PHP Captcha

Zaphan58 · 21 Dec 2010 at 20:58

I have a little contact form on my site written with HTML and PHP and today it got it's first spam through. Time to add a bit of something to combat that I think. What do most people use? A script they've written themselves or something like reCaptcha? http://www.google.com/recaptcha

Pho · 21 Dec 2010 at 21:18

I'd probably use reCaptcha because it's pretty simple to set-up and you know it works.

Russinating · 21 Dec 2010 at 21:23

I use a homemade one with relevant captcha text. Nothing fancy buy stops 99.9% of spam bots.

Zaphan58 · 21 Dec 2010 at 21:27

Hmm I might set up reCaptcha then. Would it be too little to add a little field that asked a single question, hold the answer in a variable and check it against the input?

radderfire · 21 Dec 2010 at 21:32

I use Recaptcha myself. However, it's likely something very simple would work, unless the spammers are specifically targetting your site, which is probably unlikely.

Rgds

Russinating · 22 Dec 2010 at 00:53

Zaphan58 said:
Hmm I might set up reCaptcha then. Would it be too little to add a little field that asked a single question, hold the answer in a variable and check it against the input?

Not at all. Here's my very simple captcha that just uses 7 images (could have more/less) with words slightly distorted with the wave effect in photoshop, ala:

(my site, not hotlinked)

Form:

PHP:

<form name="form1" method="post" action="?a=download">
// Normal inputs here
<?$captchanum = rand(1,7);?> // Select captcha image number
<img src="../images/captcha<?= $captchanum;?>.png" alt="Captcha Image"><br>
Type the word above<br>
<input name="captcha" type="text" class="form" size="35"><input name="captchapic" type="hidden" class="form" size="10" value=<?=$captchanum;?>><br><br>
<input name="Submit" type="submit" class="submit "value="Submit">
</form>

Page:

PHP:

<?
$captchaword = $_POST['captcha'];
$captchanum = $_POST['captchapic'];
if((!$name) or (!$email) or (!$captchaword)){
?>
<br><p class="error">Oops! You missed a required field. Please try again.</p>
<?include('../includes/packagesform.php');?>
<?
} else {
$captchawords = array("church", "reception", "ceremony", "flowers", "groom", "bride", "wedding");
$captchanumbers = array("1", "2", "3", "4", "5", "6", "7");
$captchaconverted = str_replace($captchawords, $captchanumbers, $captchaword);
if($captchaconverted != $captchanum){
?>
<br><p class="error">Oops! The word you entered to match the image was incorrect. Please try again.</p>
<?include('../includes/packagesform.php');?>
<?
} else {
// Do whatever you want to do with the info
}
}
?>

Hope that helps. Tis very simple and it means the captcha can fit your colour scheme and in my case use relevant words to your business/site.

sist_si · 22 Dec 2010 at 09:08

I'd go reCaptcha personally. It's very good and you can style it up.
Another thing w/ reCaptcha is that although some of the entries may look complicated, it's not looking for 100% acurracy. It's more intelligent (for want of a better word) so you only have to get it to the extent that you're obviously not a bot.

TwoSaints · 22 Dec 2010 at 09:51

As an alternative: www.protectwebform.com

It's a nice simple service that will generate random strings in an image, you set the colours, font, distortion amounts etc, then put a single field in your form and a bit of php in your code to deal with it.

example of it in action on an old blog post of mine here...

Zaphan58 · 22 Dec 2010 at 18:35

Thanks for the examples guys

I've put something simple in place similar to what Russinating has done with PHP for now so we'll see how that goes