PHP creating a very simple captcha
You just launched your contact form, and now you are receiving head spinning amounts of spam. How will you ever get it to stop? Where is this coming from?
Unfortunately we live in a day where many people are trying to make some quick bucks generating enormous amounts of spam to your inbox. One of the ways they do this is to use a bot to run around the internet looking for simple forms that it can submit it's spam to. These bots will eventually find their way onto your contact form, especially as you raise your page rank and show up better in search engines.
There are different techniques to stopping this sort of spam, one of the most popular being to use a CAPTCHA to verify that the entity submitting the form is a human. CAPTCHAs can be hard or easy to solve, you should make yours at an acceptable level of difficulty so you do not slow your conversion down but are able to thwart most of your spam at the same time. Beware though, that spam bots are getting smarter and are being equipped with better and better ways to get around the CAPTCHA. OCR ( optical character recognition ) is one of those ways, the computer looks at the image and then tries to decipher what the letters are in the image. Spam bots utilize this to fill out your CAPTCHA and deliver spam to you.
So you have made the decision to use a CAPTCHA, you want it to be simple to read but easy to modify and create. Here is how you can create the quick and easy CAPTCHA in php.Find a distorted or slightly hard to read font on the web somewhere. Dafont or any similar free font website can be a source for these. You will want to download a font in ttf format ( note that some fonts can have issues preventing them from being read by php, so you may have to try a few ). Take this font and then create a simple algorithm for generating some random characters and/or numbers. Store the random string in a session for that user viewing the page. Use the methods described a few posts back for adding text to an image with php/gd.Display this generated image to the user and give them a form to fill out. Use the values they filled out in the form to match against the random string you stored in session. If they match, then they have filled out your CAPTCHA correctly, if not then display an error message.
There are some "gotchas" with this method. You need to pick a font that is relatively difficult for spam bots to decipher but still easy enough for your audience to read. You need to also make sure that you reset the random string stored in session for each form submission, or else a bot could keep resubmitting a form without calling the captcha image again to try and brute force the captcha. You will want to verify that a captcha was submitted in the form as well, do not just check that session string and the value are the same. If a bot never calls the captcha image generator file and just submits a form, php might just validate the blank session variable against the blank post variable as true and it will bypass your captcha.