Initial upload to TYPO3 Forge
[TYPO3CMS/Extensions/sr_freecap.git] / pi1 / freecap141.php
1 <?
2 if (!defined('freeCap')) die ('Access denied.');
3 /************************************************************\
4 *
5 * freeCap v1.4.1 Copyright 2005 Howard Yeend
6 * www.puremango.co.uk
7 *
8 * This file is part of freeCap.
9 *
10 * freeCap is free software; you can redistribute it and/or modify
11 * it under the terms of the GNU General Public License as published by
12 * the Free Software Foundation; either version 2 of the License, or
13 * (at your option) any later version.
14 *
15 * freeCap is distributed in the hope that it will be useful,
16 * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 * GNU General Public License for more details.
19 *
20 * You should have received a copy of the GNU General Public License
21 * along with freeCap; if not, write to the Free Software
22 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
23 *
24 *
25 \************************************************************/
26
27 session_start();
28
29 //////////////////////////////////////////////////////
30 ////// User Defined Vars:
31 //////////////////////////////////////////////////////
32
33 // try to avoid the 'free p*rn' method of CAPTCHA circumvention
34 // see www.wikipedia.com/captcha for more info
35 $site_tags[0] = "To avoid spam, please do NOT enter the text if";
36 $site_tags[1] = "this site is not puremango.co.uk";
37 // or more simply:
38 //$site_tags[0] = "for use only on puremango.co.uk";
39 // reword or add lines as you please
40 // or if you don't want any text:
41 $site_tags = null;
42
43 // where to write the above:
44 // 0=top
45 // 1=bottom
46 // 2=both
47 $tag_pos = 1;
48
49 // functions to call for random number generation
50 // mt_rand produces 'better' random numbers
51 // but if your server doesn't support it, it's fine to use rand instead
52 $rand_func = "mt_rand";
53 $seed_func = "mt_srand";
54
55 // which type of hash to use?
56 // possible values: "sha1", "md5", "crc32"
57 // sha1 supported by PHP4.3.0+
58 // md5 supported by PHP3+
59 // crc32 supported by PHP4.0.1+
60 $hash_func = "sha1";
61 // store in session so can validate in form processor
62 $_SESSION['hash_func'] = $hash_func;
63
64 // image type:
65 // possible values: "jpg", "png", "gif"
66 // jpg doesn't support transparency (transparent bg option ends up white)
67 // png isn't supported by old browsers (see http://www.libpng.org/pub/png/pngstatus.html)
68 // gif may not be supported by your GD Lib.
69 $output = "png";
70
71 // 0=generate pseudo-random string, 1=use dictionary
72 // dictionary is easier to recognise
73 // - both for humans and computers, so use random string if you're paranoid.
74 $use_dict = 1;
75 // if your server is NOT set up to deny web access to files beginning ".ht"
76 // then you should ensure the dictionary file is kept outside the web directory
77 // eg: if www.foo.com/index.html points to c:\website\www\index.html
78 // then the dictionary should be placed in c:\website\dict.txt
79 // test your server's config by trying to access the dictionary through a web browser
80 // you should NOT be able to view the contents.
81 // can leave this blank if not using dictionary
82 $dict_location = "./.ht_freecap_words";
83
84 // used to calculate image width, and for non-dictionary word generation
85 $max_word_length = 6;
86
87 // text colour
88 // 0=one random colour for all letters
89 // 1=different random colour for each letter
90 $col_type = 1;
91
92 // maximum times a user can refresh the image
93 // on a 6500 word dictionary, I think 15-50 is enough to not annoy users and make BF unfeasble.
94 // further notes re: BF attacks in "avoid brute force attacks" section, below
95 // on the other hand, those attempting OCR will find the ability to request new images
96 // very useful; if they can't crack one, just grab an easier target...
97 // for the ultra-paranoid, setting it to <5 will still work for most users
98 $max_attempts = 20;
99
100 // list of fonts to use
101 // font size should be around 35 pixels wide for each character.
