#1
  1. A Change of Season
    Devshed Frequenter (2500 - 2999 posts)

    Join Date
    Mar 2004
    Posts
    2,566
    Rep Power
    171

    Simple quesiton about php logic and capcha data. Is this capcha effective?


    Is this capcha effective? I get a lot of spams.

    Logic in the head:
    PHP Code:
    <?php 
    if($_POST['captcha'] != $_POST['cp_confrim'])    
        {
            
    $error TRUE;
            
    $captcha_error TRUE;
        }
    ?>

    Code:
    <?php $rand_capch = rand(1,6);?>
    What is two plus <?php echo $rand_capch;?>  = <input type="text" style="name="captcha" />
    <input type="hidden" name="cp_confrim" value="<?php echo $rand_capch+2;?>" />
  2. #2
  3. Mad Scientist
    Devshed Expert (3500 - 3999 posts)

    Join Date
    Oct 2007
    Location
    North Yorkshire, UK
    Posts
    3,660
    Rep Power
    4123
    no, because you're sending the answer in the form as well

    You need to keep the answer secret, so the session is a good place to store it.

    I like the concept of thinking through a puzzle, rather than looking for scrambled messages.

    Here's one I built to test with - it shows a random plain text string containing alphanumeric characters and then asks for either just the numbers or just the letters

    php Code:
    session_start();
     
    function drawForm() {
     
    	$confusing = array('0','1','2','5','i','l','o','s','z','I','L','O','S','Z','8','B');
     
    	$upper = 'ABCDEFGHIJKLMNOPQRSTUVWXYZ';
    	$number = '0123456789';
     
    	$str = $number.$upper.$number;
     
    	$str = str_replace($confusing,'',$str);
     
    	$len = rand(8,12);
     
    	$f = rand(0,1);
     
    	for($i=0;$i<$len;$i++) {
     
    		$c = $str[mt_rand(0,strlen($str)-1)];
     
    		if(is_numeric($c)) {
    			$n.=$c;
    		} else {
    			$a.=$c;
    		}
     
    		$pw[] = $c;
    	}
     
    	if($f == 1) {
    		$alpha = true;
    		$code = $a;
     
    	} else {
    		$alpha = false;
    		$code = $n;
    	}
     
    	$_SESSION['code'] = $code;
     
    	$pw = implode(" ",$pw);
     
    	return "
    	<form action='?' method='post'>
    		<table>
    			<tr>
    				<td>Code:</td>
    				<td><pre>".$pw."</pre></td>
    			</tr>
    			<tr>
    				<td>Please enter just the ".($alpha ? "letters" : "numbers")." from the code</td>
    				<td><input type='text' name='code' /></td>
    			</tr>
    			<tr>
    				<td></td>
    				<td><input type='submit' value='Submit' name='submitted' /></td>
    			</tr>
    		</table>
    	</form>";
    }
     
    function processForm() {
     
    	$code = trim(strtoupper($_POST['code']));
     
    	if($code == $_SESSION['code']) {
    		return "Great, Thanks<br /><a href='?'>Take again?</a>";
    	} else {
    		return "OOPS, Please try again<br />".drawForm();
    	}
    }
     
    if($_POST['submitted'] == 'Submit') {
    	echo processForm();
    } else {
    	echo drawForm();
    }
    I said I didn't like ORM!!! <?php $this->model->update($this->request->resources[0])->set($this->request->getData())->getData('count'); ?>

    PDO vs mysql_* functions: Find a Migration Guide Here

    [ Xeneco - T'interweb Development ] - [ Are you a Help Vampire? ] - [ Read The manual! ] - [ W3 methods - GET, POST, etc ] - [ Web Design Hell ]
  4. #3
  5. Come play with me!
    Devshed Supreme Being (6500+ posts)

    Join Date
    Mar 2007
    Location
    Washington, USA
    Posts
    13,742
    Rep Power
    9397
    Keep in mind that even though ones like "what is two plus four" are unconventional, they are still easy to break automatically.
    PHP Code:
    // not that I would condone doing it this way, but to demonstrate how easy it is
    $captcha "what is four times three?";

    $solved = eval("return " strtr($captcha, array(
        
    "what is" => "",
        
    "zero" => 0,
        
    "one" => 1,
        
    "two" => 2,
        
    "three" => 3,
        
    "four" => 4,
        
    "five" => 5,
        
    "six" => 6,
        
    "seven" => 7,
        
    "eight" => 8,
        
    "nine" => 9,
        
    "plus" => "+",
        
    "minus" => "-",
        
    "times" => "*",
        
    "?" => ""
    )) . ";"); 
    The one I like best is

    but it would stop too many people
    Attached Images
  6. #4
  7. Mad Scientist
    Devshed Expert (3500 - 3999 posts)

    Join Date
    Oct 2007
    Location
    North Yorkshire, UK
    Posts
    3,660
    Rep Power
    4123
    I like that one - purely because so many real people would fail it!!!!

    Which reminds me, I have something like this as in interview question


    There
    Their
    They're

    "______ over ______ looking at ______ widgets"
    I said I didn't like ORM!!! <?php $this->model->update($this->request->resources[0])->set($this->request->getData())->getData('count'); ?>

    PDO vs mysql_* functions: Find a Migration Guide Here

    [ Xeneco - T'interweb Development ] - [ Are you a Help Vampire? ] - [ Read The manual! ] - [ W3 methods - GET, POST, etc ] - [ Web Design Hell ]
  8. #5
  9. No Profile Picture
    Dazed&Confused
    Devshed Novice (500 - 999 posts)

    Join Date
    Jun 2002
    Location
    Tempe, AZ
    Posts
    501
    Rep Power
    127
    I've come to like VisualCaptcha.

    You control all the code, it's easier than typing for the user, and has an audio alternative.
    LinkedIn: Dave Mittner
  10. #6
  11. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Aug 2011
    Location
    Sydney Australia
    Posts
    177
    Rep Power
    83
    Originally Posted by requinix

    The one I like best is

    but it would stop too many people
    Keep in mind some folks are visually impaired, and their screen reader might have problems with captcha.
    Depending on jurisdiction, you could be in a LOT of legal hotwater.
    Here in Australia, a visually impaired person sued SOCOG (Sydney Organising Committee of Olympic Games) back in 2000 because his screen reader couldn't read the SOCOG website. He won, and it cost SOCOG thousands.
    http://en.wikipedia.org/wiki/Maguire_v_SOCOG_2000
    Accessibility for disabled can be an issue.

    Comments on this post

    • requinix agrees : good point. on that note, IIRC reCAPTCHA offers audio versions
    Last edited by BarryG; September 1st, 2013 at 11:52 PM. Reason: Added reference url

IMN logo majestic logo threadwatch logo seochat tools logo