[KLUG Members] Looking for PHP code snippet.

[Bruce Smith]

> CAPTCHAs can never stop an attacker, only slow him/her down.  ...

Right.  I'm thinking about replacing some generic email addresses with
web forms to get rid of some spam.  

I doubt a spammer will go to the trouble of programming something to
send a few people email.  Even if they do, every little bit I slow down
a spammer, the better!  :-)

> CAPTCHAs are very easy to do if your attacker is not especially
> determined.  Like the sticker in a car window that says "protected
> by Leet Security Systems," sometimes all that's necessary is to
> encourage your attacker to hit someone else's site besides yours.

Probably all I need.  The web form without a captcha is probably good
enough, but adding a captcha makes it much safer.

> CAPTCHAs don't have to be images.  For most programmers who want to
> roll their own, and if the CAPTCHA won't be used on a huge website
> or a network of large websites, I would advise writing something
> completely textual in nature.  It doesn't take much to emit
> questions whose answers are obvious to humans, but which would be
> nontrivial to write a program to solve.  Also, textual challenges
> are more friendly for visually-impaired readers.  For example, you
> could ask your users:

I like that idea!  If someone breaks it, just change the questions.
The only down side is you are excluding some foreigners with limited
English language skills.  (and really stupid people, but that's OK ;)

I've already wrote a proof-of-concept captcha in PHP that creates a png
file with numbers.  It does nothing but display the graphic and a text
box, and the next screen tells if you entered the correct number.  
Take a look if you want:  http://www.reddog.org/verimg/verify1.php

It's nothing great yet.  I plan on adding a different color background
with some lines and other noise.

 - BS