views:

62

answers:

2

I have created a captcha image making program with PHP

<?php
function word($n) {
    $consonants = "bcdfghjklmnpqrstvwxyzBCDFGHJKLMNPQRSTVWXYZ";
    $vowels = "aeiou";
    $word[1] =  $consonants[rand(0, 41)];
    $word[2] .= $vowels[rand(0, 4)];
    $word[3] .= $consonants[rand(0, 41)];
    $word[4] .= $consonants[rand(0, 41)];
    return $word[$n];
}

    $xs = 550;
    $ys = 300;
    $im = imagecreatetruecolor($xs, $ys);
    $newim = imagecreatetruecolor($xs, $ys);
    imagettftext($im, $ys/5, rand(-10, 10), rand(0, 10), $ys/2, 0xFFFFFF, "geosans.ttf", word(1));
    imagettftext($im, $ys/4.5, rand(-10, 10), rand(50, 70), $ys/2, 0xFFFFFF, "geosans.ttf", word(2));
    imagettftext($im, $ys/4, rand(-10, 10), rand(100, 150), $ys/2, 0xFFFFFF, "geosans.ttf", word(3));
    imagettftext($im, $ys/3.5, rand(-10, 10), rand(185, 210), $ys/2, 0xFFFFFF, "geosans.ttf", word(4));
    for ($x=0; $x<=$xs;$x++){
        for ($y=0; $y<=$ys;$y++){
            $rgba = imagecolorsforindex($im, imagecolorat($im, $x, $y));
            $col = imagecolorallocate($newim, $rgba["red"], $rgba["green"], $rgba["blue"]);

            $distorted_y = ($y + round(45*sin($x/50)) + imagesy($im)) % imagesy($im);
            imagesetpixel($newim, $x, $distorted_y, $col);
        }
    }

    imagefilter($newim, IMG_FILTER_NEGATE);


    header("Content-type: image/png");
    imagepng($newim);
?>

But how can I apply it?

How does the official captcha website encrypt their's

This is an example

http://www.google.com/recaptcha/api/image?c=03AHJ_VutAc1sMxyCE0N98Kh2AfMGlGmu7_DzzFP3Rn1gLHdbDulOQYK0w-sVrxqHWSTBCfVBipmqY-ywmme2_cuClW5QBRzKdzRSJeMWyme1aoGZ-y0OluiSfn-uKDExfVCo2PGrTao2wWpBLultbUEsctlJ97JXKCQ

Overall, I'm asking how can I safely encrypt my data?

+2  A: 

Google has millions of users, and I'm sure is targeted hundreds of thousands of times per day by malicious bots. In some cases something like base64_encode will work - in Google's case they probably use PGP (which is way overkill for most applications). The middle ground in my opinion would be something along the lines of base64 encoded MCRYPT (to keep the query string URL friendly).

http://us2.php.net/mcrypt

http://us2.php.net/base64_encode

Mahdi.Montgomery
+2  A: 

you could do it the same way as you could store passwords in your database. Hash them with MD5 with some random sort of SALT.

http://www.pixel2life.com/publish/tutorials/118/understanding_md5_password_encryption/

Alfred