7.7. Using a Graphical Character String for Form Authentication

Problem

You need to make sure that bots or automated scripts are not able to abuse your web site's resources.

Solution

Distorted strings of random letters and numbers over an obscuring background of gradients, speckles, and lines (see Figure 7-6) have become an increasingly popular way to ensure that the user of a web form or other server resource is a human, rather than another computer. They even have their own acronym—Captcha—which stands for "completely automated public Turing test to tell computers and humans apart."

Hotmail uses a Captcha on its sign-up page to prevent spammers from signing up for throw-away email accounts

Figure 7-6. Hotmail uses a Captcha on its sign-up page to prevent spammers from signing up for throw-away email accounts

Tip

In the early days of modern computing. Alan Turing proposed a method for testing a computer's skill at mimicking a human. You can add a human-readable graphical character string that must be retyped correctly for a form submission to be accepted using one of many Captcha generators and validators that are available for a variety of programming languages (refer to the "See Also" section in this Recipe for links to some of them).

You can sign up for a hosted Captcha service (free for non-commercial use) at http://captchas.net by emailing the developer to request a username. You'll receive a confirmation, a secret key, and a link to code samples for implementing the service with PHP (

Get Web Site Cookbook now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.