Image / math hybrid captcha version 2, vastly improved

by on
filed under: sNews, mods, captcha, comments, spam

My first step in the process to keep comment spam at bay on sNews was to re-write my image/math hybrid captcha mod. Since I installed the first version of this on my main site here over a month ago, I haven't had any comment spam, while I do still receive comment spam on my theme demo sites, that gives me anecdotal evidence that it is at least somewhat effective against bots.

It wasn't without problems though, first it can be resource intensive if you get a lot of hits because it generates a new image on the fly and then deletes the image after serving. The second problem is it used a second file (capgen.php) to pass a key to via GET, so it could create the image, this key could also be decoded with some effort.

If you're unfamiliar with this mod, what it does is it replaces the mathCaptcha text (the "4 + 5 =" part) with an image, so spam bots will first have to decode the image to be able to do the math, they can't just scan the text with a regular expression.

With this new version I have eliminated both of these problems, it's much easier to use, and I've added these improvements to version 2;

  1. The image creation is now included within the mathCaptcha function, and the generated images will be saved into the "captchas" folder on your server (you will need to create the captchas folder).
  2. The function will first check your captchas folder to see if the image exists before generating a new one. If the captcha image doesn't exist, it will generate it on the fly and then serve it statically.
  3. You can use your own personal salt, so a bot programmer can't determine the naming convention of the images.
  4. We are adding another variable salt, the day of the month via PHP, so the key will be new for every day of the month. So your server will need to create a maximum of 81 images per day, a huge resource saver if you get Dugg.

The end result will be 9($x) * 9($y) * 31($mathkey) * 160bytes average = total of 2511 images possible, around 392KB space needed, not much at all. I included some basic checking so if your host disallows PHP from creating images, it will default back to the old text style captcha.

To implement (or upgrade from the first version) is very simple, BACK-UP your snews.php file and work off of a copy. Now replace the function mathCaptcha() with the one below, be sure to change the $my_salt variable and create a folder for your captcha images and change the $my_captcha_folder path;

// MATH CAPTCHA
function mathCaptcha() {
    $my_salt = "123"; // enter your own personal salt here to ensure your images are different from everyone else's
    $my_captcha_folder = 'captchas/'; //create this directory in the same directory as your snews.php
    $mathkey = date('d'); // new key for every day of the month, max 81 images in a day will save tons of resources on busy sites
    $x = rand(1, 9);
    $y = rand(1, 9);
    $_SESSION[_SITE.'mathCaptcha-digit'] = $x + $y;
    $math = '
        <p><label for="calc">
            * '.l('math_captcha').':
        </label><br />';
    if(!function_exists('imagecreate') || !is_dir($my_captcha_folder) || !is_writable($my_captcha_folder)) { // either php isn't configured to create images or the captcha folder doesn't exist/isn't writable so let's fall back to the standard text mathCaptcha
        $math .= $x.' + '.$y.' = ';
    } else {
        $key = $x.$my_salt.$mathkey.$y;
        $md5_name = md5($key).'.png'; // name of png image we want
        if(!file_exists($my_captcha_folder.$md5_name)) { // image doesn't already exist
            $my_img = imagecreate(80, 20); // let's create a new one using the day of the month, my salt and the $x & $y
            imagesavealpha($my_img, true); 
            $trans_color = imagecolorallocatealpha($my_img, 0, 0, 0, 127); 
            imagefill($my_img, 0, 0, $trans_color);
            $text_color = imagecolorallocate($my_img, 0, 0, 0);
            imagestring($my_img, 5, 10, 3, "$x + $y =",
            $text_color);
            imagesetthickness($my_img, 5);
            imagepng($my_img,$my_captcha_folder.$md5_name); // save the image to the captchas folder
        }
        $math .= '<img src="'._SITE.$my_captcha_folder.$md5_name.'" alt="" style="vertical-align:middle" />'; // serve the image
    }
    $math .= '
        <input type="text" name="calc" id="calc" style="vertical-align:middle" />
        </p>';
    return $math;
}

All set, now upload your modified snews.php file and delete the old capgen.php from version 1 (if you had it installed) and you're in business.

