Abzetdin Adamov's IT Blog

IT is about doing more with less!

Archive for February, 2011

Simple and Small Captcha to Diminish the Vulnarability of your Website

Posted by Abzetdin Adamov on February 9, 2011

Simple and Small Captcha to Diminish the Vulnarability of your Website

Simplest and Smallest Captcha

The interactivity is most recent trend in Web Application Development. To attract more visitors to any Web project owner should offer more interactive services like subscription, voting/polls, forums, comments, … One cannot deny that such a interactivity where visitor can enter a data, increases the vulnerability of the web project. Your website may fall a victim of brute-force attack, automated data injection through your forms, SQL injection, … Easiest solution to avoid such problems is to use Captcha. Captcha helps to make sure that only humans perform certain actions with your website, protecting it from spam bots (software). It prevents abuser from injection of vast number records and spamming your system.
You can use one of Google solutions Recaptcha at http://www.google.com/recaptcha. But sometimes you can’t use this solution for some reasons:

  1. You may not want your server connect to any resources in Internet (as in my case)
  2. You may not want to use software of other party
  3. Google Recaptcha don’t offer the level of customization you need

Because of the similar reasons I’ve decided to develop my own captcha. As a result you can see following code of very simple and small, but at the same time enough robust and flexible Captcha. You can define any length for Captcha string as well as the type of string: numbers, chars or combination of numbers and chars. It can be easily used just by following to the short instructions.

Include this code just before proceeding the data you get from form. It verify the captcha image with value entered to cahtcha input (reg_captch).


<?php
session_start();
$captcha = $_POST["reg_captch"]; 
if (isset($captcha) && isset($_SESSION["captch"])){
	if ($captcha == $_SESSION["captch"]){
		// call appropriate function here or do nothing to continue to run the rest script
	} else {
		exit("Captcha error...");
	}
} else {
	exit("Captcha error...");
}
?>

Add the following HTML code into your Form (before Submit button may be the right place)

<input class=in_text type=text name=reg_captch id=reg_captch>
<img id="captch" src="captcha.php?rnd=&lt;?=rand();?&gt;" width="100" height=">
<!-- I'm using random values here to prevent image caching in browser, it's important for Firefox, Chrome, ... -->
<img style="cursor:pointer" src="images/refresh.png" alt="Refresh" onClick="javascript:document.getElementById('captch').src='captcha.php?' + Math.random();">

Here you can get main code of captcha (captcha.php), as well as zip file with captcha background image (security_background.gif) and text font to display captcha value (feel free to use your own …)

Main Code – captcha.php
Resource Files – resources

Advertisements

Posted in Programming and Development, Uncategorized, Web Programming and Design | Tagged: , , | Leave a Comment »