This is the print version of CAPTCHA You won't see this message or any elements not part of the book's content when you print or preview this page.

There are advantages to using a CAPTCHA:

• Preventing spam
• Preventing abuse
• Slowing abusers down

• User X wants to send email to Y. They go to example.com/mail.php and notice some words. The form says that he has had over 100 spam emails sent via the form.
• Spammer S edits a page on wiki W. The wiki had been spammed before. They notice that the page is not saved with their spamming software.

You can integrate a CAPTCHA into your website or form. Select the way you wish to do it:

• /Pre-made
• /Roll your own
• /Plugins for software

• hCAPTCHA
• reCAPTCHA

There are ways to roll your own CAPTCHA.

• Hidden field
• PHP image method

This is a CAPTCHA killer. It needs nothing on the form except a hidden field and some server-side code.

//... Your lovely form here
// Example, please adapt
echo "<input type=hidden name=url />";
//... Rest of your lovely form here

// compare
if ($_POST['url'] != "") {
 // abort!
}
// processing code here

• Stronger version

This version of the Anti-CAPTCHA is stronger.

document.write("<input type=hidden name=code value="+Math.random()+" />");

This must be in your form.

Use in an HTML form:

<script type="text/javascript">
document.write("<input type=hidden name=code value="+Math.random()+" />");
</script>

Use this:

<?php

if (!$_POST['code']) {
   // abort
}

?>

It hinders the usability, as people with JavaScript disabled (for example, for security reasons) won't be able to access your form.

• The Anti-CAPTCHA

<?php

$width = 50;
$height = 25;

session_start();

unset($_SESSION['code']); // added security

$len = 6; // you can change this
mt_srand(time());
// generate random values
$r = 0;
$g = 0;
$b = 0;
$r = mt_rand(80, 255);
$g = mt_rand(80, 255);
$b = mt_rand(80, 255);

$s = 0;
$h = 0;
$c = 0;
$s = mt_rand(0, 80);
$h = mt_rand(80, 80);
$c = mt_rand(80, 100);

$code = mt_rand(100000,999999);

$size = 0.75 * 40;
$image = imagecreate($width, $height) or die("couldn't generate image");
$bg = imagecolorallocate($image, $s, $h, $c);
$c1 = imagecolorallocate($image, $r, $g, $b);

imagestring($image,2,3,3,$code,$c1);

header('Content-Type: image/png');

imagepng($image);
$_SESSION=$code;
imagedestroy($image);

?>

This is the CAPTCHA itself.

<?php

echo "<img src='/image.php' /><input name=code />";

?>

This is the form code.

<?php

session_start();

if ($_POST['code'] != $_SESSION['code']) {
 //fail
}

?>

This will validate the CAPTCHA.

There are many CAPTCHA plugins available for WordPress. Search with Google.

A DokuWiki plugin is available and has many types of CAPTCHAs available.

ConfirmEdit is a extension for MediaWiki that provides a CAPTCHA and is configurable. It is well known as Wikimedia Foundation projects use them.