This is my first post (and topic) which I hope some might find of interest and maybe usefulness.. On one of my sites, I started getting a lot of spam (Med's type website) through my forums. I then started to think why not add image captcha, which is explained on wikipedia: en.wikipedia.org/wiki/Captcha I looked for sources and most scripts I found dealt with database storing of info, which I don't want to increase the already high load on my mysql engine. I then rewrote the script to work without database, simply by passing the variable via POST encoded, thus staying with purpose. Requirements for this script: +++++++++++++++++++++ * Working GD Library + ImageTTFText. Files we are going to use: +++++++++++++++++++++ 1) show_image.php -> Which will display an image of a text it receives via HTTP_GET after decoding it 2) contact_me.php -> the normal form you want to use the image with (demo) 3) functions.php -> has two functions we are going to use, if you change this filename, change the includes on both contact.php/show_image.php Working the script: +++++++++++++++++++++ 1) On your HTML form (contact_me.php in this example) add: - First we will generate a encoded code, lets say hid_num: --a hidden input called hide_num,that has the value of hid_num --an img src which has the value for show_image.php?code=hid_num 2) We will send this code to show_image.php via HTTP and then decode it in show_image.php and display it as an image. This requires the use of a font, in our case our font name is "COOPBLA.TTF" -> Insure legalities before using the font, can be changes on show_image.php settings. 3) When we submit the forum we will decode POST hid_num and compare it with what the user entered, if ok pass, else we will reload the post with a different image and value and error message. The complete script is attached, use by running contact_me.php. Any questions feel free to ask. Edit: I tried to use forum's upload system, but file is 200 KB above limit, so I am using megaupload: megaupload.com/?d=IP642DRI Peace,
Hi, I haven't looked at the code yet(it asks me to get Premium acct). And, from what you are saying, it seems that the captcha code (whether encoded or not) will be available in the source. So it would be a piece of cake for a spammer to parse the page automatically to get the code. Try using session variables. http://in2.php.net/manual/en/ref.session.php Or use the following class: http://www.phpclasses.org/browse/package/1569.html Thomas
That's right. My website also used verification image code by stored the code in the database - the table basically has to field: session_id and code, now each session, we can reinit the code, the use the image.php to generate the image, the checker script will compare the input code form user and that from database.