Knablart CAPTCHA
CAPTCHA picture generator in C++/QT3 and a cookieless, databaseless, AJAX aware checking system in PHP
Copyright (C) 2003-2007 by Jarno Elonen <elonen@iki.fi>
Quickstart
- install
- PHP with mcrypt, db4 and CLI support ('php' executable)
- imagemagick
- g++
- QT3 and qmake
- run
./build-all.sh
and wait forever as it generates 5000 images
- If everything went right, you should now have a
captcha.db
of about 7MB worth of CAPTCHA images. They should also be in pic-generator/generated/
as separate GIFs
- Edit
config.inc
appropriately
- Check your installation path
- Change the encryption key. Don't use the default key!
- Put the whole thing under some web directory and try out
usage-example.php
.
- Don't forget to copy
.htaccess
, too! Otherwise the DB and you encryption key will be world-accessible!
How it works
- Off-line preparation:
- Creates a large enough amount of challenge pictures (gifs) with a C++/QT3 program (QT4 probably won't work)
- Puts them into a DBA (default: db4) file
- On-line:
- Creates HTML and Javascript for the challenge with one PHP call (see usage-example.php).
- Sends an encrypted version of the correct answer and a timestamp along with the form code in a "type=hidden" field.
- This makes and HTTP session management unnecessary.
- Points the
img
tag to a PHP script that decrypts the answer field and fetches the correct image data from the DBA file.
- If Javascript is enabled, checks user's answer AJAX-style (immediately by a Javascript HTTP request) and displays "OK" or "Wrong" even before the user hits Submit. Failure results in a 2-3 second delay.
- When checking the answer (on HTTP server side), decrypts the correct answer and fails expired (time configurable) challenges to prevent answer reuse (playback attacks).