102 // you can use my GD fontmaker script at www.puremango.co.uk to create your own fonts
103 // There are other programs to can create GD fonts, but my script allows a greater
104 // degree of control over exactly how wide each character is, and is therefore
105 // recommended for 'special' uses. For normal use of GD fonts,
106 // the GDFontGenerator @ http://www.philiplb.de is excellent for convering ttf to GD
107
108 // the fonts included with freeCap *only* include lowercase alphabetic characters
109 // so are not suitable for most other uses
110 // to increase security, you really should add other fonts
111 $font_locations = Array("./.ht_freecap_font1.gdf","./.ht_freecap_font2.gdf","./.ht_freecap_font3.gdf","./.ht_freecap_font4.gdf","./.ht_freecap_font5.gdf");
112
113 // background:
114 // 0=transparent (if jpg, white)
115 // 1=white bg with grid
116 // 2=white bg with squiggles
117 // 3=morphed image blocks
118 // 'random' background from v1.3 didn't provide any extra security (according to 2 independent experts)
119 // many thanks to http://ocr-research.org.ua and http://sam.zoy.org/pwntcha/ for testing
120 // for jpgs, 'transparent' is white
121 $bg_type = 2;
122 // should we blur the background? (looks nicer, makes text easier to read, takes longer)
123 $blur_bg = false;
124 // for bg_type 3, which images should we use?
125 // if you add your own, make sure they're fairly 'busy' images (ie a lot of shapes in them)
126 $bg_images = Array("./.ht_freecap_im1.jpg","./.ht_freecap_im2.jpg","./.ht_freecap_im3.jpg","./.ht_freecap_im4.jpg","./.ht_freecap_im5.jpg");
127 // for non-transparent backgrounds only:
128 // if 0, merges CAPTCHA with bg
129 // if 1, write CAPTCHA over bg
130 $merge_type = 0;
131 // should we morph the bg? (recommend yes, but takes a little longer to compute)
132 $morph_bg = true;
133
134 // you shouldn't need to edit anything below this, but it's extensively commented if you do want to play
135 // have fun, and email me with ideas, or improvements to the code (very interested in speed improvements)
136 // hope this script saves some spam :-)
137
138
139
140 //////////////////////////////////////////////////////
141 ////// Create Images + initialise a few things
142 //////////////////////////////////////////////////////
143
144 // seed random number generator
145 // PHP 4.2.0+ doesn't need this, but lower versions will
146 $seed_func(make_seed());
147
148 // how faded should the bg be? (100=totally gone, 0=bright as the day)
149 // to test how much protection the bg noise gives, take a screenshot of the freeCap image
150 // and take it into a photo editor. play with contrast and brightness.
151 // If you can remove most of the bg, then it's not a good enough percentage
152 switch($bg_type)
153 {
154 case 0:
155 break;
156 case 1:
157 case 2:
158 $bg_fade_pct = 65;
159 break;
160 case 3:
161 $bg_fade_pct = 50;
162 break;
163 }
164 // slightly randomise the bg fade
165 $bg_fade_pct += $rand_func(-2,2);
166
167 // read each font and get font character widths
168 $font_widths = Array();
169 for($i=0 ; $i<sizeof($font_locations) ; $i++)
170 {
171 $handle = fopen($font_locations[$i],"r");
172 // read header of GD font, up to char width
173 $c_wid = fread($handle,11);
174 $font_widths[$i] = ord($c_wid{8})+ord($c_wid{9})+ord($c_wid{10})+ord($c_wid{11});
175 fclose($handle);
176 }
177
178 // modify image width depending on maximum possible length of word
179 // you shouldn't need to use words > 6 chars in length really.