Share this post:
Share of Facebook Tweet this post Share this post on Google+ Email this post

Comments

RSS Comments Feed

Matt's Avatar

Matt

Test comment to make sure it works... oh hell yeah... heh... I love this mod, one of my personal favorites.
Mark's Avatar

Mark

Wow, you are really making some great mods/themes for sNews.

Keep up the good work!
Matt's Avatar

Matt

Thanks a lot Mark!

By the way, if someone wants to use this on a webpage with a dark background, they can change the line;
$text_color = imagecolorallocate($my_img, 0, 0, 0);
the last 3 variables are the respective RGB decimal colors, so if you want white text, you'd use;
$text_color = imagecolorallocate($my_img, 255, 255, 255);
dark slate gray (aka #2F4F4F in hex) would be;
$text_color = imagecolorallocate($my_img, 49, 79, 79);
and so on.
Patric's Avatar

Patric

Confirming it's awsome'ness. Great, correction, freaking great mod Matt... Thanks a bunch.
Matt's Avatar

Matt

Thanks Patric!

Can you let me know something real quick, was the spam you were getting a lot like the spam I mention in <a href="http://mdj.us/snews-cms/the-state-of-comments-spam/">this post</a>? The gibberish spam.

--Matt
Poppoll's Avatar

Poppoll

Matt,
I have your first mod + the css mod by Fred K.
I want to use your new mod, buth also want to keep the css mod.
How do I do this?
PP
Matt's Avatar

Matt

Hi Pop,

That's easy, just add the hidden (via css) text input into my mathCaptcha funtion and it will work, because the hidden text input logic is all in the checkMathCaptcha() function.

i.e., replace your mathCaptcha function with mine, then ADD the following highlighted to that


$math = '
<p><span class="highlight"><input type="text" id="your-id" name="some-name" /></span>
<label for="calc">
* '.l('math_captcha').':
</label><br />';
Poppoll's Avatar

Poppoll

Thanks Matt.
Roie's Avatar

Roie

many thanks for this excellent mod, been getting tons of spam comments, and since there is no multiple delete function - this was very time consuming and annoying. thanks again!
Sven - Philippe's Avatar

Sven - Philippe

Terrific robots trap!
Well done again Matt.
toolman's Avatar

toolman

I hate spam too. That is why I loved this modification: D
Good job Matt.
Wiza's Avatar

Wiza

You're a legend for this! Spambots been giving me a tough time but this is really helping. Thanks loads
David's Avatar

David

Yo Matt,

I have a problem, when I use this mod.

Sometimes I can log, sometime I can`t?! Why is that good...XD Its really confusing, cuz I dont get it why is this happening?! Do you have a time block or what?!

Greetings,
David
Mockup's Avatar

Mockup

Hi. Bringing this comment thread back to life.

I've tried to implement this hack, But all I get is a blank screen. I can still view the source code, but nothing else appears.
Any others there who 've had similar problems?

I must say, it seems quite promising this piece of hack..

This happens when I log in via the captcha or submit comments on my articles.
Matt's Avatar

Matt

Hi Mockup,

I have no idea why it would do that, this mod doesn't change any core snews login/comment functionality, it simply replaces the math CAPTCHA text with an image.

If you pass me a URL via the contact form, I'll try to have a look at it, but I'm crazy busy lately, so I can't make promises.

(optional, not publicly displayed) (optional)

Subscribe

RSS Feed

Archives

More from the archives →

Site News

More site tweaks
I've made a couple of minor & a couple of major changes here at mdj.us.

New site design
I'm in the process of crafting a new minimalist design. This design is based off the Skeleton responsive boilerplate.

Subscription management
I'm working on the built-in subscription manager for my site, if you want to subscribe via email read on.

Fiddling with site design
I'm performing a lot of ongoing design changes to the live site, so things may look slightly different.

About Matt

W00t, it's meThis website (mdj.us) is the web portfolio, blog, and playground of Matt Jones, a Boston, MA based web developer, gamer, and tech/gadget junkie.

You'll find a little bit of everything covered here, but primarily "techie" stuff... PHP programming, database, general gadget-related articles, etc. More about me here.

Privacy Policy | About Me
Copyright © 2002 - 2012 Matt Jones
HTML5/CSS3
Back to Top Back to top