PHP的数字Captcha

Is there a numeric captcha available for PHP?

(which doesn't rely on JavaScript being turned on)

EDIT:

  • I know there are JS-independent captchas out there.
  • I know there are PHP captchas out there.
  • I know there are numeric captchas out there.

But I'm looking for a PHP numeric Javascript-independent captcha.
The only numeric captcha's I've found are either for ASP.NET or jQuery/JS based ones.
I don't want any of those as an answer to the question.

And I'm not taking about a small website here. In the answer I'd like to know whether your suggestion puts a lot of strain on the server or not.

I guess it can't be avoided to deal with rendering an image when dealing with captchas? Here's a simple one (and may not be the most elegant):

sample output

session_start();

$strings = '123456789';
$i = 0;
$characters = 6;
$code = '';
while ($i < $characters)
{ 
    $code .= substr($strings, mt_rand(0, strlen($strings)-1), 1);
    $i++;
} 

$_SESSION['captcha'] = $code;

//generate image
$im = imagecreatetruecolor(124, 40);
$foreground = imagecolorallocate($im, 0, 0, 0);
$shadow = imagecolorallocate($im, 173, 172, 168);
$background = imagecolorallocate($im, 255, 255, 255);

imagefilledrectangle($im, 0, 0, 200, 200, $background);

// use your own font!
$font = 'monofont.ttf';

//draw text:
imagettftext($im, 35, 0, 9, 28, $shadow, $font, $code);
imagettftext($im, 35, 0, 2, 32, $foreground, $font, $code);     

// prevent client side  caching
header("Expires: Wed, 1 Jan 1997 00:00:00 GMT");
header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
header("Cache-Control: no-store, no-cache, must-revalidate");
header("Cache-Control: post-check=0, pre-check=0", false);
header("Pragma: no-cache");

//send image to browser
header ("Content-type: image/png");
imagepng($im);
imagedestroy($im);

Display it in a form:

<img src="captcha.php">
Enter the code above: <input type="text" name="captcha">

Once submitted, check the entered code:

if ($_POST['captcha'] == $_SESSION['captcha'])
    // do your thing

CAPTCHA's dont necessarily rely on javascript (I think your thinking of reCATCHA), a stand alone image is all you need.

http://www.phpcaptcha.org/

At it's most simple, a numeric CAPTCHA would work like...

<?php
session_start();

if (isset($_POST['code'])) {
    if ($_POST['code'] == $_SESSION['captcha']) {
        echo "Captcha valid";
    }
    else {
        echo "Captcha NOT valid";
    }
}

$_SESSION['captcha'] = mt_rand(10000, 99999);
?>
<form action="" method="post">
    <p>Enter this number: <?php echo $_SESSION['captcha']; ?></p>
    <p><input type="text" name="code" /> <input type="submit" value="Submit" />
</form>

May be you have also thought about a figlet captcha. This saves lots of time, because you don't need images to be rendered. In my homepage I am using this kind of captcha. You may take a look at this page (scroll to the bottom, you can't oversee it ;)). I've implemented it via Zend-Framework. Better said with Zend_Captcha_Figlet.

However I think it's hard to implement if you are not using Zend_Form. But I think it's quite a nice solution.

EDIT

Another solution would be a blind-captcha. It's very easy to implement and works great (had good experience with that for a long time). It works like this:

  • In your form provide an input-field with an empty value.
  • Hide it initially via css (this should not be done with inline-styles)
  • in your form-validation (php) check if this field contains a value. if so it's probably a spambot who filled out each and every input-field.
  • A user won't fill it, because he doesn't see it (of course he will see it, if he has disabled css in his browser)

Easy, but effective.

Don't go for any other php files for adding numerical captcha in your form.Just try the following

    <input id="num1" type="text" name="num1" value="<?php echo rand(1,4); ?>" readonly="readonly" /> +
<input id="num2" type="text" name="num2" value="<?php echo rand(5,9); ?>" readonly="readonly" /> =
<input id="captcha" class="captcha" type="text" onblur="check_captcha(this.value);" maxlength="2" />

and in the function you can validate easily

<script>
function check_captcha(res)
{
if(res)
{
var val=parseInt($('#num1').val())+parseInt($('#num2').val());
if(val!=res)
{
alert('Incorrect value, please try again');
$('#captcha').val('');
$('#captcha').focus();
}
}
}
</script>

Just open any captcha php file and remove letters from the string which generates captcha word

You can use http://www.captcha.ru/kcaptcha/ Default this library generate key with alphabet symbols, but you can change config file(set new value for variable $allowed_symbols = "0123456789" as example) for generating only numeric keys.