CAPTCHA || How it works || How to create your own CAPTCHA using php

Completely Automated Public Turing test to tell Computers and Humans Apart
    
   Ok lets start. 

•     First  I will give an introduction about what is CAPTCHA, then how its works (logic) and implementation (code in php).

• CAPTCHA is also known as Human Interaction Proof (HIP).  

• You can see it in almost all signup form, it is used to verify that whether the party who is filling the form is a human or a computer program instructed to do so (Hackers create programs that automatically fill up sign up form of website and try to flood the traffic or make its database full). 

• The most common form of CAPTCHA is an image of several distorted letters and you need to key in it without fail. If you feel difficulty simply click for next CAPTCHA it will be simpler than previous one.
  
•  One interesting thing about CAPTCHA tests is that the people who design the tests aren't always upset when their tests fail. That's because for a CAPTCHA test to fail, someone has to find a way to teach a computer how to solve the test. In other words, every CAPTCHA failure is really an advance in artificial intelligence.

•  CAPTCHA technology has its foundation in an experiment called the Turing Test. Alan Turing, sometimes called the father of modern computing, proposed the test as a way to examine whether or not machines can think -- or appear to think -- like humans. The classic test is a game of imitation. In this game, an interrogator asks two participants a series of questions. One of the participants is a machine and the other is a human. The interrogator can't see or hear the participants and has no way of knowing which is which. If the interrogator is unable to figure out which participant is a machine based on the responses, the machine passes the Turing Test.

• A CAPTCHA is sometimes described as a reverse Turing test, because it is administered by a machine and targeted at a human, in contrast to the standard Turing test that is typically administered by a human and targeted at a machine.

Creating CAPTCHA

Things to be taken care

•   Your CAPTCHA image should not contain any metadata, because computers can read this metadata and can break your CAPTCHA.
• Don't display in text as it is inside an image, because pattern matching programs can determine the text pattern and break CAPTCHA. So make some transformation to your text.
• Don't use same CAPTCHA always. One possible method to implement CAPTCHA is to store a set of image and corresponding text in database and compare them. But you need to maintain a big database for it.
• Another solution is create image on the fly.

Here I am describing a technique to create random image CAPTCHA dynamically and verifying them.

Plan

•  Generate a random text
•    Here I am using md5 function to generate a random text. I am using php microtime() function as input to md5 to make it random. Store this in session variable.
•   Create an image using php ImageCreate() function
•   Make the image very complex using functions available in image library  and draw the generated text on the image using ImageString() function.

• Now we have CAPTCHA image and its value stored in session variable.
• Compare the value entered by user and value stored in the session variable. Thats it.
• Below I am giving the php code and its slef explanatory . If you have any query please let me know.

PHP code to generate CAPTCHA

-------------------------------------------------------------------------------------------------------
<?php
/********************************************************
 * File:        captcha.php                             *
 * Author:      jithin Parakka                          *
 * Date:        12-May-2012                             *
 * Description: This file can be embedded as image      *
 *              to show CAPTCHA/                        *
 ********************************************************/

// The number of characters you  want your CAPTCHA text to have
define('CAPTCHA_STRENGTH', 5);

//start session
session_start();

// Md5 to generate the random string
$random_str = md5(microtime());

// Trim required number of characters
$captcha_str = substr($random_str, 0, CAPTCHA_STRENGTH);

// Allocate new image
$width = (CAPTCHA_STRENGTH * 10)+10;
$height = 20;

$captcha_img =ImageCreate($width, $height);

// ALLOCATE COLORS
// Background color-black
$back_color = ImageColorAllocate($captcha_img, 0, 0, 0);

// Text color-white
$text_color = ImageColorAllocate($captcha_img, 111, 223, 111);

// Line color-red
$line_color = ImageColorAllocate($captcha_img, 255, 0, 0);



// Fill background color
ImageFill($captcha_img, 0, 0, $back_color);

// Draw lines accross the x-axis
for($i = 0; $i < $width; $i += 5)
    ImageLine($captcha_img, $i, 0, $i, 20, $line_color);

// Draw lines accross the y-axis
for($i = 0; $i < 20; $i += 5)
    ImageLine($captcha_img, 0, $i, $width, $i , $line_color);

// Draw the random string
ImageString($captcha_img, 5, 5, 2, $captcha_str, $text_color);

// put the generated string to session variable
$_SESSION['key'] = $captcha_str;

// tell the browser that the page contain image
header("Content-type: image/jpeg");

// Output image to browser
ImageJPEG($captcha_img);

// Free-Up resources
ImageDestroy($captcha_img);
?>
-------------------------------------------------------------------------------------------------------------

• This code draw the CAPTCHA image on a web page and now we will take its output to display it in a sign up form.
• Here is the code of simple sign up form.

------------------------------------------------------------------------------------------------------------

<?php
/********************************************************
 * File:        signup.php                              *
 * Author:      jithin Parakka                          *
 * Date:        12-May-2012                             *
 * Description: A sign up form that use captcha         *
 *              generated by captcha.php                *
 ********************************************************/

//starting session
  session_start();
?>


<html>
<body>
<div align="center" id="centerdiv">
      <form action="" method="post" name="form1">
  
       <table width="402" border="0" cellspacing="20" id="table">

      <tr nowrap="nowrap">
        <td  align="right"width="179" nowrap="nowrap">*Name:</td>
        <td width="159" align="left"><label>
          <input name="name" type="text" size="25"/>
        </label></td>
      </tr>

      <tr nowrap="nowrap">
        <td  align="right">*email address:</td>
        <td><input name="cemail" type="text" size="25"/></td>
      </tr>
     
    
      <tr nowrap="nowrap">
        <td  align="right">*Password:</td>
        <td><input name="pass" type="password" size="25"/></td>
      </tr>

     <tr nowrap="nowrap">
        <td  align="right">*Retype Pssword:</td>
        <td><input name="repass" type="password" size="25"/></td>
      </tr>

<! displaying captcha !>

     <tr nowrap="nowrap">
        <td  align="right">captcha</td>
        <td><img src="captcha.php"/></td>
      </tr>

      <tr nowrap="nowrap">
        <td  align="right">Enter the text shown above:</td>
        <td><input name="captcha" type="text" size="25"/></td>
      </tr>

    <tr nowrap="nowrap">
        <td  align="right"></td>
        <td><input name="submit" type="submit" value="signup" size="25"/></td>
      </tr>
      </table> 
     
      <?php
if(isset($_POST['submit']))
{

    //php code to verify captcha

         if($_POST['captcha']==$_SESSION['key'])
            echo "captcha matched";
           //write php code to insert data in database
    else echo "captcha doesn't match";
      
   

}
?>

   </form>
</body></html>
   
----------------------------------------------------------------------------------------------------------









Thank you