Title: Securing Web Forms with Simple PHP-CAPTCHA,
Required: GD lib,
Enclosed: source file,
Author: G.Sujith Kumar.
CAPTCHA an acronym for “completely automated public Turing test to tell computers and humans apart ". CAPTCHA technology enables you to discern human requests from computer generated requests on the Web, where such a distinction is difficult. Simply defined "Man can read machine can’t!”
In web available forms are always prone to attack by people who want to use your application for their own purposes. Many web sites use the CAPTCHA especially used to prevent bots from using various types of computing services.
The applications include preventing bots from taking part in online polls, registering for free email accounts, more recently, preventing bot-generated spam by requiring that the (unrecognized) sender pass a CAPTCHA test before the email message is delivered [implemented in Yahoo]. They have also been used to prevent people from using bots to assist with massive downloading of content from multimedia websites.
You have probably seen the CAPTCHA project in action at some of your Web destinations. Its principal tool is a randomly created image that contains a phrase unmentioned in computer-readable text on the rendered page. The form asks the user to provide the phrase. If the form post does not contain the correct phrase, you can safely assume either the human made a user error, or it wasn't a human at all.
By : sujithfem
Now it's time to put this code to work. A simple and often-used interface to implement this new security measure is the form on website. In this form you typically capture random number.
<code>
<form name="form1" method="post" action="form.php" ">
<table width="342" align="center" cellspacing="0" bgcolor="#D4D0C8">
<tr> <td align="center"><img src="php_captcha.php"></td><td align="center"> Please enter the string shown in the image in the form.<br></td><td align="center"><input name="number" type="text"></td><td><input name="Submit" type="submit" value="Submit"></td> </tr></table></form>
</code>
The following code use to create random numbers and this number are embedding with existing image file, the first line used to initiate session, which use to carry the user inputs.
<code>
<?php
session_start();
$RandomStr = md5(microtime());
$ResultStr = substr($RandomStr,0,5);
$NewImage =imagecreatefromjpeg("img.jpg");
?>
</code>
The second line [md5 (microtime ())] use to generate the random string, and the resultant string is trim by using third line [substr], which returns the portion of string specified by the start and length parameters.
The function imagecreatefromjpeg ("img.jpg") is use to create a image by existing image file and as back ground ,so that you need to give an image file path.
<code>
<?php
$LineColor = imagecolorallocate($NewImage,233,239,239);
$TextColor = imagecolorallocate($NewImage, 255, 255, 255);
imageline($NewImage,1,1,40,40,$LineColor);
imageline($NewImage,1,100,60,0,$LineColor);
imagestring($NewImage, 5, 20, 10, $ResultStr, $TextColor);
?>
</code>
After creation of back ground image, we generate some linear line, which is use to avoid the phrasing from random numbers, the respective lines are create by the function named imageline () and imagestring () use to draw a random string horizontally.
<code>
<?php
$_SESSION['key'] = $ResultStr;
?>
</code>
The resultant random number [trimmed one], carry through session especially for validation purpose.
<code>
<?php
header("Content-type: image/jpeg");
imagejpeg($NewImage);
?>
</code>
Finally above two functions are uses to display/out put the image to browser. So we can just call the particular file by through image source path, it will display the final image.
<code>
<?php
if(isset($_REQUEST['Submit'])){
$key=substr($_SESSION['key'],0,5);
$number = $_REQUEST['number'];
if($number!=$key){
echo ' Validation string not valid! Please try again!';}
else{
echo ' Your string is valid!';}
}
?></code>
I hope you know about the above code functionality, it’s about validating the user in put and actual random number, depends upon the application you may use the if and else conditions, that’s all
Conclusion
CAPTCHA can be a great way to limit the amount of successful, unwanted HTTP POST requests in your application, CAPTCHAs are by definition fully automated, requiring little human maintenance or intervention in administering the test. This has obvious benefits in cost and reliability; I hope the simple code is useful to understand the concept. Happy CAPTCHA-ing!