180 $width = ($max_word_length*(array_sum($font_widths)/sizeof($font_widths))+75);
181 $height = 90;
182
183 $im = ImageCreate($width, $height);
184 $im2 = ImageCreate($width, $height);
185
186
187
188 //////////////////////////////////////////////////////
189 ////// Avoid Brute Force Attacks:
190 //////////////////////////////////////////////////////
191 if(empty($_SESSION['freecap_attempts']))
192 {
193 $_SESSION['freecap_attempts'] = 1;
194 } else {
195 $_SESSION['freecap_attempts']++;
196
197 // if more than ($max_attempts) refreshes, block further refreshes
198 // can be negated by connecting with new session id
199 // could get round this by storing num attempts in database against IP
200 // could get round that by connecting with different IP (eg, using proxy servers)
201 // in short, there's little point trying to avoid brute forcing
202 // the best way to protect against BF attacks is to ensure the dictionary is not
203 // accessible via the web or use random string option
204 if($_SESSION['freecap_attempts']>$max_attempts)
205 {
206 $_SESSION['freecap_word_hash'] = false;
207
208 $bg = ImageColorAllocate($im,255,255,255);
209 ImageColorTransparent($im,$bg);
210
211 $red = ImageColorAllocate($im, 255, 0, 0);
212 // depending on how rude you want to be :-)
213 //ImageString($im,5,0,20,"bugger off you spamming bastards!",$red);
214 ImageString($im,5,15,20,"service no longer available",$red);
215
216 sendImage($im);
217 }
218 }
219
220
221
222
223
224 //////////////////////////////////////////////////////
225 ////// Functions:
226 //////////////////////////////////////////////////////
227 function make_seed() {
228 // from http://php.net/srand
229 list($usec, $sec) = explode(' ', microtime());
230 return (float) $sec + ((float) $usec * 100000);
231 }
232
233 function rand_color() {
234 global $bg_type,$rand_func;
235 if($bg_type==3)
236 {
237 // needs darker colour..
238 return $rand_func(10,100);
239 } else {
240 return $rand_func(60,170);
241 }
242 }
243
244 function myImageBlur($im)
245 {
246 // w00t. my very own blur function
247 // in GD2, there's a gaussian blur function. bunch of bloody show-offs... :-)
248
249 $width = imagesx($im);
250 $height = imagesy($im);
251
252 $temp_im = ImageCreateTrueColor($width,$height);
253 $bg = ImageColorAllocate($temp_im,150,150,150);
254
255 // preserves transparency if in orig image
256 ImageColorTransparent($temp_im,$bg);
257
258 // fill bg
259 ImageFill($temp_im,0,0,$bg);
260
261 // anything higher than 3 makes it totally unreadable
262 // might be useful in a 'real' blur function, though (ie blurring pictures not text)
263 $distance = 1;
264 // use $distance=30 to have multiple copies of the word. not sure if this is useful.
265
266 // blur by merging with itself at different x/y offsets:
267 ImageCopyMerge($temp_im, $im, 0, 0, 0, $distance, $width, $height-$distance, 70);
268 ImageCopyMerge($im, $temp_im, 0, 0, $distance, 0, $width-$distance, $height, 70);
269 ImageCopyMerge($temp_im, $im, 0, $distance, 0, 0, $width, $height, 70);
270 ImageCopyMerge($im, $temp_im, $distance, 0, 0, 0, $width, $height, 70);
271 // remove temp image
272 ImageDestroy($temp_im);
273
274 return $im;
275 }
276
277 function sendImage($pic)
278 {
279 // output image with appropriate headers
280 global $output,$im,$im2,$im3;
281 header(base64_decode("WC1DYXB0Y2hhOiBmcmVlQ2FwIDEuNCAtIHd3dy5wdXJlbWFuZ28uY28udWs="));
282 switch($output)
283 {
284 // add other cases as desired
285 case "jpg":
286 header("Content-Type: image/jpeg");
287 ImageJPEG($pic);
288 break;
289 case "gif":
290 header("Content-Type: image/gif");
291 ImageGIF($pic);
292 break;
293 case "png":
294 default:
295 header("Content-Type: image/png");
296 ImagePNG($pic);
297 break;
298 }
299
300 // kill GD images (removes from memory)
301 ImageDestroy($im);
302 ImageDestroy($im2);
303 ImageDestroy($pic);
304 if(!empty($im3))
305 {
306 ImageDestroy($im3);
