[PHP] Re: Making verification code harder to OCR?

Tue, 26 Nov 2002 02:19:23 -0800

There was a thread about something similar to this on Slashdot oh, at least a year ago. One technique that was suggested was to draw a random image on the screen - say, a grid of colored squares, or a set of different shapes/images - and just direct people to 'pick the blue square' or 'click on the large house' or something to finish the registration.

Of course, there are limits here for the color blind or those using text browsers/screen readers...

As an alternative, if you needed to stick with text fonts, you could use some unusual-looking ones, like old english, or a 3-d looking one, perhaps combined with the color technique below.

-steve


At 8:09 AM +0100 11/26/02, Derick Rethans <[EMAIL PROTECTED]> wrote:
Leif K-Brooks wrote:
I'm using a verification code image to stop automated sign ups, but two hackers seem to be OCRing it. I've looked through the registration script, and there's definitley no security holes. Does anyone have any ideas as to making the image harder to OCR?
Use two different shades of one color (ie. blue and somewhat lighter blue). You may also want to do some tricks with the form of the characters, so instead having a nice "0" on your screen, you can use dots to somewhat represent it. (Much like the color-blindness tests do).

regards,
Derick


<?php
// seed with microseconds
function make_seed() {
list($usec, $sec) = explode(' ', microtime());
return (float) $sec + ((float) $usec * 100000);
}
$seed = make_seed();
mt_srand($seed);
$dbh = mysql_connect ("", "", "") or exit;
mysql_select_db ("",$dbh) or exit;
$authimage = ImageCreate(40,15);
$bgnum = mt_rand(1,3);
switch($bgnum){
case 1:
$white = ImageColorAllocate($authimage, mt_rand(250,255), mt_rand(250,255), mt_rand(250,255));
break;
case 2:
$green = ImageColorAllocate($authimage, mt_rand(0,5), mt_rand(250,255), mt_rand(0,5));
break;
case 3:
$yellow = ImageColorAllocate($authimage, mt_rand(250,255), mt_rand(250,255), mt_rand(0,5));
break;
}
$black = ImageColorAllocate($authimage, mt_rand(0,30), 0, 0);
header("Content-type: image/png");
$getcode = mysql_fetch_array(mysql_query("select * from signupcodes where id = '$id'"));
imagestring($authimage,mt_rand(4,5),mt_rand(0,5),0,$getcode['code'],$black);
imageline($authimage,0,mt_rand(0,15),40,mt_rand(0,15),$black);
imageline($authimage,0,mt_rand(0,15),40,mt_rand(0,15),$black);
imagepng($authimage);
imagedestroy($authimage);
?>



--

-------------------------------------------------------------------------
 Derick Rethans                                 http://derickrethans.nl/
 PHP Magazine - PHP Magazine for Professionals       http://php-mag.net/
-------------------------------------------------------------------------


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php




--
+------------------------------------------------------------------------+
| Steve Edberg                                      [EMAIL PROTECTED] |
| University of California, Davis                          (530)754-9127 |
| Programming/Database/SysAdmin               http://pgfsun.ucdavis.edu/ |
+------------------------------------------------------------------------+
| SETI@Home: 1001 Work units on 23 oct 2002                              |
| 3.152 years CPU time, 3.142 years SETI user... and STILL no aliens...  |
+------------------------------------------------------------------------+

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
























					Reply via email to