From the official site, CAPTCHA stands for Completely Automated Public Turing Test to Tell Computers and Humans Apart. If you drop the “to” and “and”, shouldn’t it read CAPTTTCHA instead?
CAPTCHAs are those images you see with a phrase in them. The user has to type in the phrase they see in the image and the script upon submission will compare the user phrase with the saved phrase. If the two match then the submission goes through; if not, the user is booted back to the form usually with an error message.
The reason for the use of CAPTCHA images is to tell computers and humans apart as the meaning says. Computers have a hard time determining the phrase because of the other lines criss-crossing over the letters, so scripts can’t be run on the comment form.
CAPTCHAs are not foolproof though. There are anti-CAPTCHA programs out there which can bypass many of the weaker versions; but, the majority of spammers will not waste time on setting one up unless your site is extremely popular. A site I worked on was getting a dozen or so spam comments a day and deleting the fake from the real ones was very time consuming. After installing the CAPTCHA, the amount of spam comments dropped to zero!
A simple CAPTCHA just needs a random number imprinted on an image. We can create the image using the PHP GD library or just use a self-made image and overlay the random number on top.
First start a session to store the key which will be used to compare against the user submitted phrase. To get a random string, we need a unique string of characters. One way to get a unique string is to encode the time. Since the time is always unique, then the encoded version of the time should also be unique. To make the string harder to figure out, we randomly take a piece of the encoded string. Encode that piece and store it in the session variable.
The function imagecreatefrompng(string $path) returns an identifier to the PNG image which will later be used as a resource paramter in the future functions. PHP has more functions for the other image formats but I prefer to use PNG because it sounds Web 2.0.
The function imagecolorallocate(resource $image, int $red, int $green, int $blue) creates a color based on the RGB values entered along with the image where the color will be used upon.
The function imagestring(resource $image, int $font, int $x, int $y, string $string, int $color) draws the string horizontally across the image at the given coordinates with the chosen color and font.
Set the content to a PNG image and use the function imagepng(resource $image) to create the image.
To display the image to the page, reference the PHP file in the source of an image tag:
This is the image I am using:
And here it is with the string embedded into the image:
Add a field for the user to enter the CAPTCHA and send the result via POST to your verification script:
Verifying the image requires a session load to gain access to the captcha_key set back when the image was created. Compare the saved key with the encoded user input and that’s pretty much it:
Go forth and defeat SPAM, loyal minions!