I have revisited SD's CAPTCHA feature.
This one add dynamic textured background.

So instead of the actual single uniform colored background, this MOD generate a new and unique colored background behind the validation code each time.

Here is a montage of 12 screenshots.
http://inlinethumb37.webshots.com/1124/2845257310099813650S425x425Q85.jpg (http://good-times.webshots.com/photo/2845257310099813650qUifZQ)

Estimated installation time: 5 minutes
Require Subdreamer 2.4 only.

INSTALLATION INSTRUCTIONS

1- Make a backup copy of your original vvc.php file.

2- Open your includes/vvc.php file and select all (yes the complete code from <?php to ?>) and replace with this one:

<?php

define('IN_SUBDREAMER', true);

$rootpath = "../";

// ########################### LOAD SUBDREAMER CORE ############################

include($rootpath . 'includes/core.php');

// ################################ FETCH VVCID ################################

$vvcid = isset($_POST['vvcid']) ? $_POST['vvcid'] : (isset($_GET['vvcid']) ? $_GET['vvcid'] : null);

if(isset($vvcid) && is_numeric($vvcid))
{
$verification_code = $DB->query_first("SELECT verifycode FROM " . TABLE_PREFIX . "vvc WHERE vvcid = $vvcid");

if(strlen($verification_code[0]) > 0)
{
/*header*/
header("Content-Type: image/png");

$imwidth = 180;
$imheight = 40;

/* set up image, width and height */
$im = imagecreate($imwidth, $imheight);

$background_color = imagecolorallocate ($im, rand(0, 120), rand(20, 120), rand(40, 120));
$text_color = imagecolorallocate ($im, rand(235, 255), rand(235, 255), rand(235, 255));
$border_color = imagecolorallocate ($im, 240, 240, 240);

//strip any spaces that may have crept in
$code = str_replace(" ", "", $verification_code[0]);
$x=0;

$stringlength = strlen($code);
for ($i = 0; $i< $stringlength; $i++)
{
$x = $x + (rand (5, 35));
$y = rand (5, 15);
$font = rand (4, 5);
$single_char = substr($code, $i, 1);
imagechar($im, $font, $x, $y, $single_char, $text_color);
}

$nname = rand (1, 26);
$insertfile = $rootpath . 'includes/capchabg/'.$nname.'.gif';
$insertfile_id = imagecreatefromgif($insertfile);
imagerectangle ($im, 1, 1, $imwidth-3, $imheight-3, $border_color);
imagecopymerge($im, $insertfile_id, 0, 0, 0, 0, 180, 40, 46);

/* output to browser*/
imagepng($im);
imagedestroy($im);
}
}
?>

3- Save your file

4- Download the capchabg.zip from the following link.

http://www.megaupload.com/?d=BVUMJ21Q (http://www.megaupload.com/?d=BVUMJ21Q)

This small file is 131kb and it contain only gif images.

5- Unzip it and drop the whole capchabg folder in your SD includes/ folder.

Do not rename or delete any of these images (just place the whole folder in your includes/ folder)

6- Upload your new vvc.php file in your includes/ folder on the server.

7- Place the whole capchabg folder also in includes/folder on the server (Not only its content! The complete folder - and its content). :rolleyes:

8- Do a chmod 0755 on the capchabg folder.

UNINSTALLATION:
Replace back your original vvc.php file and delete the capchabg folder.

Nice, missing your montage though ;)

Now you should see the screenshots.
Very weird it didn't show up in the first place.

Does this make it harder for bots to post crap then the original?

Looks very good jensenco. Jensen is sort of Norwegian or Danish... Are you from Scandinavia? Have you created this code yourself (very good job and very good instructions), and are we allowed to use this code it on www.subdreamer.com? :)

I also have a suggestion. It is a bit difficult to see the difference between 0 and O and between l and 1 in the VVC. Would it be hard to make sure those letters/numbers are not used (I guess the 1 is easier to understand than the others) in the vvc?

Does this make it harder for bots to post crap then the original?

The truth is NO for most hackers!

Because they can usually hack your site without OCR and they rarely waste their time breaking CAPTCHA code, unless it has security hole.

