[pmwiki-users] Experimental captcha recipe

Patrick R. Michaud pmichaud at pobox.com
Mon May 7 16:15:07 CDT 2007


On Mon, May 07, 2007 at 04:43:18PM -0400, Jason Frisvold wrote:
> On 5/7/07, Patrick R. Michaud <pmichaud at pobox.com> wrote:
> > For sites that don't have PHP image libraries available, the
> > {$Captcha} markup displays the challenge value as plain text
> > instead of an image.  It's also configurable, which means that
> > it will be possible to plug in other obscuration methods
> > if plain text or the captcha image generator I'm using aren't
> > sophisticated enough.
> 
> Very nice..  Is the length of the captcha configurable?  It looks like
> you're using a length of 4 characters right now (which all seem to be
> numbers..  no letters?)

The value defaults to a random number between 1000 and 9999.  
A site administrator can choose any value for the captcha 
challenge.  For example, a 5-digit code could be:

   $CaptchaValue = rand(10000,99999);

The value isn't limited to digits -- a site administrator can use any
valid (non-space) ASCII characters.  For example, a naive code
generator might be:

   function rchar() {
     return substr('ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789', rand(0, 36), 1);
   }
   $CaptchaValue = rchar().rchar().rchar().rchar().rchar();

This is a "naive generator" because it could generate values that
are inadvertently offensive to some.  Coming up with a "safe"
generator is a bit more work (but I'll be glad to provide one if
someone will research the algorithms a bit).

> Are you planning on adding any additional obfuscation methods, or is
> that left as an exercise to the reader?  :)

If anyone wants to suggest other obfuscation methods, I'm very
open to them.

Pm



More information about the pmwiki-users mailing list