307 }
308 exit();
309 }
310
311
312
313
314 //////////////////////////////////////////////////////
315 ////// Choose Word:
316 //////////////////////////////////////////////////////
317 if($use_dict==1)
318 {
319 // load dictionary and choose random word
320 $words = @file($dict_location);
321 $word = strtolower($words[$rand_func(0,sizeof($words)-1)]);
322 // cut off line endings/other possible odd chars
323 $word = ereg_replace("[^a-z]","",$word);
324 // might be large file so forget it now (frees memory)
325 $words = "";
326 unset($words);
327 } else {
328 // based on code originally by breakzero at hotmail dot com
329 // (http://uk.php.net/manual/en/function.rand.php)
330 // generate pseudo-random string
331 // doesn't use ijtf as are easily mistaken
332
333 // I'm not using numbers because the custom fonts I've created don't support anything other than
334 // lowercase or space (but you can download new fonts or create your own using my GD fontmaker script)
335 $consonants = 'bcdghklmnpqrsvwxyz';
336 $vowels = 'aeuo';
337 $word = "";
338
339 $wordlen = $rand_func(5,$max_word_length);
340
341 for($i=0 ; $i<$wordlen ; $i++)
342 {
343 // don't allow to start with 'vowel'
344 if($rand_func(0,4)>=2 && $i!=0)
345 {
346 $word .= $vowels{$rand_func(0,strlen($vowels)-1)};
347 } else {
348 $word .= $consonants{$rand_func(0,strlen($consonants)-1)};
349 }
350 }
351 }
352
353 // save hash of word for comparison
354 // using hash so that if there's an insecurity elsewhere (eg on the form processor),
355 // an attacker could only get the hash
356 // also, shared servers usually give all users access to the session files
357 // echo `ls /tmp`; and echo `more /tmp/someone_elses_session_file`; usually work
358 // so even if your site is 100% secure, someone else's site on your server might not be
359 // hence, even if attackers can read the session file, they can't get the freeCap word
360 // (though most hashes are easy to brute force for simple strings)
361 $_SESSION['freecap_word_hash'] = $hash_func($word);
362
363
364
365
366 //////////////////////////////////////////////////////
367 ////// Fill BGs and Allocate Colours:
368 //////////////////////////////////////////////////////
369
370 // set tag colour
371 // have to do this before any distortion
372 // (otherwise colour allocation fails when bg type is 1)
373 $tag_col = ImageColorAllocate($im,10,10,10);
374 $site_tag_col2 = ImageColorAllocate($im2,0,0,0);
375
376 // set debug colours (text colours are set later)
377 $debug = ImageColorAllocate($im, 255, 0, 0);
378 $debug2 = ImageColorAllocate($im2, 255, 0, 0);
379
380 // set background colour (can change to any colour not in possible $text_col range)
381 // it doesn't matter as it'll be transparent or coloured over.
382 // if you're using bg_type 3, you might want to try to ensure that the color chosen
383 // below doesn't appear too much in any of your background images.
384 $bg = ImageColorAllocate($im, 254, 254, 254);
385 $bg2 = ImageColorAllocate($im2, 254, 254, 254);
386
387 // set transparencies
388 ImageColorTransparent($im,$bg);
389 // im2 transparent to allow characters to overlap slightly while morphing
390 ImageColorTransparent($im2,$bg2);
391
392 // fill backgrounds
393 ImageFill($im,0,0,$bg);
394 ImageFill($im2,0,0,$bg2);
395
396 if($bg_type!=0)
397 {
398 // generate noisy background, to be merged with CAPTCHA later
399 // any suggestions on how best to do this much appreciated
400 // sample code would be even better!
401 // I'm not an OCR expert (hell, I'm not even an image expert; puremango.co.uk was designed in MsPaint)
402 // so the noise models are based around my -guesswork- as to what would make it hard for an OCR prog
403 // ideally, the character obfuscation would be strong enough not to need additional background noise
404 // in any case, I hope at least one of the options given here provide some extra security!