Others, just to spam your site also do not waste their time breaking CAPTCHA code.

Is it better against hackers than the original? NO!

At least, is it better against bots than the original? YES!

...but a bit harder to human to read? YES :D

Did you test it with OCR device? NO, neither the original one before.

It is approved by Subdreamer's Security department or authorised SD personal. Huh no?

Does it really worth it? It's totally free to you and takes 5 minutes of your time to install. It is up to you.

I've made this MOD just because I didn’t like the original.

Looks very good jensenco. Jensen is sort of Norwegian or Danish... Are you from Scandinavia?

No. English is obviously not my mother tongue.

Have you created this code yourself (very good job and very good instructions), and are we allowed to use this code it on www.subdreamer.com? :)

Yes I have. You can use this MOD as you want. You have my blessing.

I also have a suggestion. It is a bit difficult to see the difference between 0 and O and between l and 1 in the VVC. Would it be hard to make sure those letters/numbers are not used (I guess the 1 is easier to understand than the others) in the vvc?

Alphanumeric codes are harder to decipher than only numeric or only alpha character codes. You can have only numeric codes generated in SD by changing these 2 lines in functions.php file:

$verifycode = md5(rand(0,9999));
and
$verifycode = substr($verifycode, 17, 5);


To these:
$verifycode = rand(10000,999999);
$verifycode = substr($verifycode, 1, 6);


1, i, l can makes a CAPTCHA code harder to decipher by using OCR.
That's why it is good to use those. As the zero and letter "O", they can cause differentiation problems. Using only numeric codes may be a cheap workaround.

Actually it randomly uses server GD library built-in font size 4 and 5. (5 is bigger and the biggest size the default compiled GD library built-in font provides)

It can be set to use only font 5 size by changing this (near line 43):

$font = rand (4, 5);

To this:

$font = 5;

But I reassure you that I have tested the CAPTCHA rendering in a computer store viewing it on many monitor types (ACL and conventional ones) before using it.

You are right it is harder to human to read and I've tweak it the most I could while not making it too easy to decipher with OCR devices/apps.

I have made another version that produce random lines pattern of different thickness instead of using random textured backgrounds. I'll submit it if you want to.

Upgrading CAPTCHA feature using textured backgrounds makes it very easy to update just by replacing all 26 backgrounds files with new ones. You can experiment with your own textured backgrounds and also adjust the dynamic merging opacity of the rendered image by changing the last number in this:

imagecopymerge($im, $insertfile_id, 0, 0, 0, 0, 180, 40, 46);

You can also make the random color that will be merging with the random textured backgrounds a bit darker by lowering the highest value in this:

$background_color = imagecolorallocate ($im, rand(0, 120), rand(20, 120), rand(40, 120));

In the same manner you can adjust the font to brighter color values in this:

$text_color = imagecolorallocate ($im, rand(235, 255), rand(235, 255), rand(235, 255));

Using custom fonts is another option too but not very practical for most.

Installed and working fine. Thanks, man, you are certainly a great contributer to subdreamer.

Having previous experience with OCR I knew that an application such Omnipage 15 was very good at it.

So I decided to test the original Subdreamer CAPTCHA feature against my CAPTCHA mod.

Well the results are not really a surprise to me. It confirms why I did not liked the original SD CAPTCHA feature. Using Omnipage 15, the original CAPTCHA could easily and completely be recognized on first attempt while my mod couldn't.

Note: it doesn’t mean because SD CAPTCHA code can be recognized by OCR your site is at risk. It just means it can be recognized. Period! To hack your site someone need an application that will actually take advantage of this "weakness". All this to spam your site !!!! No. 1 Such tool is not commonly available (if exist). No 2 Unless your site in among the major ones, there is very little risks. So please do not panic.

My only conclusion though is I prefer my mod to the original SD CAPTCHA feature even if I’m perfectly aware there is very negligible risk.

Below, on the 3 screenshots, you can see Omnipage 15's OCR results. If you know Omnipage a little the text window on far right shows the Optical Character Recognition result. The 2 first screenshots are from MODded CAPTCHA feature, while the last screenshot is from SD’s original CAPTCHA feature. As you can see, all character have been recognized.

http://inlinethumb21.webshots.com/2644/2944718130099813650S600x600Q85.jpg (http://good-times.webshots.com/photo/2944718130099813650TXPzqu)
http://inlinethumb20.webshots.com/211/2467140590099813650S600x600Q85.jpg (http://good-times.webshots.com/photo/2467140590099813650gmDcVp)
http://inlinethumb16.webshots.com/463/2952037490099813650S600x600Q85.jpg (http://good-times.webshots.com/photo/2952037490099813650loHpLL)

Ok! You have installed the above CAPTCHA mod and you’re not satisfied.
You want a bit more sophistication. :D

Then, the following is probably for you.

Making these small changes will enable the captcha mod feature to randomly use a set of 10 custom fonts for each character generated.

Please note, this more sophisticated CAPTCHA mod works best if you use numeric only captcha codes instead of alphanumeric codes. If you do not want to use numeric only codes I strongly suggest you do not install this.

Estimated installation time: 4 minutes

Here’s how to install:

1- Make a backup copy of your files vvc.php and functions.php files.

2- You must have previously installed the CAPTCHA mod above.

3- Then find this piece of code in your vvc.php and simply replace this part:

$stringlength = strlen($code);
for ($i = 0; $i< $stringlength; $i++)
{
$x = $x + (rand (5, 35));
$y = rand (5, 15);
$font = rand (4, 5);
$single_char = substr($code, $i, 1);
imagechar($im, $font, $x, $y, $single_char, $text_color);
}

With this one:

$stringlength = strlen($code);
for ($i = 0; $i< $stringlength; $i++)
{
$x = $x + (rand (15, 31));
$y = rand (1, 10);
$fname = rand (1, 10);
$font = imageloadfont($rootpath . 'includes/gdfonts/'.$fname.'.gdf');
$single_char = substr($code, $i, 1);
imagechar($im, $font, $x, $y, $single_char, $text_color);
}

4- Download this zip file (http://www.megaupload.com/?d=SPYGS0ZG)containing all the necessary custom fonts.

http://www.megaupload.com/?d=SPYGS0ZG

5- Unzip and place the whole gdfonts folder and its content in your includes/ folder.

Do not rename or delete any of these files in the gdfonts folders.

6- Upload the vvc.php file and the whole gdfonts folder in your includes/ folder on your server.

That’s it for the mod itself. But now to make sure Subdreamer generate numeric only captcha codes you need to do the following.

Open functions.php file found in your includes/ folder and find this in the // ####### CREATE VISUAL VERIFY CODE ######## section:

$verifycode = md5(rand(0,9999));

And this:

$verifycode = substr($verifycode, 17, 5);

Replace it with these 2 lines:

$verifycode = rand(1000,99999);
$verifycode = substr($verifycode, 1, 5);

Save & upload

This is the results

http://inlinethumb26.webshots.com/2649/2447342950099813650S425x425Q85.jpg (http://good-times.webshots.com/photo/2447342950099813650xsKrLt)

This should be put into the new MODS section as well as your other great mods.

I'm unable to download the fonts.

just checked megaupload link... works fine!

Here is another link though:

http://www.mytempdir.com/1220724

I'm kind of new to font manipulation, but I have another question for you...

Aren't .gdf fonts less compatible because of endianess? In other words, they have to actually be built on a server with the same processor configuration?

BTW... 2nd link worked great.

jessenco - why dont you submit these to the DLM? they're great!!!

…less compatible... yes, architecture dependent as they say.

There is really a lack of available info about this.
As I understand it shouldn’t work on all servers.
I’ve tested it on few sites with the exact same results though.
All works fine AND the fonts are also displayed identically. So!

There is something about 'user-defined bitmap fonts' that I can't explain.
I didn’t hear anyone having problem yet with these custom fonts.
I have over 60 of these I use for different applications and I did not experienced issue with any of these. …seems to load well everywhere with GD2 (Did not tried on other lower version).

I guess you’re only digging info but if you’re having problems using custom fonts, you still can use the first CAPTCHA Mod method above that uses built-in GD library fonts. It works beautifully too.

I will do it.

No problems... just learning.

BTW... this (http://www.ozzu.com/ftopic34381.html) is where I was getting the .gdf information.

