Re: PHP/GD/ Freetype : captcha for a comments form

Jezza wrote:
Hi

I am trying to create a captcha for a comments form, I do not get any
PHP errors but the image showing the captcha does not display. If I
right click "View Image" on the image placeholder I get "The requested
URL /test/81d8c.gif was not found on this server."

I am using PHP v.5.2.4 with GD & freetype enabled. I use an Apache 2 webserver.....any pointers gratefully received!


My code:

<HTML>
<HEAD><TITLE>Enter Your Feedback</TITLE>
<meta http-equiv="Content-type" content="text/html; charset=iso-8859-1">
</HEAD>

<body>
<?php
$captcha=substr(md5(rand(0,65535)),rand(0,27),5);
$gifname=substr(md5(rand(0,65535)),rand(0,27),5);
$check=md5("SecretWord$captcha");

$font="font.ttf";
$size=imagettfbbox(24,0,$font,$captcha);
$width=$size[2]+$size[0]+6;
$height=abs($size[1])+abs($size[7])+5;
$im=imagecreatetruecolor($width,$height);
$bg=imagecolorallocate($im,0,0,0);
$fg=imagecolorallocate($im,255,255,255);
imagefilledrectangle($im,0,0,$width,$height,$bg);
imagettftext($im,24,0,2,abs($size[5])+2,$fg,$font,$captcha);
imagegif($im,"gifname.gif");
imagedestroy($im);
echo<<<_END
<p><font size="6"><strong><a name="intro"></a></strong></font></p>
<p align="center"><img src="logo.gif" > </p>
<H3> If you are a past customer, Please leave feedback</h3>
<img src=$gifname.gif align=left>
Please enter this text <br> in the box below<br>
<form method="post" action="store.php">
<input type=hidden name=check value=$check>
<input type=hidden name=gifname value=$gifname>
<input type=text name=captcha size=20>


<Table border="0" cellspacing="0">
<tr><td>Name</TD><td><input name="name" type="text" id="name"></td></tr>
<tr><td valign="top">Comments: </td><td><textarea name="comment" cols=50
wrap="VIRTUAL"></textarea></td></tr>
<tr><td>&nbsp;</td><td><input type="submit" name="Submit"
value="submit"</td></tr>
</table>
</form>

_END;
?>
</BODY>
</HTML>


First of all, don't save the gif on your disk. You can get thousands of files on there very quickly. Instead, generate the image in a separate php file, using the appropriate content-type header (in this case image/gif). Your img statement then lists the PHP file as the src=.

Secondly, don't store the secret word in your page - it's totally insecure and will take someone less than 5 minutes to break your captcha. Instead, store it in the session variable, where it is secure.


--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@xxxxxxxxxxxxx
==================

.

Relevant Pages

  • Re: OT: (sortof) Captcha?
    ... The PHP site does. ... Click on the word that rhymes with captcha ... code on the server for the user to fill in, ... last three letters of their ...
    (comp.lang.php)
  • RE: [PHP] Alternative/Addition to using a CAPTCHA
    ... [PHP] Alternative/Addition to using a CAPTCHA ... No virus found in this incoming message. ... Checked by AVG Free Edition. ...
    (php.general)
  • Re: [PHP] audio CAPTCHA - was Combining sound files
    ... and no captcha was displayed. ... Thanks for all the advice regarding combining sound files. ... If you would be so kind, please review, provide me your platform type and success. ... What does this have to do with php? ...
    (php.general)
  • Re: [PHP] audio CAPTCHA - was Combining sound files
    ... but maybe the variable needs to be defined for anything to happen, as we are probably supposed to press that before we speak tha captcha.. ... [PHP] audio CAPTCHA - was Combining sound files ...
    (php.general)
  • Re: Contact Form Spam
    ... string of characters that must be copied. ... Everything is done in php. ... If you are using a image based CAPTCHA, there is code to brute force ... guess the text in the CAPTCHA images using OCR (Optical Character ...
    (comp.lang.php)