405
406 $im3 = ImageCreateTrueColor($width,$height);
407 $temp_bg = ImageCreateTrueColor($width*1.5,$height*1.5);
408 $bg3 = ImageColorAllocate($im3,255,255,255);
409 ImageFill($im3,0,0,$bg3);
410 $temp_bg_col = ImageColorAllocate($temp_bg,255,255,255);
411 ImageFill($temp_bg,0,0,$temp_bg_col);
412
413 // we draw all noise onto temp_bg
414 // then if we're morphing, merge from temp_bg to im3
415 // or if not, just copy a $widthx$height portion of $temp_bg to $im3
416 // temp_bg is much larger so that when morphing, the edges retain the noise.
417
418 if($bg_type==1)
419 {
420 // grid bg:
421
422 // draw grid on x
423 for($i=$rand_func(6,20) ; $i<$width*2 ; $i+=$rand_func(10,25))
424 {
425 ImageSetThickness($temp_bg,$rand_func(2,6));
426 $text_r = $rand_func(100,150);
427 $text_g = $rand_func(100,150);
428 $text_b = $rand_func(100,150);
429 $text_colour3 = ImageColorAllocate($temp_bg, $text_r, $text_g, $text_b);
430
431 ImageLine($temp_bg,$i,0,$i,$height*2,$text_colour3);
432 }
433 // draw grid on y
434 for($i=$rand_func(6,20) ; $i<$height*2 ; $i+=$rand_func(10,25))
435 {
436 ImageSetThickness($temp_bg,$rand_func(2,6));
437 $text_r = $rand_func(100,150);
438 $text_g = $rand_func(100,150);
439 $text_b = $rand_func(100,150);
440 $text_colour3 = ImageColorAllocate($temp_bg, $text_r, $text_g, $text_b);
441
442 ImageLine($temp_bg,0,$i,$width*2, $i ,$text_colour3);
443 }
444 } else if($bg_type==2) {
445 // draw squiggles!
446
447 $bg3 = ImageColorAllocate($im3,255,255,255);
448 ImageFill($im3,0,0,$bg3);
449 ImageSetThickness($temp_bg,4);
450
451 for($i=0 ; $i<strlen($word)+1 ; $i++)
452 {
453 $text_r = $rand_func(100,150);
454 $text_g = $rand_func(100,150);
455 $text_b = $rand_func(100,150);
456 $text_colour3 = ImageColorAllocate($temp_bg, $text_r, $text_g, $text_b);
457
458 $points = Array();
459 // draw random squiggle for each character
460 // the longer the loop, the more complex the squiggle
461 // keep random so OCR can't say "if found shape has 10 points, ignore it"
462 // each squiggle will, however, be a closed shape, so OCR could try to find
463 // line terminations and start from there. (I don't think they're that advanced yet..)
464 for($j=1 ; $j<$rand_func(5,10) ; $j++)
465 {
466 $points[] = $rand_func(1*(20*($i+1)),1*(50*($i+1)));
467 $points[] = $rand_func(30,$height+30);
468 }
469
470 ImagePolygon($temp_bg,$points,intval(sizeof($points)/2),$text_colour3);
471 }
472
473 } else if($bg_type==3) {
474 // take random chunks of $bg_images and paste them onto the background
475
476 for($i=0 ; $i<sizeof($bg_images) ; $i++)
477 {
478 // read each image and its size
479 $temp_im[$i] = ImageCreateFromJPEG($bg_images[$i]);
480 $temp_width[$i] = imagesx($temp_im[$i]);
481 $temp_height[$i] = imagesy($temp_im[$i]);
482 }
483
484 $blocksize = $rand_func(20,60);
485 for($i=0 ; $i<$width*2 ; $i+=$blocksize)
486 {
487 // could randomise blocksize here... hardly matters
488 for($j=0 ; $j<$height*2 ; $j+=$blocksize)
489 {
490 $image_index = $rand_func(0,sizeof($temp_im)-1);
491 $cut_x = $rand_func(0,$temp_width[$image_index]-$blocksize);
492 $cut_y = $rand_func(0,$temp_height[$image_index]-$blocksize);
493 ImageCopy($temp_bg, $temp_im[$image_index], $i, $j, $cut_x, $cut_y, $blocksize, $blocksize);
494 }
495 }
496 for($i=0 ; $i<sizeof($temp_im) ; $i++)
497 {
498 // remove bgs from memory
499 ImageDestroy($temp_im[$i]);
500 }
501
502 // for debug:
503 //sendImage($temp_bg);
504 }
505
506 // for debug:
507 //sendImage($im3);
508
509 if($morph_bg)
510 {
511 // morph background
512 // we do this separately to the main text morph because:
513 // a) the main text morph is done char-by-char, this is done across whole image
514 // b) if an attacker could un-morph the bg, it would un-morph the CAPTCHA
515 // hence bg is morphed differently to text
516 // why do we morph it at all? it might make it harder for an attacker to remove the background
517 // morph_chunk 1 looks better but takes longer
518
519 // this is a different and less perfect morph than the one we do on the CAPTCHA
520 // occasonally you get some dark background showing through around the edges
521 // it doesn't need to be perfect as it's only the bg.
