There was a thread about something similar to this on Slashdot oh, at
least a year ago. One technique that was suggested was to draw a
random image on the screen - say, a grid of colored squares, or a set
of different shapes/images - and just direct people to 'pick the blue
square' or 'click on the large house' or something to finish the
registration.
Of course, there are limits here for the color blind or those using
text browsers/screen readers...
As an alternative, if you needed to stick with text fonts, you could
use some unusual-looking ones, like old english, or a 3-d looking
one, perhaps combined with the color technique below.
-steve
At 8:09 AM +0100 11/26/02, Derick Rethans [EMAIL PROTECTED] wrote:
Leif K-Brooks wrote:
I'm using a verification code image to stop automated sign ups, but
two hackers seem to be OCRing it. I've looked through the
registration script, and there's definitley no security holes.
Does anyone have any ideas as to making the image harder to OCR?
Use two different shades of one color (ie. blue and somewhat lighter
blue). You may also want to do some tricks with the form of the
characters, so instead having a nice 0 on your screen, you can use
dots to somewhat represent it. (Much like the color-blindness tests
do).
regards,
Derick
?php
// seed with microseconds
function make_seed() {
list($usec, $sec) = explode(' ', microtime());
return (float) $sec + ((float) $usec * 10);
}
$seed = make_seed();
mt_srand($seed);
$dbh = mysql_connect (, , ) or exit;
mysql_select_db (,$dbh) or exit;
$authimage = ImageCreate(40,15);
$bgnum = mt_rand(1,3);
switch($bgnum){
case 1:
$white = ImageColorAllocate($authimage, mt_rand(250,255),
mt_rand(250,255), mt_rand(250,255));
break;
case 2:
$green = ImageColorAllocate($authimage, mt_rand(0,5),
mt_rand(250,255), mt_rand(0,5));
break;
case 3:
$yellow = ImageColorAllocate($authimage, mt_rand(250,255),
mt_rand(250,255), mt_rand(0,5));
break;
}
$black = ImageColorAllocate($authimage, mt_rand(0,30), 0, 0);
header(Content-type: image/png);
$getcode = mysql_fetch_array(mysql_query(select * from signupcodes
where id = '$id'));
imagestring($authimage,mt_rand(4,5),mt_rand(0,5),0,$getcode['code'],$black);
imageline($authimage,0,mt_rand(0,15),40,mt_rand(0,15),$black);
imageline($authimage,0,mt_rand(0,15),40,mt_rand(0,15),$black);
imagepng($authimage);
imagedestroy($authimage);
?
--
-
Derick Rethans http://derickrethans.nl/
PHP Magazine - PHP Magazine for Professionals http://php-mag.net/
-
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
++
| Steve Edberg [EMAIL PROTECTED] |
| University of California, Davis (530)754-9127 |
| Programming/Database/SysAdmin http://pgfsun.ucdavis.edu/ |
++
| SETI@Home: 1001 Work units on 23 oct 2002 |
| 3.152 years CPU time, 3.142 years SETI user... and STILL no aliens... |
++
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php