O'Reilly logo

Web Site Cookbook by Doug Addison

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

7.7. Using a Graphical Character String for Form Authentication

Problem

You need to make sure that bots or automated scripts are not able to abuse your web site's resources.

Solution

Distorted strings of random letters and numbers over an obscuring background of gradients, speckles, and lines (see Figure 7-6) have become an increasingly popular way to ensure that the user of a web form or other server resource is a human, rather than another computer. They even have their own acronym—Captcha—which stands for "completely automated public Turing test to tell computers and humans apart."

Hotmail uses a Captcha on its sign-up page to prevent spammers from signing up for throw-away email accounts

Figure 7-6. Hotmail uses a Captcha on its sign-up page to prevent spammers from signing up for throw-away email accounts

Tip

In the early days of modern computing. Alan Turing proposed a method for testing a computer's skill at mimicking a human. You can add a human-readable graphical character string that must be retyped correctly for a form submission to be accepted using one of many Captcha generators and validators that are available for a variety of programming languages (refer to the "See Also" section in this Recipe for links to some of them).

You can sign up for a hosted Captcha service (free for non-commercial use) at http://captchas.net by emailing the developer to request a username. You'll receive a confirmation, a secret key, and a link to code samples for implementing the service with PHP (

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required