17.2. Captcha generation

Captcha is an acronym for "Completely Automated Public Turing test to tell Computers and Humans Apart." and is often used to prevent automatic sign-ups in various WEB-based applications.

The library support generation of a simple captchas based on hand drawn "ugly" letters and digits. They are combined into a word which can be presented as an image.

Warning

It should be noted that with ample processing power and modern image analysis it is probably not hat difficult to actually break these captchas so the usage of these captchas in mission critical environments is entirely the responsibility of the user.

The module in the library that is needed is "jpgraph_antispam.php" and behaves as a simplified plot module.

?? showsn an example on how this can look

Figure 17.21. Sample illustration of captcha challenge (antispamex01.php)

Sample illustration of captcha challenge (antispamex01.php)


Captcha images have less functionality then the usual graphs generated with the library in order to keep this utility reasonable small. The primary limitation is that there are no additional formatting options for the images and the image generated will always use the JPEG image format. Hence it is not possible to change this to use, for example, PNG format.

17.2.1. Generating Captchas

There are two basic alternatives on how to generate the content of the captcha

  1. Submit a string that should be used

  2. Automatically generate a random string. If this alternative is chosen then the user of the library should save the created string and compare it to what the user enters.

In order to write a script to generate a new challenge there are four steps to be completed.

  1. include the library file "jpgraph_antispam.php". Note that there is no need to include the "jpgraph.php" library since all functionality is included in this library file.

    1
    
    require_once "jpgraph_antispam.php";

  2. a new instance of the class AntiSpam must be created

    1
    
    $spam = new  AntiSpam();

  3. the string to be used in the challenge must be specified. To automatically generate a suitable string use

    1
    2
    
    // The argument determines the length of the generated string
    $chars = $spam-> Rand(5);

    If instead the string to be used should be specified this string should be specified in the initial creation of the AntiSpam() or by calling the Set() method as in

    1
    
    $spam-> Set('aui8k');

    Please note that in order to minimize the risk for confusion the letters 'O' and the number '0' (zero) is not allowed since they are too alike and can be mistaken for each other.

  4. output the image with a call the method Stroke() on the created instance of the AntiSpam class.

    1
    2
    3
    
    if( $spam->Stroke () === false  ) {
        die("Illegal or no data to plot");
    }

    Note that we have put a guard around the output since in the case of an error this method will result a boolean false value. As with the other graph types it is possible to write the generated image to a file by submitting a file name as an argument to Stroke().

In order to practically use this module the challenge string is most likely passed to the image script via a URL argument, saved to a file and the read back in the HTML page that is providing the captcha challenge.

Warning

It should be pointed out on more time that modern image analysis technology is fairly good at automatically read these types of images and translate it back to the letters they represent so this type of captchas does not provide any guarantee for automatic sign-ups. There are active academic research on how to apply various types of artificial intelligence to read many types of captchas.