Click to
Download File| DISCLAIMER: The content provided in this article is not warranted or guaranteed by Developer Shed, Inc. The content provided is intended for entertainment and/or educational purposes in order to introduce to the reader key ideas, concepts, and/or product reviews. As such it is incumbent upon the reader to employ real-world tactics for security and implementation of best practices. We are not liable for any negative consequences that may result from implementing any information covered in our articles or tutorials. If this is a hardware review, it is not recommended to open and/or modify your hardware. |
More GUI Code Articles
More By Codewalkers
 developerWorks - FREE Tools!
|
David Barnes, Lead Evangelist for IBM Emerging Internet Technologies will discuss aspects of Web 2.0 that bring value to corporations, academia, and government. He'll also discuss IBM's vision around Web 2.0, including the importance of remixability and consumability. The discussion will culminate with examples of various IBM Software Group solutions you can use to get ahead of the Web 2.0 adoption curve.
FREE! Go There Now!
|
|
|
|
Effective governance for lean development isn’t about command and control. Instead, the focus is on enabling the right behaviors and practices through collaborative and supportive techniques. Hear from Scott Ambler on how it is far more effective to motivate people to do the right thing than it is to force them to do so. Learn how to form a lightweight, collaboration-based framework that reflects the realities of modern IT organizations.
FREE! Go There Now!
|
|
|
|
This whitepaper presents the benefits of successfully introducing static analysis into your organization using IBM Rational Software Analyzer. Additionally, it identifies some common pitfalls that can hinder the effective use of static analysis tooling as well as presents 10 simple strategies designed to help you quickly realize the value of static analysis using Rational Software Analyzer.
FREE! Go There Now!
|
|
|
|
Download the Rational Application Developer (RAD) v7.5 open beta code and start developing applications for the JEE5 standard which features EJB3.0, JPA, JSF 1.2, JSP 2.1 and Servlet 2.5 standards. When you use this beta you will see how you can increase developer productivity for already existing applications with improved support for refactoring, as well as adding new features to existing applications. In addition, the beta provides tooling for JD Edwards, Oracle, SAP, Siebel and PeopleSoft to improve the developer productivity with these enterprise systems.
FREE! Go There Now!
|
|
|
|
Discover how IBM Rational AppScan Standard Edition can help you detext vulnerabilities in your web applications in the Web Application Security eKit. IBM Rational AppScan is a leading suite of automated web application security solutions that scan and test for common Web application vulnerabilities. The new Web Application Security eKit provides you with valuable resources, including white papers, demos, and additional information on the benefits of testing your Web applications.
FREE! Go There Now!
|
|
|
|
Secure your Web applications with IBM Rational AppScan Standard Edition V7.7, previously known as Watchfire AppScan. This Web application security testing tool automates vulnerability assessments and scans and tests for common Web application vulnerabilities. Visit IBM developerWorks to download a free trial of IBM Rational AppScan Standard Edition V7.7.
FREE! Go There Now!
|
|
|
|
This whitepaper provides areas to consider when evaluating any software configuration management solution. It addresses how the IBM solutions (Rational ClearCase and Rational ClearQuest) meet the needs and requirements of both project leaders and developers to provide successful Software Change and Configuration Management.
FREE! Go There Now!
|
|
|
|
The Eclipse community is constantly working to extend Eclipse's functionality. In this webcast, learn about some of the most important and feature-rich projects under development. From multi-language support to plug-in development, tune in to see what Eclipse is capable of now.
FREE! Go There Now!
|
|
|
|
User communities play an important role in communication and collaboration around products, solutions and other areas of special interest to members. Successful communities are able to provide the right mix of content and services to deliver a value proposition that resonates with each audience. Join Tom Inman, VP of Marketing for Information and Platform Solutions as he introduces the new LeverageINFORMATION community. During this webcast, learn about the value provided by the community and how customers and partners derive value from the community in addressing their own technical and business challenges.
FREE! Go There Now!
|
|
|
|
With IBM Rational Systems Development Solution, you can deliver products faster with higher quality. Within this kit, Read the “Model Driven Systems Development” white paper to see how to improve product quality and communication. Then check out the rest of the e-Kit to learn more about important topics that can affect the success of any software project through customer examples, tutorials, informative Webcasts, and best practices for designing, building and managing systems. From start to finish, at every stage in your projects, Rational Systems Development Solution can help your company reach its full potential.
FREE! Go There Now!
|
|
|
|
All FREE IBM® developerWorks Tools!
|
/ 17 
