Search

Saturday 4 September 2010

Ultimate security for Image Captcha - PHP (Apparently)

Download the latest version of PHP image captcha from here.

How it works



The following image illustrates how the new system works.

Fig 1. Flow Diagram

The client requests a key from server and the server returns a unique key. The server also generates random string and saves IP address and details of the client request in the database.

The client then would request again now by submitting the key the server returns an image which the client would set in the form.

After the user gives the input the client makes a 3rd request this time sending the user input and the key to the server. The server searches the database with the key and finds if captcha matches, if it matches then the server returns 1 else returns 0. In either case, the captcha cannot be used again and the client would need to do all the three steps again.

In this way, this captcha verification method is much safer and it also enables us to track the IP from which attack could be made. In the future we can also easily add function to block IPs.

The next step would be to make more complex and well packed images.

Usage (example)



Download and unzip the package which contains the following files:

1. Captcha.php - Main captcha class
2. check_captcha.php
3. get_key.php
4. get_captcha.php
5. database.php - Database class
6. test.php - Example file
7. framework.sql - DB script

after you have put your files in place and set up the db tables using the script, do the following from client side php:

//request a key from server
http://<yourhost>/get_key.php

//now using the key you can request and image captcha
<img src="http://<yourhost>/get_captcha.php?key=<key_from_request>">

//The form to submit data
<form action="check_captcha.php?key=<key_from_request>" method="post">
   <input type="text" name="captcha_string"/>
   <button type="submit">check</button>
</form>

//then process the response which is either 0 or 1

Credits

Thanks to Muntasir Azam Khan who was involved in thinking and pointing out about various problems the previous releases had and who helped test this Image Captcha code in one of his Code Dump (http://codedump.appspot.com/) sites beta versions.