCII table (small letters)
    $str .= chr(rand(97, 122));
}
 
//md5 letters and saving them to session
$letters = md5($str);
$_SESSION['letters'] = $letters;
 
//determine width and height for our image and create it
$imgW = 150;
$imgH = 50;
$image = imagecreatetruecolor($imgW, $imgH);
 
//setup background color and border color
$backgr_col = imagecolorallocate($image, 238,239,239);
$border_col = imagecolorallocate($image, 208,208,208);
 
//let's choose color in range of purple color
$text_col = imagecolorallocate($image, rand(70,90),rand(50,70),rand(120,140));
 
//now fill rectangle and draw border
imagefilledrectangle($image, 0, 0, $imgW, $imgH, $backgr_col);
imagerectangle($image, 0, 0, $imgW-1, $imgH-1, $border_col);
 
//save fonts in same folder where you PHP captcha script is
//name these fonts by numbers from 1 to 3
//we shall choose different font each time
$fn = rand(1,3);
$font = $fn . ".ttf";
 
//setup captcha letter size and angle of captcha letters
$font_size = $imgH / 2.2;
$angle = rand(-15,15);
$box = imagettfbbox($font_size, $angle, $font, $str);
$x = (int)($imgW - $box[4]) / 2;
$y = (int)($imgH - $box[5]) / 2;
imagettftext($image, $font_size, $angle, $x, $y, $text_col, $font, $str);
 
//now we should output captcha image
header("Content-type: image/png");
imagepng($image);
imagedestroy ($image);
?>

The only thing I changed here is the box size because I am trying to fit this in a very small space...

[katiebugla]

HTML Code:

Insert letters from image below:<br />
		<img src="captcha.php alt="captcha" /> <input type="text" name="captcha" /><br />

That's the html - nothing really different here...

[katiebugla]

And finally, here is what is in the directory - note the 1.ttf, 2.ttf, 3.ttf (did I do that right?)

[katiebugla]

Hey this is coming from someone fairly ignorant about web design/development, but I saw this on a comment section and wonder if there is validity to this?

Put it this way, if you have something to protect because someone can make money out of your service, a CAPTCHA is at most a road block. If you have a simple website and are just trying to keep out comment spam from bots, just add a simple “Enter the word ‘human’” field and check that. It will be just as effective and won’t annoy your users as much.

[djr33]

Basically anything at all (except a plain link) can stop bots. That doesn't mean the bots can't be reprogrammed to get around it-- they can be redesigned if someone cares. But that will make your site harder than most to access. If your site is important enough that bots are specifically targeting it, then you may need something harder to bypass.

A CAPTCHA is the best method available (at least of the methods commonly used) and will generally stop bots. At worst it will be overkill for security and annoy your users.

Bots cannot usually bypass a captcha, although some try to, and this can happen either with weak captchas (easy to read) or with popular ones. Spammers attempt to maximize effect with minimal effort, so if they can program a bot to attack the most popular captcha, that's a better use of their time. In that way, if you make your own captcha or use an unpopular one, you'll be safer just for that reason.

The real question is how much security you really need on your site.

Also, don't forget that there ARE human spammers out there, and there are other cases where humans can help bots to bypass security. So nothing is going to be a perfect solution.


In summary, if you use a method like "type human in the box" then that will generally work. I'm not sure it will really be any easier or more pleasant for visitors, but that's your choice. It won't be as hard for a bot to get around as a captcha, so if someone would reprogram the bot for your site, that's when you'd need something stronger.


By the way, one interesting method I have seen that I believe is all but unbreakable by bots is using images as captchas: type "dog" or "cat" in the box based on what you see in the picture. (Of course it can be hard to make these function and if a bot can memorize all of the images or can just guess with a 50% chance, then that's a problem in itself.) The main problem with any non "copy" method is that speakers of another language might not understand. "Is this a picture of a perro or gato?" If you don't speak Spanish, that will make no sense. (Of course the question would be entirely in the other language-- "¿Es un imagen de un perro o un gato?") Or if you do speak Spanish, then what about "paka" and "mbwa"? (Swahili). The point is, if you have any visitors who don't speak English well, then guessing animal names (or anything like that) might be very hard. It's something to explore, though, if you need very strong security.

[JShor]

What problem are you having, exactly? Can you post a link to a page?