SitePoint Sponsor

User Tag List

Page 2 of 3 FirstFirst 123 LastLast
Results 26 to 50 of 73
  1. #26
    SitePoint Wizard Mike Borozdin's Avatar
    Join Date
    Oct 2002
    Location
    Edinburgh, UK
    Posts
    1,743
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Damn, I guess we should discuss the article and not whether to use it or not!!!!

    Good article, I use the same way, I evenw as gonna write an article about that, but had not time.

  2. #27
    SitePoint Guru momos's Avatar
    Join Date
    Apr 2004
    Location
    Belgium
    Posts
    919
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    CAPTCHAs are bad for accessibility!!!

  3. #28
    Deadelus
    SitePoint Community Guest
    [q]CAPTCHAs are bad for accessibility!!![/q]

    True but the reason you have a login section or registration is to keep a part of your website private.. == less accessable..

  4. #29
    Stan Ozier
    SitePoint Community Guest
    Good article, although agreed that it's bad for accessibility.

    There are some things that could be improve in the implementation of the class though.

    1. Testing the existance of the GD librairy in Create() function is a bit too late as we call GD functions in constructor already

    2. I recommend generating PNG images instead of GIFs as GIF format is not free and therefore rarely supported by hosting companies

  5. #30
    321
    SitePoint Community Guest
    1st: choosing only from the five very similar standard fonts is poor and the code is probably readable by a character reader.

    2nd: whats about the usability by sight-handycaped site users?

  6. #31
    SitePoint Member
    Join Date
    Nov 2005
    Posts
    1
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I've found the feedback to my article very interesting.

    I agree with the accessibility points which I was of course aware of before posting the article. The aim was to provide an example of how one might structure and develop such a CAPTCHA system, not necessarily to provide an all singing, all dancing solution. In many areas the example was simplified to make it possible for as many people to try it out as possible without running into problems caused by complex dependencies. I choose to use built in fonts for exactly this reason.

    I'll be posting a more complex example on my web site in due course which makes use of TrueType fonts, a better background noise system and provides an answer to the accessibility issues for those that are interested.

  7. #32
    SitePoint Addict
    Join Date
    Apr 2005
    Location
    San Diego, CA
    Posts
    205
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Nice tutorial. I agree with some of the comments pointing out some shortcomings but the article was useful nonetheless. There needs to be more tutorials for beginners.
    I study speed waiting. I can wait an entire hour in 10 minutes.

  8. #33
    We like music. weirdbeardmt's Avatar
    Join Date
    May 2001
    Location
    Channel Islands Girth: Footlong
    Posts
    5,882
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by someonewhois
    Converting "two thousand five hundred twenty eight" to "2538" isn't that difficult.
    Yeh, you just add 10 to it...
    I swear to drunk I'm not God.
    Matt's debating is not a crime
    Hint: Don't buy a stupid dwarf Clicky

  9. #34
    SitePoint Enthusiast
    Join Date
    Jun 2004
    Location
    philippines
    Posts
    25
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    How about using my own image as a background?

  10. #35
    SitePoint Member
    Join Date
    Nov 2005
    Posts
    1
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I've updated the code for this class to reflect some of the comments I received. It now supports TrueType fonts with random character rotation, optional character shadows, better background noise and has support for background images.

    I'm still looking into the accessibility options but will post here when I have a solution.

    You can view some samples and download the code here: http://www.ejeliot.com/articles.php

  11. #36
    Loganathan
    SitePoint Community Guest
    Really this will help to improve the login security

    by Loganathan N from Bosco ITS, Yellagiri Hills

  12. #37
    Keep it simple, stupid! bokehman's Avatar
    Join Date
    Jul 2005
    Posts
    1,935
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by mmj
    The title of this article is very misleading as it implies that CAPTCHA are a security measure, when in fact they are not.
    Actually that is not true. They can provide a very effective extra layer against brute force when used in conjunction with a user login system.

  13. #38
    SitePoint Evangelist Will Kelly's Avatar
    Join Date
    May 2005
    Location
    London
    Posts
    475
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by Anonymous
    I'd agree it is not very accessible if images are turned off or the user has problems viewing the digits.

    Then obviously you'd require an alt attribute at the minimum, possibly the title too.
    Yeah that's a brilliant idea. Why has no one implemented that???