522 $morph_chunk = $rand_func(1,5);
523 $morph_y = 0;
524 for($x=0 ; $x<$width ; $x+=$morph_chunk)
525 {
526 $morph_chunk = $rand_func(1,5);
527 $morph_y += $rand_func(-1,1);
528 ImageCopy($im3, $temp_bg, $x, 0, $x+30, 30+$morph_y, $morph_chunk, $height*2);
529 }
530
531 ImageCopy($temp_bg, $im3, 0, 0, 0, 0, $width, $height);
532
533 $morph_x = 0;
534 for($y=0 ; $y<=$height; $y+=$morph_chunk)
535 {
536 $morph_chunk = $rand_func(1,5);
537 $morph_x += $rand_func(-1,1);
538 ImageCopy($im3, $temp_bg, $morph_x, $y, 0, $y, $width, $morph_chunk);
539
540 }
541 } else {
542 // just copy temp_bg onto im3
543 ImageCopy($im3,$temp_bg,0,0,30,30,$width,$height);
544 }
545
546 ImageDestroy($temp_bg);
547
548 if($blur_bg)
549 {
550 myImageBlur($im3);
551 }
552 }
553 // for debug:
554 //sendImage($im3);
555
556
557
558
559 //////////////////////////////////////////////////////
560 ////// Write Word
561 //////////////////////////////////////////////////////
562
563 // write word in random starting X position
564 $word_start_x = $rand_func(5,32);
565 // y positions jiggled about later
566 $word_start_y = 15;
567
568 if($col_type==0)
569 {
570 $text_r = rand_color();
571 $text_g = rand_color();
572 $text_b = rand_color();
573 $text_colour2 = ImageColorAllocate($im2, $text_r, $text_g, $text_b);
574 }
575
576 // write each char in different font
577 for($i=0 ; $i<strlen($word) ; $i++)
578 {
579 if($col_type==1)
580 {
581 $text_r = rand_color();
582 $text_g = rand_color();
583 $text_b = rand_color();
584 $text_colour2 = ImageColorAllocate($im2, $text_r, $text_g, $text_b);
585 }
586
587 $j = $rand_func(0,sizeof($font_locations)-1);
588 $font = ImageLoadFont($font_locations[$j]);
589 ImageString($im2, $font, $word_start_x+($font_widths[$j]*$i), $word_start_y, $word{$i}, $text_colour2);
590 }
591 // use last pixelwidth
592 $font_pixelwidth = $font_widths[$j];
593
594 // for debug:
595 //sendImage($im2);
596
597
598
599
600
601 //////////////////////////////////////////////////////
602 ////// Morph Image:
603 //////////////////////////////////////////////////////
604
605 // calculate how big the text is in pixels
606 // (so we only morph what we need to)
607 $word_pix_size = $word_start_x+(strlen($word)*$font_pixelwidth);
608
609 // firstly move each character up or down a bit:
610 for($i=$word_start_x ; $i<$word_pix_size ; $i+=$font_pixelwidth)
611 {
612 // move on Y axis
613 // deviates at least 4 pixels between each letter
614 $prev_y = $y_pos;
615 do{
616 $y_pos = $rand_func(-5,5);
617 } while($y_pos<$prev_y+2 && $y_pos>$prev_y-2);
618 ImageCopy($im, $im2, $i, $y_pos, $i, 0, $font_pixelwidth, $height);
619
620 // for debug:
621 //ImageRectangle($im,$i,$y_pos+10,$i+$font_pixelwidth,$y_pos+70,$debug);
622 }
623
624 // for debug:
625 //sendImage($im);
626
627 ImageFilledRectangle($im2,0,0,$width,$height,$bg2);
