summaryrefslogtreecommitdiffstats
path: root/user_guide_src/source/helpers/captcha_helper.rst
blob: 48095a11dea1fa9c655e0c52636eec1b0c192e1f (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
##############
CAPTCHA Helper
##############

The CAPTCHA Helper file contains functions that assist in creating
CAPTCHA images.

.. contents:: Page Contents

Loading this Helper
===================

This helper is loaded using the following code

::

	$this->load->helper('captcha');

The following functions are available:

create_captcha($data)
=====================

Takes an array of information to generate the CAPTCHA as input and
creates the image to your specifications, returning an array of
associative data about the image.

.. php:method:: function create_captcha($data = '', $img_path = '', $img_url = '', $font_path = '')

	:param array 	$data: array of data for the CAPTCHA
	:param string 	$img_path: path to create the image in
	:param string	$img_url: URL to the CAPTCHA image folder
	:param string	$font_path: server path to font
	:returns: array('word' => $word, 'time' => $now, 'image' => $img)


::

	[array] (
		'image' => IMAGE TAG   
		'time'  => TIMESTAMP (in microtime)   
		'word'  => CAPTCHA WORD )

The "image" is the actual image tag:

::

	<img src="http://example.com/captcha/12345.jpg" width="140" height="50" />


The "time" is the micro timestamp used as the image name without the
file extension. It will be a number like this: 1139612155.3422

The "word" is the word that appears in the captcha image, which if not
supplied to the function, will be a random string.

Using the CAPTCHA helper
------------------------

Once loaded you can generate a captcha like this

::

	$vals = array(     
		'word'       => 'Random word',     
		'img_path'   => './captcha/',     
		'img_url'    => 'http://example.com/captcha/',     
		'font_path'  => './path/to/fonts/texb.ttf',     
		'img_width'  => '150',     
		'img_height' => 30,     
		'expiration' => 7200     
	);

	$cap = create_captcha($vals); echo $cap['image'];


-  The captcha function requires the GD image library.
-  Only the img_path and img_url are required.
-  If a "word" is not supplied, the function will generate a random
   ASCII string. You might put together your own word library that you
   can draw randomly from.
-  If you do not specify a path to a TRUE TYPE font, the native ugly GD
   font will be used.
-  The "captcha" folder must be writable (666, or 777)
-  The "expiration" (in seconds) signifies how long an image will remain
   in the captcha folder before it will be deleted. The default is two
   hours.

Adding a Database
-----------------

In order for the captcha function to prevent someone from submitting,
you will need to add the information returned from create_captcha()
function to your database. Then, when the data from the form is
submitted by the user you will need to verify that the data exists in
the database and has not expired.

Here is a table prototype

::

	CREATE TABLE captcha (  
		captcha_id bigint(13) unsigned NOT NULL auto_increment,  
		captcha_time int(10) unsigned NOT NULL,  
		ip_address varchar(16) default '0' NOT NULL,  
		word varchar(20) NOT NULL,  
		PRIMARY KEY `captcha_id` (`captcha_id`),  
		KEY `word` (`word`)
	);

Here is an example of usage with a database. On the page where the
CAPTCHA will be shown you'll have something like this

::

	$this->load->helper('captcha');
	$vals = array(     
		'img_path'	=> './captcha/',     
		'img_url'	=> 'http://example.com/captcha/'     
	);

	$cap = create_captcha($vals);
	$data = array(     
		'captcha_time'	=> $cap['time'],     
		'ip_address'	=> $this->input->ip_address(),     
		'word'		=> $cap['word']     
	);

	$query = $this->db->insert_string('captcha', $data);
	$this->db->query($query);

	echo 'Submit the word you see below:';
	echo $cap['image']; 
	echo '<input type="text" name="captcha" value="" />';

Then, on the page that accepts the submission you'll have something like
this

::

	// First, delete old captchas
	$expiration = time() - 7200; // Two hour limit
	$this->db->where('captcha_time < ', $expiration)
		 ->delete('captcha');

	// Then see if a captcha exists:
	$sql = "SELECT COUNT(*) AS count FROM captcha WHERE word = ? AND ip_address = ? AND captcha_time > ?";
	$binds = array($_POST['captcha'], $this->input->ip_address(), $expiration);
	$query = $this->db->query($sql, $binds);
	$row = $query->row();

	if ($row->count == 0)
	{     
		echo "You must submit the word that appears in the image";
	}