I also noticed that rapid share totally redid they're system this week - and now its all black and white but uses some crazy fonts (instead of random overlay) i still think these systems have a hard time with 1,I,L O,0

i still think these systems have a hard time with 1,I,L O,0

Security policy for high traffic volume sites advice changing Captcha feature on regular basis.
They have lots more to lose than just what spamming can cause.

http://rapidshare.com/files/11758182/FG.part01.rar

thats a live link on rapidshare - check out their new captcha system different fonts for each letter (pretty cool!)

They'll never have problems with 1,i,l,o and 0 with this one.

i forgot to say random fonts (each times it totally different fonts)

One last question for you... are the backgrounds you provided public domain? I've inserted your update into 2.4.1 of Subdreamer but don't wish to distribute any copyrighted materials.

i've made it myself with the background designer in ulead photoimpact.

Great... thanks for the code. It will be a very welcome addition in 2.4.1.

Can the captcha be added to the form builder??

SD Captcha is a global function. This means it can be integrated anywhere and in any plugin. Now if your next question is who will help you?. Personally, I won't have time for sure.

jessenco, thank you. I'll try to figure it out on my own. I may pester you and the rest here with questions and I hope that is OK...

I just have to take the time to learn instead of just "fishing"

Nils

I installed it without a hitch, now I have 1 question (I told you I would). Is there an easy way to add a button to get the captcha regenerated if you can't read it?

Nils

Is there an easy way to add a button to get the captcha regenerated if you can't read it?

Nop, but if you're scared of driving your users mad.
Install this too.

http://www.subdreamer.org/forum/showthread.php?t=2051

Thank you, that is what I was looking for...

Try this with a ttf

download the backgrounds: http://www.megaupload.com/?d=BVUMJ21Q
download the true type fond and place in includes: http://www.megaupload.com/?d=M1R5H0AZ

replace the content of vvc.php with this:
<?php

define('IN_SUBDREAMER', true);

$rootpath = "../";

// ########################### LOAD SUBDREAMER CORE ############################

include($rootpath . 'includes/core.php');

// ################################ FETCH VVCID ################################

$vvcid = isset($_POST['vvcid']) ? $_POST['vvcid'] : (isset($_GET['vvcid']) ? $_GET['vvcid'] : null);

if(isset($vvcid) && is_numeric($vvcid))
{
$verification_code = $DB->query_first("SELECT verifycode FROM {vvc} WHERE vvcid = %d", $vvcid);

if(strlen($verification_code[0]) > 0)
{
$imwidth = 120;
$imheight = 40;
$fontfile = './monotype_regular.ttf';

/* set up image, the first number is the width and the second is the height */
$im = ImageCreate($imwidth, $imheight);

$background_color = imagecolorallocate ($im, rand(0, 120), rand(20, 120), rand(40, 120));
$text_color = imagecolorallocate ($im, rand(235, 255), rand(235, 255), rand(235, 255));
$border_color = imagecolorallocate ($im, 240, 240, 240);
$noise_color = imagecolorallocate ($im, 100, 120, 180);

//strip any spaces that may have crept in
//end-user wouldn't know to type the space! :)
$code = str_replace(" ", "", $verification_code[0]);

if( function_exists( 'imagettftext' ) && file_exists( $fontfile ) )
{
/* generate random dots in background */
for( $i=0; $i<($imwidth*$imheight)/3; $i++ )
{
imagefilledellipse($im, mt_rand(0,$imwidth), mt_rand(0,$imheight), 1, 1, $noise_color);
}
/* generate random lines in background */
for( $i=0; $i<($imwidth*$imheight)/150; $i++ )
{
imageline($im, mt_rand(0,$imwidth), mt_rand(0,$imheight), mt_rand(0,$imwidth), mt_rand(0,$imheight), $noise_color);
}

