SitePoint Sponsor

User Tag List

Results 1 to 25 of 73

Hybrid View

  1. #1
    ********* Articles ArticleBot's Avatar
    Join Date
    Apr 2001
    Posts
    1
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Article Discussion

    This is an article discussion thread for discussing the SitePoint article, "Toughen Forms' Security with an Image"

  2. #2
    SitePoint Member
    Join Date
    Nov 2005
    Posts
    1
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Thanks for all the feedback everyone - much appreciated.

    Redux - I should have named them as Captchas, thanks for adding the link to the wiki page though.

    I did think about the lack of accessibility for blind users but for this example I didn't want to over complicate things - particularly I wanted to demonstrate the PHP/GD side of creating them. I'll look to produce a follow up to this article which addresses the accessibility issue.

  3. #3
    SitePoint Addict
    Join Date
    Nov 2005
    Posts
    327
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Richard Heyes' solution to the usability issue is to print out a number as a word on the page and require the user to enter it as a number. For example, if the captcha is "two thousand five hundred twenty eight", the user would type "2528".

  4. #4
    SitePoint Wizard Mike Borozdin's Avatar
    Join Date
    Oct 2002
    Location
    Edinburgh, UK
    Posts
    1,743
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Damn, I guess we should discuss the article and not whether to use it or not!!!!

    Good article, I use the same way, I evenw as gonna write an article about that, but had not time.

  5. #5
    SitePoint Addict
    Join Date
    Apr 2005
    Location
    San Diego, CA
    Posts
    205
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Nice tutorial. I agree with some of the comments pointing out some shortcomings but the article was useful nonetheless. There needs to be more tutorials for beginners.
    I study speed waiting. I can wait an entire hour in 10 minutes.

  6. #6
    SitePoint Member
    Join Date
    Nov 2005
    Posts
    1
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    duh! didn't see all the other posts before posting the last post..

    Surely writing the text in the alt tag would make the whole exercise completely pointless?

  7. #7
    Always learning kigoobe's Avatar
    Join Date
    May 2004
    Location
    Paris
    Posts
    1,565
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Well, i found that u modified the article > http://www.ejeliot.com/pages/php-captcha

    I have tried this, while everything is working, I am not getting the fonts. Just the scratches are coming. Any idea why this is happening?

    Thanks for sharing the code.
    Best.

  8. #8
    Always learning kigoobe's Avatar
    Join Date
    May 2004
    Location
    Paris
    Posts
    1,565
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    working now ...

  9. #9
    Always learning kigoobe's Avatar
    Join Date
    May 2004
    Location
    Paris
    Posts
    1,565
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Just a quick note. I was visiting a forum, and saw that they are doing something else along with the captcha image. They are generating random text and a random number (less than the the length of that text). Say the word is SitePoint, they chose a number randomly < 10, and then ask to fill up the nth character of the word.

    So, if the random word comes as SitePoint, and the random number as 5, user will have to type P, and it is case sensitive. Seems to be a nice idea ...

  10. #10
    Follow Me On Twitter: @djg gold trophysilver trophybronze trophy Dan Grossman's Avatar
    Join Date
    Aug 2000
    Location
    Philadephia, PA
    Posts
    20,580
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    No way am I going to sit there and read the frames to submit a form. Your CAPTCHA is anti-human.

  11. #11
    SitePoint Member
    Join Date
    Apr 2007
    Posts
    1
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by Dan Grossman View Post
    No way am I going to sit there and read the frames to submit a form. Your CAPTCHA is anti-human.
    Anti-impatient people perhaps. To be fair it does take ~5 seconds for the frames to roll through start to finish. But then again the text is not distorted to the point where people cannot read what it says either, I say 5 seconds well spent.

    As a site owner, your users will never have to guess what the characters are and will never again answer incorrectly (assuming their IQ is > 70) regardless of what language they speak.

    I also never have to waste another minute erasing automated spam either. So I guess I value my time a bit more than yours ... but only by 5 seconds. How long did it take you to post that reply again?

  12. #12
    Follow Me On Twitter: @djg gold trophysilver trophybronze trophy Dan Grossman's Avatar
    Join Date
    Aug 2000
    Location
    Philadephia, PA
    Posts
    20,580
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    Less than 5 seconds. Akismet can filter 99&#37; of your spam, it's free, and your users don't have to fill out *any* type of mini-quiz. Combine it with a simple CAPTCHA to filter even more. Anything that reduces the likelihood of a human filling out a form is lost customers.

  13. #13
    SitePoint Member
    Join Date
    Jul 2007
    Posts
    3
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    thank you very much,

  14. #14
    SitePoint Zealot
    Join Date
    Aug 2005
    Posts
    122
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    You want a simple way to keep bots out? Do you want it to be transparent to the user? Want it to be accessible still?

    Create a text input field. Make it's label say "Leave this field blank". Name the field something obvious like "address" or "phone_number" (obviously not one you've already used in the form).

    Then, hide the field and the label with CSS. Most users wont see it. Those who do will see the label saying to leave it blank. However, giving it a name with email or phone etc in it will make most bots fill it out ...

    On the server side, just check to see that its blank. If something was put there, you have a bot (or a complete idiot).

    Simple, effective, accessible, and most of all, transparent to the user.

    Detailed a little more here: http://www.omgpotato.com/2007/07/12/...-bot-stopping/

  15. #15
    SitePoint Enthusiast
    Join Date
    Dec 2003
    Location
    norway
    Posts
    61
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by rjm1982 View Post
    You want a simple way to keep bots out? Do you want it to be transparent to the user? Want it to be accessible still?

    Create a text input field. Make it's label say "Leave this field blank". Name the field something obvious like "address" or "phone_number" (obviously not one you've already used in the form).

    Then, hide the field and the label with CSS. Most users wont see it. Those who do will see the label saying to leave it blank. However, giving it a name with email or phone etc in it will make most bots fill it out ...

    On the server side, just check to see that its blank. If something was put there, you have a bot (or a complete idiot).

    Simple, effective, accessible, and most of all, transparent to the user.

    Detailed a little more here: http://www.omgpotato.com/2007/07/12/...-bot-stopping/

    I have to warn anyone from using this approach instead of a captcha,
    because it does not stop anyone from manually creating a malicious script that could do many postings in the form...
    But still better than nothing..


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •