implementing captcha in Flash

Question

Hi I'm developing a flash registration form and I need to incorporate dynamic 'captcha' images for confirmation. Can anyone recommend a best solution for doing this?

Answer 1

Making a strong captcha is not a trivial task. It must be hard enough for bots to fail, but easy enough for humans to succeed... I would take a look at existing systems and possibly use them. reCAPTCHA is popular http://recaptcha.net/ . It might be possible to use it through flash, but I have not looked into it.

Answer 2

Captcha is used to prevent bots from submitting html forms which is easily accomplished since html is easily understood and processed programmatically. The same is not true for a Flash application. It would be difficult for a bot to generically submit Flash forms if it was not specifically made to target your site.

Therefore you don't need to worry about the spam problem captcha solves when working with a Flash application.

Answer 3

Chances are, bots aren't going to be written for your website. If the need ever arises, a simple "add these two numbers for me, k?" would be simple enough.

In all honesty, i doubt someone would write letter recognition to sign up a few hundred times on your website =/

You should be more worried about someone disassembling [or whatever the flash term is] your .swf s and simply sending "register" messages to your server =/

And yes, by that, i tried to imply that Captcha must be applied server side, or, really, its not that hard to go around.

Answer 4

It's not that different from a captcha in an HTML form, really.

Suppose you're using php on the server and you have a captcha.php scritp that generates the captcha image and saves its value in the session. In an HTML form, you'd use an element and set its src to captcha.php. The user would fill up a field with the text they see in the image. In the script that receives the post, you'd check if the user input matches the session value.

In a flash form, it's exactly the same. You load the image calling captcha.php and ask the user to type the extra field. Then, when you post the data to the server you pass the value typed by the user in the captcha field and the server matches that against the value it has stored in the session when you called captcha.php.

So, basically, it's the same as in an HTML form.

Answer 5

We had a strong need to implement CAPTCHA into a flash animation/form.

The most important point to note is that either FF or IE (can’t remember which one) doesn’t send any cookies back with a web service call. So if you’re submitting your form to a .Net web service you can’t use the session state of the http request to store the captcha text and then compare the user entered captcha value on submttion to the web service (session enabled web method)

We implemented the following:

• Set a unique token value (Guid) on the web page
• pass this token as a flashvar to the flash movie
• load the captcha image into the flash with the token as a url param. Ie captchaImg.aspx?t=xxxxxxx
• during that request save the random captcha text in a table with the token
• when the user submits their form, compare the token and user entered captcha value with the one in the table

This approach works very well for us.

It’s also web farm safe.

Answer 6

public class Captcha extends Sprite{

   private var question:String = "How do you feel?";        
   private var _answer:String;
   private var isRobot:Boolean;

   public function Captcha(answer:String){
            _answer = answer;
        }
   public function checkAnswer():Boolean
       if(answer != "sad"){
          isRobot = true;
          return isRobot;
       }else{
          isRobot = false;
          return isRobot;
       }
    }
}