Tag Archives: captcha

Ways to filter bots

 

  1. Most popular is recaptcha by google
  2. Honeypot technique – include a hidden field, if it is filled, then it is a robot
  3. A simple random questions. E.g. is fire hot or cold , five – 3 is ___
  4. http://nomorecaptchas.com/ (with price)
  5. https://visualcaptcha.net/ (no longer developed but they claim it still work)
  6. Algorithm
    1. after 5 failed attempt, lockout IP for 15 minutes
    2. if 5 times lockout, lockout IP for 24 hours
    3. if 3 times lockout, blacklist IP permanently (option for sys admin to clear)
  7. More alternatives

How to set up recaptcha (no captcha) in PHP

3 steps to implement new recaptcha no captcha in PHP

1. Register the domain to get the keys – “site key” and “secret key”

2. include code in the page you want to show the recaptcha

a. in <head>

<script src='https://www.google.com/recaptcha/api.js'></script>

b. in <form> – exactly you want to show the recaptcha

<div class="g-recaptcha" data-sitekey="xxxxx"></div>

3. include code to check upon submission (PHP file that process the form)

// use this function to get true/false result from the submitted response
function captcha_verify($secret_key)
{
        $response =file_get_contents("https://www.google.com/recaptcha/api/siteverify?secret=".$secret_key."&response=".$_POST['g-recaptcha-response']);
        
$response = json_decode($response, true);
        if($response["success"] === true)
        {
            return true;
        }
        return false;
    }
}

Inserting recaptcha to your form

Captcha is good to reduce spam. One of most popular captcha used is recaptcha.

This is how it looks like. Familiar?

captcha

To implement it is very easy. Will take less than 10 minutes of your time.

1. Get your public and private key

https://www.google.com/recaptcha/admin/create

2. Include class file

Download recaptcha library file for PHP (with some sample files)

3. Insert code in form page

1
2
3
4
5
6
7
8
<form method="post" action="verify.php">
        <?php
          require_once('recaptchalib.php');
          $publickey = "your_public_key"; // you got this from the signup page
          echo recaptcha_get_html($publickey);
        ?>
        <input type="submit" />
</form>

4. Insert code to validate code in process page

1
2
3
4
5
6
7
8
9
10
11
12
13
14
require_once('recaptchalib.php');
  $privatekey = "your_private_key";
  $resp = recaptcha_check_answer ($privatekey,
                                $_SERVER["REMOTE_ADDR"],
                                $_POST["recaptcha_challenge_field"],
                                $_POST["recaptcha_response_field"]);
 
  if (!$resp->is_valid) {
    // What happens when the CAPTCHA was entered incorrectly
    die ("The reCAPTCHA wasn't entered correctly. Go back and try it again." .
         "(reCAPTCHA said: " . $resp->error . ")");
  } else {
    // Your code here to handle a successful verification
  }