http://captchas.net http://captchas.net

Sample PHP Implementation

PHP Module

Have you read our HowTo?

We are providing a PHP module to simplify the task of writing a web application using captchas.net. It is named CaptchasDotNet.php. To use it, simply copy it to somewhere in your PHP path or simply into the directory with the PHP-scripts using it.

Stages

Quering

In general the process of using CAPTCHA can be divided into two stages. First you have to query the user for the CAPTCHA, on that page you also usually let the user input the data, which has to be protected, e.g. blog entries.

The following script query.php implements this querying phase.

<?php

require 'CaptchasDotNet.php';

// Required Parameters
// Replace the values you receive upon registration at http://captchas.net.
//
//   client: 'demo'
//
//   secret: 'secret'
//
// Optional Parameters and defaults
//
//   repository_prefix: '/tmp/captchasnet-random-strings' path to repository
//   ATTENTION SAFE-MODE, YOU HAVE TO CHOOSE SOMETHING LIKE
//   '/writable/path/captchasnet-random-strings'
//
//   cleanup_time: '3600' (means max 1 hour between query and check)
//
//   alphabet: 'abcdefghijklmnopqrstuvwxyz' (Used characters in captcha)
//   We recommend alphabet without ijl: 'abcdefghkmnopqrstuvwxyz'
//
//   letters: '6' (Number of characters in captcha)
//
//   width: '240' (image width)
//
//   height: '80' (image height)
//
//   color: '000000' (image color in rgb)
//
//   language: 'en' (audio language, append &language=fr/de/it/nl to audio-url)
//
//   Usage
//   $captchas = new CaptchasDotNet (<client>, <secret>,
//                                   <repository_prefix>, <cleanup_time>,
//                                   <alphabet>,<letters>,
//                                   <height>,<width>,<color>);
//
// Don't forget same settings in check.php

// Construct the captchas object.

$captchas = new CaptchasDotNet ('demo''secret',
                                '/tmp/captchasnet-random-strings','3600',
                                'abcdefghkmnopqrstuvwxyz','6',
                                '240','80','000088');
?>

<html>
  <head>
    <title>Sample PHP CAPTCHA Query</title>
  </head>
  <h1>Sample PHP CAPTCHA Query</h1>
  <form method="get" action="check.php">
    <table>
      <tr>
        <td>
          <input type="hidden" name="random" value="<?= $captchas->random () ?>" />
            Your message:</td><td><input name="message" size="60" />
        </td>
      </tr>
      <tr>
        <td>
          The CAPTCHA password:
        </td>
        <td>
          <input name="password" size="6" />
        </td>
      </tr>
      <tr>
        <td>
        </td>
        <td>
          <?$captchas->image () ?> <a href="javascript:captchas_image_reload('captchas.net')">Reload Image</a>
          <br> <a href="<?= $captchas->audio_url () ?>">Phonetic spelling (mp3)</a>
          <br> <a href="<?= $captchas->audio_url () ?>&language=de">Buchstabieren (mp3)</a>
          <br> <a href="<?= $captchas->audio_url () ?>&language=it">Compitare (mp3)</a>
          <br> <a href="<?= $captchas->audio_url () ?>&language=nl">Spellen (mp3)</a>
          <br> <a href="<?= $captchas->audio_url () ?>&language=fr">Epeler (mp3)</a>
        </td>
      </tr>
      <tr>
        <td>
        </td>
        <td>
          <input type="submit" value="Submit" />
        </td>
      </tr>
    </table>
  </form>
</html>

Checking

The second part is to check, whether the user has input the correct letter sequence (as given by the CAPTCHA image or audio). If that is the case the protected operation can be performed. Otherwise the corresponding error message is to be output.

There are two ways, in which a CAPTCHA check can fail. The user can have simply input the wrong letters. But also the random string can have been used more than once. If you would allow a random string to be used multiple times, a human could find out the correct CAPTCHA letter sequence for one random string once and use that information to make a robot post non-human entries to your web application, which still would seem made by a human.

The following script check.php implements this checking phase.

<?php

require 'CaptchasDotNet.php';

// See query.php for documentation

$captchas = new CaptchasDotNet ('demo''secret',
                                '/tmp/captchasnet-random-strings','3600',
                                'abcdefghkmnopqrstuvwxyz','6',
                                '240','80','000088');

// Read the form values
$message       = $_REQUEST['message'];
$password      = $_REQUEST['password'];
$random_string = $_REQUEST['random'];
?>

<html>
  <head>
    <title>Sample PHP CAPTCHA Query</title>
  </head>
  <h1>Sample PHP CAPTCHA Query</h1>

<?php
  // Check the random string to be valid and return an error message
  // otherwise.
  if (!$captchas->validate ($random_string))
  {
    echo 'The session key (random) does not exist, please go back and reload form.<br/>';
    echo 'In case you are the administrator of this page, ';
    echo 'please check if random keys are stored correct.<br/>';
    echo 'See http://captchas.net/sample/php/ "Problems with save mode"';
  }
  // Check, that the right CAPTCHA password has been entered and
  // return an error message otherwise.
  elseif (!$captchas->verify ($password))
  {
    echo 'You entered the wrong password. Aren\'t you human? Please use back button and reload.';
  }
  // Return a success message
  else
  {
    echo 'Your message was verified to be entered by a human and is "' . $message . '"';
  }
?>

</html>

Problems with Safe Mode

If your webserver starts PHP-scripts in the safe mode, you will not be able to leave the default path to the random string repository unchanged. Instead use a name in a directory, which the owner of the PHP-script owns:

.
.
.

require 'CaptchasDotNet.php';

$captchas = new CaptchasDotNet ('demo''secret'
                                '/writable/path/captchasnet-random-strings');

.
.
.

Try it

You can also try the above scripts out yourself.

XHTML 1.1 compliant A service of Felix Holderied and Sebastian Wilhelmi (Contact) mail@captchas.net