CAPTCHA - part 1 : "Are you human or ....?" (Introduction)



PHP CAPTCHA Tutorial: Nowdays, forms in many sites have a image that we must rewrite its content to a textbox for validation. Its content can be a sequence of numeric, alphabet, or mixed (that we called alphanumeric). For example, you will find it at yahoo register form, google register form, blog creation form, and many sites. Security reason.

Why we must use this item for security?

Look at this simple form: 
<Form method='get' action='logon.php'>
Put your name please <Input type='text' name='name'><br>
<Input type='submit' name='submit' value='submit'>
</Form>

This form will collect information from user. This information will be stored at table in database. When somebody submit this form, you can see this url in address bar:

http://mysite.com/logon.php?name=Wiwit+Siswoutomo

Now, what a weakness about this way?

Imagine, there is somebody write this code:

<?
for($i=0;$i<=1000;$i++){
$lines = file('http://www.mysite.com/logon.php?name=Just+Kidding');
}
?>

And then he upload in anything server. Execute that code. Without open legal form, he can fulfill that information. Not only one information, a thousand. How about he rewrite become:

<?
for($i=0;$i<=1000000;$i++){

}
?>
only in several mili seconds, he can store a milion data!

Series this article:
CAPTCHA - part 1 : "Are you human or ....?" (Introduction)
CAPTCHA - part 2: "Are you human or ....?"
CAPTCHA - part 3 : "Are you human or ....?" (Build Your CAPTCHA)
CAPTCHA - part 4 : "Are you human or ....?" (Modify Your CAPTCHA)


Tag: captcha, php security, php class Category: PHP Security, PHP Classes Post : October 05th 2007 Read: 2,488 Bookmark and Share

blog comments powered by Disqus