OT: (sortof) Captcha?

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
Is there a way to perform a CAPTCHA test without PHP and its GD library?

Just curious.


Re: (sortof) Captcha?

Quoted text here. Click to load it


Re: OT: (sortof) Captcha?

FutureShock escribió:
Quoted text here. Click to load it

The PHP site does. When you add a note to the manual you have to solve
an arithmetic challenge. It'd be quite easy to break but it works well
enough for small sites.

If you use your imagination, there're many ways to can anno^H^H^H^H test
your users apart from typing strange codes:

- Click on the picture of the cat
- Click on the red square
- Click on the word that rhymes with captcha

And getting back to your original question... You can always generate
pictures without the GD library :)

-- http://alvaro.es - Álvaro G. Vicario - Burgos, Spain
-- Mi sitio sobre programación web: http://bits.demogracia.com
-- Mi web de humor al baño María: http://www.demogracia.com

Re: OT: (sortof) Captcha?

On Thu, 22 Jan 2009 10:04:53 +0100, alvaro.NOSPAMTHANX@demogracia.com=20
Quoted text here. Click to load it

I liked this approach until I found out all you had to do to defeat=20
it was forward the problem to a google search.


php.net still sticks with it, though, so I guess it can't be all that=20

Some random Captcha ideas: display a string of random characters, and=20
ask the user to type only the capital letters or type in the amount=20
of upper-case X's, etc., etc.

Quoted text here. Click to load it

Thanks for sharing,81lvaro.  The more creative the Captcha, the=20
better, and those all sound pretty unique.

Unfortunately, the more popular a method is, the more likely bots=20
will be programmed to defeat specfic Captchas.  Another thing to=20
consider is the traffic load of your site.  Sometimes, light-medium=20
traffic sites don't need advanced Captcha.

$email = str_replace('sig.invalid', 'gmail.com', $from);

Re: OT: (sortof) Captcha?

Curtis Dyer wrote:
Quoted text here. Click to load it

   That's why you choose a random method. You don't have to serve the
same type of captcha every time.

Registered Linux user #461062
-Have you been to www.php.net yet?-

Re: OT: (sortof) Captcha?

Quoted text here. Click to load it

Or look at the site's HTML code.  THAT is the
advantage of PHP; you don't necessarily have to
use the GS lib, but if you don't use PHP, you are
most likely exposing everything to everyone who
knows to View | Source Code; no?

I don't use captcha, but I do use PHP and a
similar type thing.  I generate a variable length
code on the server for the user to fill in, then
ask for their email, validate & clean it on the
server, then a couple of simple questions like
what's their zip code, last three letters of their
city name (all via randomness), I check their IP
briefly only, really only determing whether it's a
proxy, and then later on another page I ask them
to repeat a coupld of previously answered
questions, like their zip code and/or last three
letters... whatever.  But I do all this FIRST,
before theyv'e entered any data, BTW.  I also
count the number of attempts they make to fill in
data: Proxy + twice, & they're OUT!  3 times and
they're refused on the 4th, without warning, and
sent to another page of explanastion in case it's
am honest human.
   I keep the attempts for one week: If I see the
same IP more than once, they enter a special
"category" and have more hoops to jump thru on
succeeding pages.
   That probably sounds like a lot of complexity,
but it really isn't.  Mainly it depends on lots of
use of mtrand() to choose things, and a few
SESSION variables to keep track of things.  But I
admit it's a little bit of overkill.  Any
determined hacker is going to make it in, no
matter what you do, so full validation/cleaning is
the first and most useful countermeasure, IMO, and
KISS is highly important on the screen.

But, you about have to use server side code to
keep anyone from just looking at the code and
figureing out what you're doing.  In my case it
was college kiddies got me into captcha, but
messages dropped off with captcha and its
miserable graphics, etc., so I tried this system
and no one seems to mind.  Messages are back up
and everyone's happy so far, including me.  So

Whole point is, with a little imagination you can
do a lot of things based on captcha but clear and
easy to use for the visitors.  Breakng captcha
anymore is pretty common as it turns out.

My 2 ¢ anyway,


Site Timeline