PHP Forum

**keithkiss** · 06-17-2008, 07:08 AM

I have a spam bot hitting my site and registering repeatedly.
Unfortunately, I have no idea how to add a captcha or block the IP.

Does anyone know an easy way to do this?

Thanks for any tips.

**Arenlor** · 06-17-2008, 07:22 AM

First to quickly block them to help you:

PHP Code:


			
if($_SERVER['REMOTE_ADDR'] != 0.0.0.0){//Your entire site}

Just wrap your site in that and change the IP (make an array if it's more than one).
http://www.arenblogs.com/arenlor/ has my custom made captcha.

PHP Code:


			
<?php session_start();
$imgWidth=120;
$imgHeight=50;
$image=imagecreate($imgWidth,$imgHeight);
$colorWhite=imagecolorallocate($image,255,255,255);
$colorRed=imagecolorallocate($image,255,0,0);
$colorBlack=imagecolorallocate($image,0,0,0);
for($i=0;$i<11;$i++){
    $x1 = rand(0,119);
    $x2 = rand(1,120);
    $y1 = rand(0,49);
    $y2 = rand(1,50);
    imageline($image,$x1,$y1,$x2,$y2,$colorBlack);
}
$key = $_SESSION['key'];
require_once('../conn.php');
if($key == ''){
    $rnum = str_pad(rand(0,9999),4,'0',STR_PAD_LEFT);
    $pattern = "abcdefghijklmnopqrstuvwxyz";
    $pattern2 = "ABCDEFGHIJKLMNOPQRSTUVWXYZ";
    $key = '';
    for($i=0;$i<4;$i++){
        $key .= $pattern{rand(0,25)};
    }
    $key2 = '';
    for($i=0;$i<4;$i++){
        $key2 .= $pattern2{rand(0,25)};
    }
    $string = $rnum.$key.$key2;
    $idb = "INSERT INTO `captcha` VALUES(NULL,'$string')";
    $dbi = mysql_query($idb);
    $lii = mysql_insert_id();
    $_SESSION['key'] = $lii;
    $_SESSION['lock'] = md5(md5($string));
}
else{
    $scg = "SELECT `captcha` FROM `captcha` WHERE `captcha_id` = $key";
    $gcs = mysql_query($scg);
    $string = mysql_fetch_array($gcs);
    $string = $string[0];
}
$font = imageloadfont("cfs.gdf");
imagestring($image,$font,1,15,$string,$colorRed);
for($i=0;$i<26;$i++){
    $w = rand(0,1);
    $h = rand(0,1);
    if($h == 0){
        imageline($image,$i*15,0,$i*15,50,$colorBlack);
    }
    else{
        imageline($image,$i*12,0,$i*12,50,$colorBlack);
    }
    if($w == 0){
        imageline($image,0,$i*10,120,$i*10,$colorBlack);
    }
    else{
        imageline($image,0,$i*8,120,$i*8,$colorBlack);
    }
}
header("Content-type: image/png");
imagepng($image);
imagedestroy($image);?>

There is a line in there: $font = imageloadfont("cfs.gdf"); that loads the font, I forget which one I chose, but I got it at http://www.devtrolls.com/gdf_fonts/fonts.html so you can go there to get your own font. I use a mysql database for added security:

PHP Code:


			
<?php session_start();
require_once('conn.php');
$key = $_SESSION['key'];
$lock = $_SESSION['lock'];
$captcha = $_POST['captcha'];
$ttg = "SELECT `captcha` FROM `captcha` WHERE `captcha_id` = $key";
$gtt = mysql_query($ttg);
$treasure = mysql_fetch_array($gtt);
$treasure = md5(md5($treasure[0]));
if(md5(md5($captcha)) != $lock || $lock != $treasure){header("Location: index.php");exit;}
//Code irrellevant to you
?>

That confirms that you have both the key and the lock and aren't forging your session.