Problem with image verification

otakatun Well-Known Member

Messages:: 388

Likes Received:: 21

Best Answers:: 0

Trophy Points:: 108

#1

I have write a simple code for image verification(something like captcha) to prevent a spam been send from my website contact form.

However, there's a problem where as it seem the robot/spammer can bypass this script.
I need help for understanding the better way for preventing this can be happen(so I will only receive a valid msg from the user).

The way I am storing the verification code is by stored it in a $_SESSION

Thanks in advance

otakatun, Nov 3, 2010 IP

krishmk Well-Known Member

Messages:: 1,376

Likes Received:: 40

Best Answers:: 0

Trophy Points:: 185

#2

plz. post your PHP code so that we can help...
However if the spam messages are submitted by Human Beings.. its very difficult to stop them..

krishmk, Nov 3, 2010 IP

otakatun Well-Known Member

Messages:: 388

Likes Received:: 21

Best Answers:: 0

Trophy Points:: 108

#3

Hi krishmk,

Sorry coz not showing the code, so here it is:

The image constructed script:

session_start();
function valid_char() {
$vc="ABCDEFGHIJKLMNOPQRSTUVWXYZ";
$vl=strtolower($vc);
return "0123456789$vc$vl";
}
function get_captcha() {
$c=valid_char();
for ($i=0; $i<4; $i++) {
$r=substr($c,rand(0,strlen($c)-1),1);
$vt.=$r;
}

// set into session
$_SESSION['captcha']=$vt;
return $vt;
}
function get_font() {
$dir=dirname(__FILE__)."/ttf/";
if ($handle=opendir($dir)) {
while (false !== ($file = readdir($handle))) {
$curFile="$dir$file";
$extFile=strstr($file,".");
if ($file!="." && $file!=".." && $extFile==".ttf") {
$fonts[]="/ttf/$file";
}
}
closedir($handle);
}
return $fonts;
}

$vt=get_captcha();

$im=imagecreatetruecolor(90,28);

$shadow=imagecolorallocate($im,255,255,255);

$fill=imagecolorallocate($im,255,0,0);

$grey_shade=imagecolorallocate($im,170,179,170);

imagefill($im,0,0,$grey_shade);

$fz=14;
$fa=0;
$fonts=get_font();
$font=$fonts[rand(0,count($fonts)-1)];

// First we create our bounding box for the first text
$bbox = imagettfbbox($fz, $fa, $font, $vt);

// This is our cordinates for X and Y
$x = $bbox[0] + (imagesx($im) / 2) - ($bbox[4] / 2);
$y = $bbox[1] + (imagesy($im) / 2) - ($bbox[5] / 2) - 3;

// Add some shadow to the text
$draw=imagettftext($im, $fz, $fa, $x+1, $y+1, $shadow, $font, $vt);

// Add the text
$draw=imagettftext($im, $fz, $fa, $x, $y, $fill, $font, $vt);

header("Content-type:image/png");

imagepng($im);
imagedestroy($im);
Click to expand...

The form validation script(some part of it:

if ($_SERVER['REQUEST_METHOD']=="POST") {
//enquiry form
$yname=$_POST['name'];
$email=$_POST['email'];
$subject=$_POST['subject'];
$msg=$_POST['message'];
$ip=$_SERVER['REMOTE_ADDR'];
$vcode=md5($_POST['vcode']);
$svc=$_SESSION['captcha'];

if (!$name) {
$class="alert";
$err="<li>You need to enter your name.</li>\n";
}
if (!$email) {
$class="alert";
$err.="<li>Email address must be specified and please make sure it's an active account.</li>\n";
} elseif (!preg_match("/^[^0-9][A-z0-9_]+([.][A-z0-9_]+)*[@][A-z0-9_]+([.][A-z0-9_]+)*[.][A-z]{2,4}$/",$email)) {
$class="alert";
$err.="<li>The specified email address(<strong>$email</strong>) is not in valid address.</li>\n";
}
if (!$subject) {
$class="alert";
$err.="<li>You need to enter the subject of your enquiry.</li>\n";
}
if (!$msg) {
$class="alert";
$err.="<li>Message can't be empty, please enter your enquiry message respectively.</li>\n";
}
if (strip_tags($msg)!=$msg) {
$class="alert";
$err.="<li>Message can't have any of HTML tags, please enter a plain text only.</li>\n";
}
if ($vcode!==$svc) {
$class="alert";
$err.="<li>Verification Code ".($vcode ? "not matched the code shown on the image!" : "need to be specify!" )."</li>\n";
}
if ($err) {
$err="<ul>$err</ul>";
} else {

$to = <myemailaddress";
$subjects = "Subject: $subject";
$headers = "From: $email\r\n".
"Reply-To: $email" . "\r\n" .
"X-Mailer: PHP/" . phpversion();

$ehost=trim(strrchr($email,"@"),"@");

if (mail($to, $subjects, "Name: $yname \n User IP: $ip \n Message: \n $msg", $headers, "-f $email")) {
$class="info";
$err="Thank you $yname for submitting an enquiry. Please allow around 2 days/48 hours for replying your enquiry. - Otakatun";
} else {
$class="alert";
$err="I'm sorry but currently this enquiry form didn't work properly.";
}
}
}
Click to expand...

The way Im thinking right now, is to md5 the code and save it into session....

So what do you think?

otakatun, Nov 3, 2010 IP

Log in or Sign up

Problem with image verification

otakatun Well-Known Member

krishmk Well-Known Member

otakatun Well-Known Member

Useful Searches