628
629 // randomly morph each character individually on x-axis
630 // this is where the main distortion happens
631 // massively improved since v1.2
632 $y_chunk = 1;
633 $morph_factor = 1;
634 $morph_x = 0;
635 for($j=0 ; $j<strlen($word) ; $j++)
636 {
637 $y_pos = 0;
638 for($i=0 ; $i<=$height; $i+=$y_chunk)
639 {
640 $orig_x = $word_start_x+($j*$font_pixelwidth);
641 // morph x += so that instead of deviating from orig x each time, we deviate from where we last deviated to
642 // get it? instead of a zig zag, we get more of a sine wave.
643 // I wish we could deviate more but it looks crap if we do.
644 $morph_x += $rand_func(-$morph_factor,$morph_factor);
645 // had to change this to ImageCopyMerge when starting using ImageCreateTrueColor
646 // according to the manual; "when (pct is) 100 this function behaves identically to imagecopy()"
647 // but this is NOT true when dealing with transparencies...
648 ImageCopyMerge($im2, $im, $orig_x+$morph_x, $i+$y_pos, $orig_x, $i, $font_pixelwidth, $y_chunk, 100);
649
650 // for debug:
651 //ImageLine($im2, $orig_x+$morph_x, $i, $orig_x+$morph_x+1, $i+$y_chunk, $debug2);
652 //ImageLine($im2, $orig_x+$morph_x+$font_pixelwidth, $i, $orig_x+$morph_x+$font_pixelwidth+1, $i+$y_chunk, $debug2);
653 }
654 }
655
656 // for debug:
657 //sendImage($im2);
658
659 ImageFilledRectangle($im,0,0,$width,$height,$bg);
660 // now do the same on the y-axis
661 // (much easier because we can just do it across the whole image, don't have to do it char-by-char)
662 $y_pos = 0;
663 $x_chunk = 1;
664 for($i=0 ; $i<=$width ; $i+=$x_chunk)
665 {
666 // can result in image going too far off on Y-axis;
667 // not much I can do about that, apart from make image bigger
668 // again, I wish I could do 1.5 pixels
669 $y_pos += $rand_func(-1,1);
670 ImageCopy($im, $im2, $i, $y_pos, $i, 0, $x_chunk, $height);
671
672 // for debug:
673 //ImageLine($im,$i+$x_chunk,0,$i+$x_chunk,100,$debug);
674 //ImageLine($im,$i,$y_pos+25,$i+$x_chunk,$y_pos+25,$debug);
675 }
676
677 // for debug:
678 //sendImage($im);
679
680 // blur edges:
681 // doesn't really add any security, but looks a lot nicer, and renders text a little easier to read
682 // for humans (hopefully not for OCRs, but if you know better, feel free to disable this function)
683 // (and if you do, let me know why)
684 myImageBlur($im);
685
686 // for debug:
687 //sendImage($im);
688
689 if($output!="jpg" && $bg_type==0)
690 {
691 // make background transparent
692 ImageColorTransparent($im,$bg);
693 }
694
695
696
697
698
699 //////////////////////////////////////////////////////
700 ////// Try to avoid 'free p*rn' style CAPTCHA re-use
701 //////////////////////////////////////////////////////
702 // ('*'ed to stop my site coming up for certain keyword searches on google)
703
704 // can obscure CAPTCHA word in some cases..
