Other Software > Developer's Corner

A very good (and free) captcha class in PHP (Recommendation)

(1/3) > >>

JoTo:
Hi DCs,

i was in need to protect a submission page of one of my projects with a captcha. So i searched for a good, easy to use, mighty, customizable and free class. I kissed a lot of frogs until i found my prince. I told Mouser in the IRC channel that i now found a very good one (IMHO). I'd better resisted to tell him, because now he urged me to write this post to annoy you all  and share my experience with it.

OK, as Mouser is root, his wish is my command :) And as the forum search don't showed up a mention of my finding yet, i'm now sitting here and typing. *sigh*

Well i lastly landed and went with SecurImage (http://www.phpcaptcha.org/)

SecurImage sample from my page:


Note:
This captcha is a very easy to solve one. But the "security level" is freely adjustable with every aspect of imagesize, font-facetype, count of distortion lines, amount of text distortion (twisting), text-angle, background color, text-color (even multicolor text is possible), background-image, and, and, and. Also the given audio files for playback are automatically distorted randomly every time they are played back by the class itself, so no need to fiddle around with any audio editor to get them distorted manually and end up with statically distorted audios only.

What is Securimage?

Securimage is an open-source free PHP CAPTCHA script for generating complex images and CAPTCHA codes to protect forms from spam and abuse. It can be easily added into existing forms on your website to provide protection from spam bots. It can run on most any webserver as long as you have PHP installed, and GD support within PHP. Securimage does everything from generating the CAPTCHA images to validating the typed code. Audible codes can be streamed to the browser with Flash for the vision impaired.

Features

    * Show an image in just 3 lines of code
    * Validate submitted entries in less than 6 lines of code
    * Customizable code length
    * Customizable character sets, Unicode support
    * TTF font support
    * Use custom GD fonts when TTF is not available
    * Easily add background images
    * Multi colored, distorted, and transparent text options
    * Customizable Flash button to stream MP3 audio of CAPTCHA code
    * Ability to use a word list

--- End quote ---

I must say, the package worked right out of the box nicely. Configuration took me only 10 minutes. The longest time i spent on designing my form, which you are totally free to design. No restrictions from the captcha class here.

As this was my very first fiddling with graphics in PHP i was at first a bit concerned about the GD library support requirement. I was not sure if this will work on my webspace (is it installed or not). But calm down...after a quick research i noticed that GD library is implemented in PHP for a long time by default. So if your webhoster haven't explicitly disabled GD library in his PHP installation, this class will work without any prerequisite add-on or installation of any 3rd party stuff except the files that come with the SecurImage package.

I was also capable to add full multilanguage support. Even with multilanguage audio for the visual impaired ones (DE and EN at the moment).

Well i must admit, that i ran into a problem with my german audiofiles. They won't play more than one character of the code, while the english ones, that ship with SecurImage worked well and read all characters of the code in a row. Therefore i contacted the author and got a reply within some hours with a very competent and helpful hint.

For the files (maybe helpful for others that run into this problem as well): The important thing is, that the mp3 audiofiles must not have any ID3 tag in it. The author gave me the right direction and also a (new to me) nice mp3-Tag commandline utility to get rid of the tags in my files. And...tadaaa...after that it worked in multilanguage audio without any further change in the configuration or my code.

Finally i just recommend this class highly to all who search a free, easy to use, customizable captcha class with a kind and responsive author for their PHP projects.

HTH anyone
Greetings
JoTo

PS:
As this class is open source and totally free, i think i don't have to claim that i'm not affiliated with the SecurImage project in any way. I get nothing from the author for this recommendation. I haven't found a "Donate" button on the project page yet, even if i'd gladly sent the author some bucks for his effort. I am just a very satisfied user of the class and glad that such a good piece of software is free available. That's all!

vlastimil:
I should apologize for this post in advance. I know, you think you have found a very good thing, but I do not believe there is or ever will be a "good" captcha. They are a major annoyance for end users. Putting them on your web site is like saying "I hate you" to your visitors. Spam is your problem, you should solve it. It is not your visitor's problem. They don't care.

I have 0 captchas on my site and the level of spam I am getting is negligible. It is because my forms are protected by other means. I use invisible codes that expire after some time, I do not have the form source code in the html, but use javascript to display it. I submit the forms via ajax. This improves the user experience and prevents spam.

Google for "without captchas" and you'll get a lot of resources. It takes more time to build a site without captchas, but it is worth it.

Ath:
Finally i just recommend this class highly to all who search a free, easy to use, customizable captcha class with a kind and responsive author for their PHP projects.
-JoTo (April 15, 2011, 02:56 AM)
--- End quote ---

Reading this very fine mini-review (IMHO), though I do nothing in php at the moment, it's surely one I'm going to remember! :Thmbsup:

JoTo:
Hi Vlastimil,

i agree with you that captchas are annoyances. Don't tell that to me as a visually impaired person. *sigh*

But there are situations where you need them. This is my one and only captcha page for now. But it's a license request page and i don't want to get customers loose under a pile of spam. And with your code system you can't even ban a bot cover valuable mails under a mess of spams.

Furthermore i offer a direct license request way directly from the application too. You don't have to visit that page. It's just for the one's that reject to use the "normal" convinient way. And if you want to say i must agree: THAT people that don't use the recommended way i hate, yes, yes and yes! :)

So if we agree that captchas are bad at all, and that there ARE situations where you need one, my finding is still one of the better ones.

And as we talk about Javascript. What if you have customers with JS disabled? Doesn't that mean you hate them when you make your pages unusable without JS? E.g. in my browser JS is disabled and scripts are blocked all the time unless i allow a page to execute scripts. How annoying if i have to enable scripts all the time. :)

And there is no need for an excusation anywhere. Thank you for your thoughts and as you see, we aren't far away from each other, are we?

Greetings
JoTo

cranioscopical:
i'm now sitting here and typing. *sigh*

-JoTo (April 15, 2011, 02:56 AM)
--- End quote ---
And thank you for the effort!
It's good to learn about items like this, to keep in a back pocket in case of need.

That mouser, what a slave driver!  ;D

Navigation

[0] Message Index

[#] Next page