In a previous post I gave a recipe for creating and verifying CAPTCHA images. In practice that method could be vulnerable to a replay attack. That is, once a valid cookie and image text value were obtained, they could be reused again. This post describes a way to add a timeout, so that the valid value can be made to expire after a short period of time.
CAPTCHA Revisited
Using GD and CAPTCHA
Now that I've got the GD module installed and working, it's time to give it something useful to do. In this post I'll describe how to generate and verify a CAPTCHA. Sadly, for the rest of us, spammers have taken to abusing free services available on the web via HTML forms. CAPTCHA is an attempt to limit form users to the human variety, in this case by asking the them to type in the letters displayed in an image.
Getting Started With Image Manipulation
I've had a couple jobs recently that required scripts to automatically manipulate images. I wrote one in PHP, using ImageMagick, and the other was in Perl, also using Image::Magick. I decided I wanted to do some of this sort of stuff on my Mac OS X iBook, but for various reasons wanted to give the GD module a try instead. I set aside an entire afternoon of free time, warned the family to stay clear, and prepared for the coming hours of thrashing in installation hell. Surprisingly, before I could even finish brewing the first cup of coffee, I was done.