705
706 // write site tags 'shining through' the morphed image
707 ImageFilledRectangle($im2,0,0,$width,$height,$bg2);
708 if(is_array($site_tags))
709 {
710 for($i=0 ; $i<sizeof($site_tags) ; $i++)
711 {
712 // ensure tags are centered
713 $tag_width = strlen($site_tags[$i])*6;
714 // write tag is chosen position
715 if($tag_pos==0 || $tag_pos==2)
716 {
717 // write at top
718 ImageString($im2, 2, intval($width/2)-intval($tag_width/2), (10*$i), $site_tags[$i], $site_tag_col2);
719 }
720 if($tag_pos==1 || $tag_pos==2)
721 {
722 // write at bottom
723 ImageString($im2, 2, intval($width/2)-intval($tag_width/2), ($height-34+($i*10)), $site_tags[$i], $site_tag_col2);
724 }
725 }
726 }
727 ImageCopyMerge($im2,$im,0,0,0,0,$width,$height,80);
728 ImageCopy($im,$im2,0,0,0,0,$width,$height);
729 // for debug:
730 //sendImage($im);
731
732
733
734
735 //////////////////////////////////////////////////////
736 ////// Merge with obfuscated background
737 //////////////////////////////////////////////////////
738
739 if($bg_type!=0)
740 {
741 // merge bg image with CAPTCHA image to create smooth background
742
743 // fade bg:
744 if($bg_type!=3)
745 {
746 $temp_im = ImageCreateTrueColor($width,$height);
747 $white = ImageColorAllocate($temp_im,255,255,255);
748 ImageFill($temp_im,0,0,$white);
749 ImageCopyMerge($im3,$temp_im,0,0,0,0,$width,$height,$bg_fade_pct);
750 // for debug:
751 //sendImage($im3);
752 ImageDestroy($temp_im);
753 $c_fade_pct = 50;
754 } else {
755 $c_fade_pct = $bg_fade_pct;
756 }
757
758 // captcha over bg:
759 // might want to not blur if using this method
760 // otherwise leaves white-ish border around each letter
761 if($merge_type==1)
762 {
763 ImageCopyMerge($im3,$im,0,0,0,0,$width,$height,100);
764 ImageCopy($im,$im3,0,0,0,0,$width,$height);
765 } else {
766 // bg over captcha:
767 ImageCopyMerge($im,$im3,0,0,0,0,$width,$height,$c_fade_pct);
768 }
769 }
770 // for debug:
771 //sendImage($im);
772
773
774 //////////////////////////////////////////////////////
775 ////// Write tags, remove variables and output!
776 //////////////////////////////////////////////////////
777
778 // tag it
779 // feel free to remove/change
780 // but if it's not essential I'd appreciate you leaving it
781 // after all, I've put a lot of work into this and am giving it away for free
782 // the least you could do is give me credit (or buy me stuff from amazon!)
783 // but I understand that in professional environments, your boss might not like this tag
784 // so that's cool.
785 $tag_str = "freeCap v1.41 - puremango.co.uk";
786 // for debug:
787 //$tag_str = "[".$word."]";
788
789 // ensure tag is right-aligned
790 $tag_width = strlen($tag_str)*6;
791 // write tag
792 ImageString($im, 2, $width-$tag_width, $height-13, $tag_str, $tag_col);
793
794 // unset all sensetive vars
795 // in case someone include()s this file on a shared server
796 // you might think this unneccessary, as it exit()s
797 // but by using register_shutdown_function
798 // on a -very- insecure shared server, they -might- be able to get the word
799 unset($word);
800 // the below aren't really essential, but might aid an OCR attack if discovered.
801 // so we unset them
802 unset($use_dict);
803 unset($dict_location);
804 unset($max_word_length);
805 unset($bg_type);
806 unset($bg_images);
807 unset($merge_type);
808 unset($bg_fade_pct);
809 unset($morph_bg);
810 unset($col_type);
811 unset($max_attempts);
812 unset($font_locations);
813
814
815 // output final image :-)
816 sendImage($im);
817 // (sendImage also destroys all used images)
818 ?>