$angle = 4;
$offset = 10;

imagettftext($im, 28, $angle, $offset, $imheight - 4, $text_color, $fontfile, $code);
}
else
{
$x = 0;
$stringlength = strlen($code);
for ($i = 0; $i< $stringlength; $i++)
{
$x = $x + (mt_rand (8, 25));
$y = rand (2, 20);
$font = 25;
$single_char = substr($code, $i, 1);
imagechar($im, $font, $x, $y, $single_char, $text_color);
}
}
$nname = rand (1, 26);
$insertfile = $rootpath . 'includes/capchabg/'.$nname.'.gif';
$insertfile_id = imagecreatefromgif($insertfile);
imagecopymerge($im, $insertfile_id, 0, 0, 0, 0, 180, 40, 46);
imagerectangle ($im, 0, 0, $imwidth-1, $imheight-1, $border_color);

/* output to browser*/
/*header*/
Header("Content-Type: image/png");
ImagePNG($im);
ImageDestroy($im);
}
}

?>
I have revisited SD's CAPTCHA feature.
This one add dynamic textured background.

So instead of the actual single uniform colored background, this MOD generate a new and unique colored background behind the validation code each time.

Here is a montage of 12 screenshots.
http://inlinethumb37.webshots.com/1124/2845257310099813650S425x425Q85.jpg (http://good-times.webshots.com/photo/2845257310099813650qUifZQ)

Estimated installation time: 5 minutes
Require Subdreamer 2.4 only.

INSTALLATION INSTRUCTIONS

1- Make a backup copy of your original vvc.php file.

2- Open your includes/vvc.php file and select all (yes the complete code from <?php to ?>) and replace with this one:

<?php

define('IN_SUBDREAMER', true);

$rootpath = "../";

// ########################### LOAD SUBDREAMER CORE ############################

include($rootpath . 'includes/core.php');

// ################################ FETCH VVCID ################################

$vvcid = isset($_POST['vvcid']) ? $_POST['vvcid'] : (isset($_GET['vvcid']) ? $_GET['vvcid'] : null);

if(isset($vvcid) && is_numeric($vvcid))
{
$verification_code = $DB->query_first("SELECT verifycode FROM " . TABLE_PREFIX . "vvc WHERE vvcid = $vvcid");

if(strlen($verification_code[0]) > 0)
{
/*header*/
header("Content-Type: image/png");

$imwidth = 180;
$imheight = 40;

/* set up image, width and height */
$im = imagecreate($imwidth, $imheight);

$background_color = imagecolorallocate ($im, rand(0, 120), rand(20, 120), rand(40, 120));
$text_color = imagecolorallocate ($im, rand(235, 255), rand(235, 255), rand(235, 255));
$border_color = imagecolorallocate ($im, 240, 240, 240);

//strip any spaces that may have crept in
$code = str_replace(" ", "", $verification_code[0]);
$x=0;

$stringlength = strlen($code);
for ($i = 0; $i< $stringlength; $i++)
{
$x = $x + (rand (5, 35));
$y = rand (5, 15);
$font = rand (4, 5);
$single_char = substr($code, $i, 1);
imagechar($im, $font, $x, $y, $single_char, $text_color);
}

$nname = rand (1, 26);
$insertfile = $rootpath . 'includes/capchabg/'.$nname.'.gif';
$insertfile_id = imagecreatefromgif($insertfile);
imagerectangle ($im, 1, 1, $imwidth-3, $imheight-3, $border_color);
imagecopymerge($im, $insertfile_id, 0, 0, 0, 0, 180, 40, 46);

/* output to browser*/
imagepng($im);
imagedestroy($im);
}
}
?>

3- Save your file

4- Download the capchabg.zip from the following link.

http://www.megaupload.com/?d=BVUMJ21Q (http://www.megaupload.com/?d=BVUMJ21Q)

This small file is 131kb and it contain only gif images.

5- Unzip it and drop the whole capchabg folder in your SD includes/ folder.

Do not rename or delete any of these images (just place the whole folder in your includes/ folder)

6- Upload your new vvc.php file in your includes/ folder on the server.

7- Place the whole capchabg folder also in includes/folder on the server (Not only its content! The complete folder - and its content). :rolleyes:

8- Do a chmod 0755 on the capchabg folder.

UNINSTALLATION:
Replace back your original vvc.php file and delete the capchabg folder.

Does this work with 2.4.2? Or was it added as part of the upgrade?

This was added as part of the upgrade.

Just checking :)