  14. #39
    We like music. weirdbeardmt's Avatar
    Join Date
    May 2001
    Location
    Channel Islands Girth: Footlong
    Posts
    5,882
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by Will Kelly
    Yeah that's a brilliant idea. Why has no one implemented that???
    You mean write the number of the digit in the alt tag? Genius!
    I swear to drunk I'm not God.
    Matt's debating is not a crime
    Hint: Don't buy a stupid dwarf Clicky

  15. #40
    ACHAL
    SitePoint Community Guest
    very nice

  16. #41
    sigmaweb
    SitePoint Community Guest
    Well, this is fine. . . but it does nothing to stop email injection attackes (form hijacking) and is devastating for accessibility.

    I guess the real question is, why do so many websites use this and consider it a "security" item?

    My $.02 worth.

    Larry

  17. #42
    Keep it simple, stupid! bokehman's Avatar
    Join Date
    Jul 2005
    Posts
    1,935
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by sigmaweb
    I guess the real question is, why do so many websites use this and consider it a "security" item?
    Because they are! I used to think they weren't a security feature, but it really depends on the type of attack. They are certainly a security feature when it comes to brute force.

  18. #43
    SitePoint Member
    Join Date
    Nov 2005
    Posts
    1
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    This is great, but like Larry said what about accessibility? Without an audio alternative, your locking out a load of people.

    Perhaps an article or two on working with audio for improved web accessibility?

  19. #44
    SitePoint Member
    Join Date
    Nov 2005
    Posts
    1
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    duh! didn't see all the other posts before posting the last post..

    Surely writing the text in the alt tag would make the whole exercise completely pointless?

  20. #45
    SitePoint Member
    Join Date
    Feb 2006
    Posts
    13
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I like the method presented but the text is way too small. I'll have to fiddle with it.

    -drmike

  21. #46
    Follow Me On Twitter: @djg gold trophysilver trophybronze trophy Dan Grossman's Avatar
    Join Date
    Aug 2000
    Location
    Philadephia, PA
    Posts
    20,578
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    Big big ommission here unless I'm missing something. I implemented this almost as is, but the condition used to check if the correct code was entered doesn't check if a code was ever created!

    The whole point of image verification is to stop bots. However, bots were getting around my script using this image verification simply by entering no value in the verification field. Since they don't pick up sessions anyway, the empty "code" in $_POST is equal to the empty "code" in $_SESSION, so their input was accepted!

    I added a check that the variable existed in $_SESSION and had a value.

  22. #47
    SitePoint Member
    Join Date
    Nov 2005
    Posts
    1
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Hi Dan,

    Thanks for pointing the problem out. I've contacted SitePoint with a fix and asked them if they'll update the article. In the meantime I suggest that anyone that wants to use this code replace the line which checks the code with the following:

    if (!empty($_SESSION['code']) && strtoupper($_POST['code']) == $_SESSION['code']) {

    Hope this helps.

    Regards,

    Ed

  23. #48
    SitePoint Wizard cmuench's Avatar
    Join Date
    Jul 2005
    Location
    At my computer
    Posts
    2,251
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Is there any way to increase the text size? I have it working but the text will be awfully hard to read for some people.

  24. #49
    Follow Me On Twitter: @djg gold trophysilver trophybronze trophy Dan Grossman's Avatar
    Join Date
    Aug 2000
    Location
    Philadephia, PA
    Posts
    20,578
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by ejeliot
    Hi Dan,

    Thanks for pointing the problem out. I've contacted SitePoint with a fix and asked them if they'll update the article. In the meantime I suggest that anyone that wants to use this code replace the line which checks the code with the following:

    if (!empty($_SESSION['code']) && strtoupper($_POST['code']) == $_SESSION['code']) {

    Hope this helps.

    Regards,

    Ed
    Ed,

    You also need to unset the code from the session after a successful verification. If you don't, a human can type in one verification image value and then set their bot loose to submit an unlimited number of forms an unlimited number of times on that website using the same security image script. Once the code is known, the check will always pass, as a bot won't request a new security image before posting again. I've experienced it personally.

  25. #50
    PEACE WILL WIN abalfazl's Avatar
    Join Date
    Feb 2005
    Location
    Beyond the seas there is a town
    Posts
    711
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Hello firends

    What do you think about using IP or Cookie in order top prevent spam?

    GOOD LUCK!
    I shall build a boat,I shall cast it in the water,
    I shall sail away from this strange earth,
    Where no one awaken the heroes in the wood of love


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •