I currently ran into the issue that I do not have the money to buy/rent any professional captchaing service.
So I tried to look around for OS captcha generators, and captcha designs.
I also had a brief brainstorm about my own and simple captcha design.
Do you have any preferences, or can give me a good advice handling captchas in PHP without having huge perfomance leeks?
(My attempt to design a simple captcha: .pdf)
EDIT: Thanks to all of you, I am sorry for only giving one "right-answer", but +1 for every good answer ;)
I actually would suggest that rather than rolling your own you use reCAPTCHA as it is free and of very good quality (used by this site, Facebook, Craigslist etc).
It also meets your requirements in that it isn't resource intensive, as all the image generation and distortion is done on the reCAPTCHA server.
PHP examples can be found here
If you want to design your own captcha, I highly recommend you take a look at this tutorial. It goes through a basic captcha design, allowing you to alter the design of the captcha as you wish, using various PHP image modification functions.
You could alter the code to use random fonts, make each character a different size, skew the image, etc. The tutorial is to show you how a code is created, how it's used with a session, and how to actually use the image in an input form.
Leaving aside the problem of CAPTCHAs being a horrible barrier for users… ReCaptcha should solve the budgetary issues without making you reinvent the wheel.
First and foremost thing you must consider is that you captcha is not easily breakable. There are some good old captchas already breaked/decoded using javascript. For further info please visit these pages:
http://ejohn.org/blog/ocr-and-neural-nets-in-javascript/
http://blog.makezine.com/archive/2009/01/javascript_captcha_decoder.html
To generate it , like Captcha Creator is a powerful and complete PHP Captcha Script that generates Captcha Images.
The classic approach is to generate some random text, apply some random effects to it and convert it into an image.
Related
I'm looking for a way to create a QR Code and a shortened link when a form is submitted. I have the QR Code bit, but the link is too long for me and the QR Code looks scary and complicated. The way it works is; the user types in (in this instance) a contract number. Then, a folder is created on the server of that contract number. (www.mysite.com/QR/$contractnumber). Then, using PHP again, I create a QR Code through Google because I know that every QR code will be linking to the same place, just a different ending of the link. The only bit that changes is the $POST...
I was wondering if there was a way to shorten the link before it goes to Google? It would have to be through php. The user enters the contact number in the form, then that number(usually around 5/6 digits) will be entered into a already existing command? I'm not an expert in anything, I just know some really random snippets of code... And HTML and CSS, of course.
Any help would be appreciated and judging by the few days I have been searching this, I think it might help a few people in the future. I would also like to confirm that the solution can't be one of this visual URLShorteners. If it is, it just needs to be the back-end of it, built into a existing form and QR Generator. Simple?
We had a similar challenge with one of our internal apps, and since any shortcut system (that I know of) relies on a database to translate what the short url really means , we opted to start our work from something that had already been done, rather than re-invent the wheel and based our solution on yourls.org.
We installed that, and populated the database from within our PHP, not really using the provided interface for anything except testing and it's statistics. It's reasonably flexible, and while it does need some standards improvement, the core code that we were interested in (as you would be) was sound, and worked very well for us.
It sounds like you might be able to use the TagLabs solution. Check out the developer site; developer.taglabsinc.com and create a free account at portal.taglabsinc.com. The platform will create the QR Code and shortened url. You can manually create the QR Codes or leverage the API.
For what it's worth, that's exactly what a.zat.is for. Disclaimer: I made it.
I know this has been discussed a number of times, but the problem I'm having at the moment is finding a solution that is easy to work with and does not require much hacking around.
I want to be able to upload a file, and report on its progress. I've been playing with SWFUpload, and it seems like a bit to much messing around for my liking. Integrating it with code igniter just seems like it's going to cause headaches.
I want a visual progress indicator of some sort to show the user their upload hasn't stagnated. Even if it was just a spinner saying "Uploading. Do not close this window until upload is complete." that would be enough for me.
Security is the most important. Using something like SWFUpload is going to require passing variables to the upload form such as the user ID and other information I'd rather not give snooping noses the opportunity to sniff.
Any possible solutions. Help is much appreciated.
You should take a look at HTML5 FormData and XMLHttpRequest 2 which allow you watch the progress directly in javascript.
You must customize the tool to meet your requirement , especially when its open source .
Security is the most important. Using something like SWFUpload is
going to require passing variables to the upload form such as the user
ID and other information I'd rather not give snooping noses the
opportunity to sniff.
Why you need to pass user ID ? i think its HTTP matter not SWFUpload,so you can make it secure .
Look here : http://demo.swfupload.org/Documentation/
I'm actually on the hunt for the same thing. A few of the options I have encountered so far are:
http://www.uploadify.com
http://valums.com/ajax-upload/ (Which is now headed off by Ben Colon here - github dot com / bencolon / file-uploader )
I haven't used any of those solutions because I'm not quite sure how to customize them for my application. But it looks like so far in my research, those are links that keep popping up.
I have a PHP page powered by jQuery. A singel page has four steps, controlled by jQuery.
In diffrent steps, user selects two Images from two galleries (step 1 & 2), fromats a table by arranging divs inbetween (setp 3) then filling a form (step 4).
I want: when user clicks "Finish" on step 4. All the above information be converted to PDF and emailed to the provided email address.
Please suggest me idea, tool, plugin or code to do so!
The last time that I tried to auto-generate PDFs as you mentioned, I used a php library called fpdf. As I recall, it was difficult and cumbersome. My lack of knowledge/experience/patience definetly made me not have much fun working with it. Give it a shot and see if looks like it is feasible for you. The site has some getting started examples, and a quick Google search should yield some examples too. URL: http://www.fpdf.org/
I just stumbled across another library that looks promising: http://code.google.com/p/dompdf/ I have not used it, but, if I need to do this again in the future, I would try this before going back to fpdf.
I don't know of any javascript/jQuery plugins that can generate a PDF, so I think you are stuck with PHP in this scenario.
Hope that helps a bit!
EDIT: The email part is simple, I really like Swift Mailer: http://swiftmailer.org. It is simple to use, lots of examples, and supports a variety of options, like, attachments. Also handles the encoding issues that generally plague emails sent directly from php mail().
One more thing, if you are not too far into development, take a look at using Kohana as a php framework. It's light and easily extensible. They follow decent coding standards, and have an active open source community. Plus, there is a module for SwiftMailer that almost sends the mail for you-Not really...but I think you get the point. ;)
Have a look at http://andreasgal.github.com/pdf.js/
I'm allowing users to embed content from youtube, vimeo, scribd, flickr, slideshare, etc. and therefore i'm allowing them to paste the embed code in a textbox.
I'm having a hard time figuring out how to:
(a) validate that its indeed a correctly formed embed code and
(b) whether its not any malicious code that the user is trying to get my
system to display.
This is a php website.
I've used htmlpurifier in the past. There are some others, but this one worked the best for me. You can whitelist all allowed code constructs and make the html code standard compliant. It's a good first line of defense against XXS attacks.
The library is quite big and can slow down your code if you don't install it correctly, so read the install docs carefully.
We will be implementing a system where we ask the user to specify the direct URL and we go and subsequently fetch appropriate data from that page.
I have seen some captchas being decode using javascript, php, etc. How do they do it?
For example, very popular megaupload site's captcha has also been decoded.
I'm an image processing specialist and CAPTCHA decoder, I've done many CAPTCHA resolving projects before.
OK, let's start CAPTCHA resolving steps!
Decoding any kind off CAPTCHA has 3 main steps:
1- Removing background
Clear the CAPTCHA from any noise (using any image processing methods).
Note for captcha decoding fighter: If you want to have a good CAPTCHA, you should add a stronger noise. Use random noised background that has similar color of characters.
2- Splitting characters
Easy step when they are separate and very hard when they're not.
*Note for captcha decoding fighter: If you want to have a good CAPTCHA, don't leave the character separate! Make them overlapping, do NOT use different colors for characters, decoders can split the characters very easily! (most of the developers are unaware of this and think it's better to use a colorful CAPTCHA!), the best one is making an overlapping string with black color. For an experienced CAPTCHA decoder, it's not a problem to decode a colorful CAPTCHA! It's just beautiful and not useful! :) Use random curved lines witch connect all characters to each other. *
3- Converting separate images into character
After separation, we have a character set, (we don't have any string now, just have images and pixels), we should convert character images into string, But how?!
There are several ways, if they are not rotated, and have fixed font and size (such as freeglobes CAPTCHA), you can define a pattern set, your program should loop throw the patters to find the best match for each image, if the characters is very different and needs a large pattern you should use a "Neural Network" to recognize the character. A neural network for CAPTCHA resolving, will takes a character, and we say the network what this character is, for example, we will give it an image of "A" and we tel the NN: it's "A"! , then it will "LEARN" this character and will save its learning into a database, This procedure called "TRAINING". So, when we ask a trained network for a new character again, it will return us the best match from it's learning database.
Usually decoder specialists use the CAPTCHA itself to train the neural network. Be careful! Using appropriate data for training can make or break your results.
Note for captcha decoding fighter: If you want to have a good CAPTCHA, use any method witch a decoder can't recognize the characters, even with a Neural network. Deform the characters randomly, use many fonts instead of one and rotate the characters as well, etc.
Finally, we concatenate all single characters into one and return it as result.
Unfortunately, there are no fixed algorithm for solving any CAPTCHA, it means, new CAPTCHA needs new analysis and training. You can't make a CAPTCHA decoder to decode all CAPTCHA.
What should you know before starting:
1- Image processing fundamentals
2- General understanding of a Neural Network
3- Simple image processing functions (in any language)
For PHP:
imagecreate()
imagecreatetruecolor()
imagecolorat()
imagecolorsforindex()
imagesetpixel()
.
.
.
For .NET:
Bitmap type,
getPixel()
setPixel()
.
.
.
For JavaScript and HTML5:
You should know the Canvas very well.
Lastly:
Note for captcha decoding fighter: If you are wonder about how someone can decode a CAPTCHA and want to prevent it from decoding, you should first be a CAPTCHA decoder yourself or hire someone knows the weakness and attacking algorithm very well!
Hope to help! ;)
See:
OCR and Neural Nets in JavaScript
Here John Resig (creator of JQuery javascript library) explains how exactly it is been done.
Take a look at PWNtcha
You can also read Breaking a Visual CAPTCHA
I was involved in a project to circumvent Captcha images on the TicketMaster website about 8-9 years ago for a third-party ticket seller. When an event went on-sale, like a concert, our network of machines would use multiple credit cards and mailing addresses to buy any and every seat possible in the first 10 rows.
Rather than generating new captcha's each time, TM had a limited pool of images they could re-use. We'd create a unique digital fingerprint (checksum) for each image, then simply attack it with some imaging tools (LEADTOOLS.com) (to remove extraneous elements, enhance contrast, etc) and then use OCR tools. It was surprisingly effective.
We were able to crack a great number programmatically, and we'd store the ones we couldn't crack for human processing. Sometimes they'd have a pool of 20K images, so at first we'd get maybe 60-70% automatically, but eventually we'd get 100% success because we could identify the images our humans processed (offline) based on looking up their hash in our database. (That is, we could check a captcha image against our database based on the hash we created and if we already had the solution we could just submit the answer immediately.)
Occasionally, they'd flush and replace their pool of captcha image images with a new set, but again, it would just take us a bit of time to get back up to a 100% rate. The fatal flaw with this particular system was that they recycled images, rather than programmatically generating new captcha images each time.
But the fact is, if the financial incentive to crack the capthcha is high enough, it doesn't take much to create a distributed platform where low-wage unskilled workers can sit around earning pocket change to crack them all day.
Inside India's CAPTCHA solving economy
http://www.zdnet.com/blog/security/inside-indias-captcha-solving-economy/1835
There are services for recognition. Such as 2captcha. This is a tool for solving php https://github.com/jumper423/decaptcha/