EasyCaptcha.php

kestas.kuliukas.com

EasyCaptcha.php

What it is

A PHP captcha script, requiring users to enter in a code from an image to verify that they are human and not a spam bot.

Features/What sets it apart

Easy to install into your own code
Easy to customize
Small amount of code involved
Portable, limited requirements
Doesn't need to access a database
Doesn't need to write to text files

Example

How it works

easycaptcha.php displays the image, and sets a cookie. The cookie is an MD5 hash containing:

The random captcha code
The user's IP address
The time the hash was created
A secret code

Because a secret code is used the captcha cookies cannot be forged, which means that only easycaptcha.php can generate a valid captcha cookie.

The user submitted captcha code, user's IP address, the time, and the secret code are used by the validation code to create a new MD5 hash. If the new MD5 hash is the same as the one given then the hash is valid, and the captcha was entered correctly by the same user that saw the image.

The time is then checked to make sure that the captcha is less than 5 minutes old, to stop the same cookie from being used over and over.

Requirements

PHP4.2+ (May work with older versions)
GD with FreeType enabled

Install

1. Replace "OASDOIJQWOIJDASDOI" in captcha/easycaptcha.php, and the code snippets below, with a different secret code.
2. Copy the captcha directory into the directory which contains the code you want to protect.
3. Copy the two code snippets below into the appropriate places. One snippet shows the captcha image, the other snippet validates the captcha hash.

Input captcha: Insert this code into the registration/comment form, where you want the user to view the image and enter the captcha code in.

print '<img src="captcha/easycaptcha.php" /> <br />Enter code from above image: <input type="text" name="confirm_code" />';

Validate: Insert this code whenever you want to make sure the user can go no further if they haven't entered the captcha.

if (empty($_REQUEST['confirm_code']))
{
        die("Confirm code not given.");
}
else
{
        if ( isset($_COOKIE['Captcha']) )
        {
                list($Hash, $Time) = explode('.', $_COOKIE['Captcha']);
                if ( md5("OASDOIJQWOIJDASDOI".$_REQUEST['confirm_code'].$_SERVER['REMOTE_ADDR'].$Time) != $Hash )
                {
                        die("Captcha code is wrong.");
                }
                elseif( (time() - 5*60) > $Time)
                {
                        die("Captcha code is only valid for 5 minutes.");
                }
        }
        else
        {
                die("No captcha cookie given. Make sure cookies are enabled.");
        }
}

Download

View the source of the sample used in this page.
The source below contains instructions on how to use EasyCaptcha with phpBB2
EasyCaptcha source