 |
  
Anti Form-Spam Code-Image generator class.
Why that?
This is to prevent people from writing programs to spam a database with fake
automatic form submits.
How does it work?
it adds an image to your form that shows a random code, let's say "A G 8 C Z".
the user then needs to type that code into a text field. the way the images
are generated it is very hard for an OCR (scanner) or other sort of program
to read out the code automatically.
How does it work, technically?
-
a random code is generated and printed to an image, along with a noisy
background. that image is shown on the web page.
-
a hidden field is added. the value of the hidden field is an md5 of
the generated code, together with a secret key phraze only the webmaster
knows. the user can see that md5 "passphraze" but cannot do anything
with it.
-
when the user submits the form, a new md5 is generated using the user-
typed code, along with the secret key phraze, and that is compared to
the also submitted original md5. if it matches the user input was ok.
no session or cookie is needed.
Functionality:
- lots of settings, check the API.
- specify what chars to use: a-z, A-Z, 0-9 (no special chars)
- ignore case (upper/lower) to make it easier for the user.
- ignore vowels by default so that no 'strange' words are generated by
accident.
- ignore confusing chars like l, 1, I
- define the number of characters to use, default is 3-5.
- define image width/height, colors, font size, image format (png/jpg).
Live example:
The user-code of this form with spam-prevention image is:
<?php
require_once($_SERVER['DOCUMENT_ROOT'] . '/../global.conf.php');
require_once('core/gfx/spamimage/Bs_SpamImage.class.php');
$Bs_SpamImage =& new Bs_SpamImage();
$Bs_SpamImage->keyPhrazeMd5 = "Only I Know About This!";
$Bs_SpamImage->imageWidthRange = 100;
$Bs_SpamImage->imageHeightRange = 20;
$Bs_SpamImage->useNumbers = TRUE;
$Bs_SpamImage->generateImage();
$status = $Bs_SpamImage->storeImage();
if (!$status) dump($Bs_SpamImage->getLastError());
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<head>
<title>Bs_SpamImage.class.php Example 1</title>
</head>
<body>
<h1>Bs_SpamImage.class.php Example 1</h1>
This is an example of the
<a href="http://www.blueshoes.org/en/framework/gfx/spamimage/">class core/gfx/spamimage/Bs_SpamImage</a>
from <a href="http://www.blueshoes.org/">BlueShoes</a>.
<br><br>
<?php
if (!empty($_REQUEST['spamCodeOriginal'])) {
echo "<b>You have submitted the form. Let's see...<br>";
$isOk = $Bs_SpamImage->validate($_REQUEST['spamCodeOriginal'], $_REQUEST['spamCodeCompare']);
if ($isOk) {
echo "<font color='green'>OK!</font>";
} else {
echo "<font color='red'>Failed!</font>";
}
echo "</b><br><br>";
}
?>
<form action="<?php echo $_SERVER['PHP_SELF'];?>" method="post">
<fieldset style="width:500px;"><legend>My Form</legend>
<table border="0" cellspacing="0" cellpadding="3">
<tr>
<td valign="top">Your name:</td>
<td valign="top"><input type="text" name="yourName" value=""></td>
</tr>
<tr>
<!img src="asdf" border="0" align="baseline" alt="">
<td valign="top">Spam Prevention:</td>
<td valign="top">
This is to prevent people from writing programs to spam our database with fake automatic form submits.
Please type in the letters you see:<br>
<?php
echo $Bs_SpamImage->getImageTag('border="1" align="texttop"', 'spamCodeOriginal');
?>
<input type="text" name="spamCodeCompare" value="" style="height:22px;">
</td>
</tr>
<tr>
<td valign="top"> </td>
<td valign="top"><input type="submit" name="send" value="Submit"></td>
</tr>
</table>
</fieldset>
</form>
</body>
</html>
|
|
|
