Protect area within your site (image "captcha")
Okay. So here's a small php-script consisting of 2 files to ensure that no robots enter a vulnerable area and e.g. spam your guestbook, wiki etc. You can test the script online here
protector-script
or download it captcha.zip (2Kb).
The first file loads an image with a 4-number code and holds a form to verify that code. The image is generated in the second file, the appropriate code is transported with a session variable.
Some security topics have been issued:
- variables must be set,
- variables must be of defined type, e.g. POST, SESSION, SERVER (register_globals),
- session variable is destroyed.
file: test2007.php
<?php # put place of script here #$site = "http://www.anigators.com";
session_start(); ?> <html> <title></title> <body> <?php if (isset($_SERVER["HTTP_REFERER"]) && #(strncmp($_SERVER["HTTP_REFERER"],$site,strlen(site)) == 0) && isset($_POST["p"]) && !empty($_POST["p"])) { echo "you entered: " . $_POST["p"] . "<br>"; echo "passcode is: " . $_SESSION["cOde"] . "<br><br>"; if ($_POST["p"] == $_SESSION["cOde"]) { echo "You passed.";} else { echo "You failed.";} session_destroy(); # http://puremango.co.uk/cm_breaking_captcha_115.php } else echo " <img src="test2007.php"><br> <form action="pass2007.php" method="post"> Enter passcode here: <input name="p"> <input type="submit"> </form> "; ?> </body> </html>
|
The second file generates a png-image with a 4-number code. The number is disturbed with a random pixel pattern. Position and size of digits is random (within limits). GD's built-in fonts are of size 1-5 only. Bigger or different fonts must be user-supplied. To keep things simple, this script only uses built-in ones.
Fore- and backgroundcolor is random. Also the degree of disturbance is random.
file: pass2007.php
<?php #"captcha" session_start(); #erstellen von Grafiken mit php und GD, siehe hier: #http://www.phpcenter.de/de-html-manual/ref.image.html $cOde = 0; session_register("cOde"); #$_SESSION["cOde"];
#$codelen = 5; $height = 50; $width = 100; $verrauschung = rand(10,15);#in Prozent #(ungefähr, da 100% nicht alle Pixel abdecken)
header ("Content-type: image/png"); $im = @ImageCreate ($width, $height) or die ("Cannot create GD-image-stream."); $background_color = ImageColorAllocate ($im, rand(200,255), rand(200,255), rand(200,255)); $text_color = ImageColorAllocate ($im, rand(1,200), rand(1,200), rand(1,200));
for ($i=1;$i<5;$i++) { $zahl = rand(1,9); $cOde = $cOde + $zahl*bcpow(10,4-$i);#no magic here, simply create 4-digit number $x = rand(2+(($i-1)*($width)/4),-2+($i*($width-15)/4)); $y = rand(5,25); #font size 1-5, bigger font e.g. http://www.widgnet.com/gdf_fonts/fonts.html $size = rand(4,5); ImageString ($im, $size, $x, $y, (string)$zahl, $text_color); }
#zufallspunkte auf der bitmap erzeugen (=Code verrauschen) $dots = $width*$height/100*$verrauschung; for ($i=1;$i<$dots;$i++) { $x = rand (1, $width); $y = rand (1,$height); imagesetpixel ( $im, $x, $y, $text_color ); };
ImagePNG ($im); ?>
|
In order to protect your script, just paste following three simple code-pieces (from above test2007.php) into your script: Somewhere at the top of the script place the session initialization
<? // >>> (1) CAPTCHA needs info-transport via session session_start(); // <<< ?>
Look for the editing part of your script and insert following HTML-code into the < form > area
<!-- (2) CAPTCHA-code --> <img src="test2007.php"><br> Enter passcode here: <input name="p"> <!-- CAPTCHA-code -->
Within the save part insert following code and replace choice (a) with your own routine-call.
<? // >>> (3) CAPTCHA evaluation if (isset($_SERVER["HTTP_REFERER"]) && #(strncmp($_SERVER["HTTP_REFERER"],$site,strlen(site)) == 0) && isset($_POST["p"]) && !empty($_POST["p"])) { if ($_POST["p"] == $_SESSION["cOde"]) { // (a) proper number - enter save routine $data = rtrim($_POST["content"])."\n"; savepage($data); } else { // (b) wrong number - no failed notice here, simply don't save ;-) } session_destroy(); # http://puremango.co.uk/cm_breaking_captcha_115.php } // <<< ?>
A TipiWiki-System (version 2) with captcha integration is downloadable tipi-wiki_captcha.zip (19Kb).
Links
captcha, captcha decoder
|