Sessionless PHP Captcha

I was looking for PHP Captcha and found one called “PHP Captcha Security Images” written by Simon Jarvis from UK. In general, this is a pretty good Captcha script. However, when I ran it, it didn’t work for me because my project involved Cross-Domain Iframe (i.e. the page that runs the Captcha is running on a remote server and it’s not the same domain of the parent page) and of course the Session got lost.  This happens on IE 7.0.

To overcome this problem, I modified PHP Captcha and broken it down into 2 PHP files and removed Session:

1. captcha_code.php   – to generate the security code in plain text to be encrypted

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
 
/*
* Original Author: Simon Jarvis
* Copyright: 2006 Simon Jarvis
* Date: 03/08/06
* Updated: 07/02/07
* Requirements: PHP 4/5 with GD and FreeType libraries
* Link: http://www.white-hat-web-design.co.uk/articles/php-captcha.php
*
*
* Modified by: Mythos and Rini
* Date: 2007-09-10
* Description: Modified the code and remove use of Session 
*
*/
 
class CaptchaCode
{
	function generateCode($characters) 
	{
		/* list all possible characters, similar looking characters and vowels have been removed */
		$possible = '23456789bcdfghjkmnpqrstvwxyz';
		$code = '';
		$i = 0;
		while ($i < $characters) 
		{ 
			$code .= substr($possible, mt_rand(0, strlen($possible)-1), 1);
			$i++;
		}
		return $code;
	}
 
}

2. captcha_images.php – to generate the image by taking an encrypted code

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
 
 
/*
* Original Author: Simon Jarvis
* Copyright: 2006 Simon Jarvis
* Date: 03/08/06
* Updated: 07/02/07
* Requirements: PHP 4/5 with GD and FreeType libraries
* Link: http://www.white-hat-web-design.co.uk/articles/php-captcha.php
*
*
* Modified by: Mythos and Rini
* Date: 2007-09-10
* Description: Modified the code and remove use of Session 
*
*/
 
 
include("shared.php"); 
 
 
class CaptchaSecurityImages {
 
   var $font = 'monofont.ttf';
   function GenerateImage($width='120',$height='40', $code)  {
      ........		
   }
}
 
$width = isset($_GET['width']) ? $_GET['width'] : '120';
$height = isset($_GET['height']) ? $_GET['height'] : '40';
$code = isset($_GET['code']) ? $_GET['code'] : '';
 
if (isset($_GET['code'])) 
{
$captcha = new CaptchaSecurityImages();
$captcha-> GenerateImage($width,$height,str_decrypt($code));
}

By using RC4 encryption, the secured code is passed to the image generating php for showing the image (prevent View Source). On the form, just compare the decrypted code and the user imput to see if they match.  No more use of Session!

DOWNLOAD the Source Code (licensed under GPL)

Note: You must modify the “KEY_FOR_RC4″ in shared.php to any random string, since this file is open for public to download, the captcha can be easily decrypted.

This entry was posted in Development - PHP. Bookmark the permalink.

4 Responses to Sessionless PHP Captcha

  1. tim says:

    Hi, I just tested it, all someone has to do is hit the back button then use the submit button again another username and password etc, because there is no resetting of the code once submitted other then that it works fine. this is a really good idea.

    Tim

  2. Shahzad says:

    Yes It Works Fine !!!!
    Millions Of Thanks……

  3. meghasaroop88 says:

    Hey, that was a very nice code that helped me alot but i want to add refresh captcha feature. CAn u just help me in that?

  4. ReynetteToledo says:

    what random string that I can use in order to modify  “KEY_FOR_RC4″?

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>