1.5. CAPTCHA
The word CAPTCHA stands for Completely Automated Public Turing Test to Tell Computers and Humans Apart. Besides being a painfully contrived acronym, CAPTCHAs are often used as a deterrent to keep spammers and other malicious users from automatically registering user accounts.
The user is presented with a challenge, oftentimes as a graphical image containing letters and numbers. He or she then has to read the text and enter it in an input field. If the two values match, then it is assumed an intelligent human being and not a computer is requesting the account sign-up.
It's not a perfect solution, however. CAPTCHAs cause problems for legitimate users with special accessibility needs, and some modern software can read the text in CAPTCHA images (see www.cs.sfu.ca/~mori/research/gimpy/). There are other types of challenges which can be presented to a user. For example, there are audio CAPTCHAs where the user enters the letters and numbers after hearing them recited in an audio file. Some even present math problems to the user.
CAPTCHAs should be considered a tool in the web master's arsenal to deter lazy miscreants and not a replacement for proper monitoring and security. Inconvenience to the visitor increases with the complexity of the challenge method, so I'll stick with a simple image-based CAPTCHA example here.
<?php include '../../lib/functions.php'; // must start or continue session and save CAPTCHA string in $_SESSION for it // to be available to other requests ...
Get PHP and MySQL®: Create-Modify-Reuse now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
