newbie craves captcha advice

[newbiegalore]

Hi Everyone,

I am designing a simple site, the index page has a form,with 2 input
boxes. Once the user presses submit, a cgi script myfirstcgi.cgi is
called and output is displayed. Everything is fine! Now I want that
the service I am offering should not be accessible to web bots, and so
I want to use captchas to achieve this. There seem to be a some
captcha code in PHP, Perl on the net, but I am partial towards bash/
awk/sed kinda coding! (I know it sounds weird!)

I looked up http://www.captcha.biz/captcha-explained.html and used it
on my site. The problem is that in my form if I use action=/
testcaptcha/capthcha-page.php then this code ends up at an html page
saying you entered the captcha correctly. I want the end page to
display the result of my cgi script and so I changed the "pointer" in
the php code to my cgi code, so that if the user enters the letters
right, the cgi code will run. However, this screws up the QUERY_STRING
being passed to the cgi code and no output is generated.

One solution could be that I generate 10K gifs using Imagemagick (text-

image) etc. and then the cgi randomly calls up one of these images

and checks if the user entered the right letters which would be the
name of the image. But surely there must be a better solution!

Thanks,
-A

 

[Toby A Inkster]

One solution could be that I generate 10K gifs using Imagemagick (text->
image) etc. and then the cgi randomly calls up one of these images
and checks if the user entered the right letters which would be the name
of the image. But surely there must be a better solution!

Why not generate the image on the fly? ImageMagick is pretty quick, with
good Perl bindings.

--
Toby A Inkster BSc (Hons) ARCS
[Geek of HTML/SQL/Perl/PHP/Python/Apache/Linux]
[OS: Linux 2.6.17.14-mm-desktop-9mdvsmp, up 14:31.]

The Semantic Web
http://tobyinkster.co.uk/blog/2008/03/09/sw/

 

[adwatson]

I implemented something similar for a client (in ColdFusion of all
things) - except we chose to go with a simple arithmetic problem
before accepting the submission. I just had the system generate two
random numbers (between 1 and 10, but you could higher I guess), then
hash the correct answer and put it in a hidden field. Then when the
user entered hits submit, the script takes the user's answer, hashes
it with the same key and compares it to the hash of the correct
answer, to see if the user was correct.

So far the the client hasn't had any problems with it. The key that
the correct answer is hashed with changes daily (somehow based on
date, don't recall exactly), and I suppose a spammer could break the
system if they tried hard enough, but hopefully it has made it hard
enough that it's not worth their time.

Plus, this is more accessible than an image-based captcha.

- Aric


---
www.NEXCESS.NET - Shared/Reseller Hosting
www.EliteRax.com - Dedicated Servers, Server Clusters
www.MaxVPS.com - Virtual Private Servers
- Great prices, Great service - check us out!

One solution could be that I generate 10K gifs using Imagemagick (text->
image) etc. and then the cgi randomly calls up one of these images
and checks if the user entered the right letters which would be the name
of the image. But surely there must be a better solution!

Why not generate the image on the fly? ImageMagick is pretty quick, with
good Perl bindings.

--
Toby A Inkster BSc (Hons) ARCS
[Geek of HTML/SQL/Perl/PHP/Python/Apache/Linux]
[OS: Linux 2.6.17.14-mm-desktop-9mdvsmp, up 14:31.]

The Semantic Web
http://tobyinkster.co.uk/blog/2008/03/09/sw/

 

[newbiegalore]

I implemented something similar for a client (in ColdFusion of all
things) - except we chose to go with a simple arithmetic problem
before accepting the submission. I just had the system generate two
random numbers (between 1 and 10, but you could higher I guess), then
hash the correct answer and put it in a hidden field. Then when the
user entered hits submit, the script takes the user's answer, hashes
it with the same key and compares it to the hash of the correct
answer, to see if the user was correct.

So far the the client hasn't had any problems with it. The key that
the correct answer is hashed with changes daily (somehow based on
date, don't recall exactly), and I suppose a spammer could break the
system if they tried hard enough, but hopefully it has made it hard
enough that it's not worth their time.

Plus, this is more accessible than an image-based captcha.

- Aric

---www.NEXCESS.NET- Shared/Reseller Hostingwww.EliteRax.com- Dedicated Servers, Server Clusterswww.MaxVPS.com- Virtual Private Servers
- Great prices, Great service - check us out!

Wow man, thats innovative. Thanks to Toby too, ya Imagemagick is just
soooo easy and fast. Life is good again!! whew!