Asirra Captcha PHP Integration

Asirra (Animal Species Image Recognition for Restricting Access) is a captcha technology developed by Microsoft. This article will explain how it’s different from other captcha systems, the benefits of using Asirra, and how to set it up on your PHP-based website.

 Unlike other types of captcha that utilize difficult text obfuscation techniques (such as Google reCaptcha), this system utilizes images of dogs and cats, such as those shown in the screen shot below:

 

The following are the main benefits of using the Asirra captcha system:

1. It is very user friendly to website users. Unlike other systems that display almost unrecognizable text (which can be difficult and time consuming for visitors to figure out), Asirra uses real photos of cats and dogs. The user will simply select all images of cats from the array presented to them on the web form, and then submit the form for authentication.

2. This is a very difficult system for spammers to break using automated methods, because the image database provided by www.petfinder.com (in partnership with Microsoft) includes at least three million photos — and is still growing, at a rate of 10,000 images per day. So even if a spammer hires humans to reconstruct the database, keeping up would be an impossible task.

This means Asirra is a very secure system. You can get more details on  Asirra’s security from this page: http://research.microsoft.com/en-us/projects/asirra/security.aspx

3. It does not use session ID. Asirra captcha is completely stateless. There is no need to create sessions just for captcha purposes, or to be concerned about the possibility of a hijacked session.

4. Asirra is very easy to integrate with PHP, and there is no need to register your website to use Asirra services. If you want to start using Asirra captcha to protect your web application/form, it is as simple as copying the code and then pasting it to your existing application with very minor tweaks.

5. Lastly, this captcha solution is free and provided by Microsoft.

This article talks about integrating this technology with PHP, particularly emphasizing its important applications: bot prevention for forms, and human person validation.

{mospagebreak title=How Asirra Works as a Captcha System}

To start, it is important that you know how Asirra works as well as its process flow in separating bots from humans. Refer to the application flow chart below:

 

 

The source code solution discussed on this tutorial assumes that you will be using one PHP file for presenting the web form and validating the form inputs as well as the captcha. This is a common setup for most PHP web form applications.

It starts by checking to see if the form has been submitted; if not, the form will be presented to the user. The form will be protected with Asirra captcha, and its server will supply images of cats and dogs which the user can see on the form (like the screen shot provided previously).

After the user fills out the form and then attempts to answer the captcha challenge, Asirra will check, using client side validation, to see if the challenge is correctly answered.

If the answer is incorrect, the error “Please correctly identify the cats” will be shown to the server, and the form is not yet processed by the web server.

If the answer is correct, PHP server side validation will start. It first validate the Asirra answer by using a ticket system. If the answer is authentic, the application shows that the user is human and not a bot, then proceeds to process the rest of the web form data.

If the answer is not correct, the application will display the error “Asirra validation failed.” So in summary, this system performs both client and server side validation in verifying the user captcha answer.

{mospagebreak title=System Requirements for Asirra Captcha System}

The following are the system requirements and PHP related functions that must be enabled to use Asirra captcha:

  • PHP version 5.3.1 (tested to work in this version, though it might work with versions below that number).
  • Apache web server (not tested in Windows server using PHP).
  • JavaScript enabled in the browser (most browsers has this turned on by default).
  • The use of PHP Globals (variable scope).
  • xml_parser_create
  • xml_set_element_handler
  • xml_set_character_data_handler
  • xml_parse
  • xml_parser_free

There is no need to worry about PHP related specifications, since most of the functions are enabled in most paid hosting accounts. If you are using a free hosting account, your hosting company might disable some of the required functions above, so the Asirra captcha function won’t work properly.

{mospagebreak title=The Client Side Script of Asirra Captcha}

The start of the code, according to the flowchart shown previously, presents the web form, and does client side validation of the Asirra captcha answer. You’ll find explanations of the code in blue font:

<html>

 

<head>

 

<title>Asirra Captcha System in PHP</title>

 

<?php

 

 

//Check if the web form has been submitted

 

if (!(isset($_POST['UserName'])))

 

{

 

 

//Form is still not submitted, display the web form to the user

 

 

?>

 

 

<!–The JavaScript function for validating the user answer–>

 

<script type="text/javascript">

 

function HumanCheckComplete(isHuman)

 

{

 

   if (isHuman)

 

   {

 

      formElt = document.getElementById("mainForm");

 

      formElt.submit();

 

   }

 

   else

 

   {

 

      alert("Please correctly identify the cats.");

 

      return false;

 

   }

 

}

 

</script>

 

</head>

 

<body>

 

<h3>

 

This form will determine if you are a HUMAN or a ROBOT.

 

</h3>

 

<p>Kindly enter the required details below.</p>

 

<form action="<?php echo $SERVER['PHP_SELF']; ?>" method="POST" id="mainForm">

 

<br>User Name: <input type="text" name="UserName">

 

<br>Favorite Food: <input type="text" name="FavoriteFood">

 

<br>

 

<!–The JavaScript code for communicating with the Asirra server and fetching images from petfinder.com. This function also allows the developer to adjust the parameters on how the images will be shown on the web page. For example; customizing the aspect ratio of the box and the manner how the zoomed or big images will be presented; whether at the top, bottom or left–>

 

<script type="text/javascript" src="//challenge.asirra.com/js/AsirraClientSide.js"></script>

 

<script type="text/javascript">

 

 

// You can control where the big version of the photos appear by

 

// changing this to top, bottom, left, or right

 

 

asirraState.SetEnlargedPosition("bottom");

 

 

// You can control the aspect ratio of the box by changing this constant

 

 

asirraState.SetCellsPerRow(6);

 

</script>

 

 

<!–The submit button has a JavaScript onclick event attached to it. So when the submit button is clicked, the Javascript function HumanCheckComplete will execute on the client browser.–>

 

<br><input type="button" value="Submit" onclick="javascript:Asirra_CheckIfHuman(HumanCheckComplete)">

 

</form>

The form should look like the screen shot below:

The Server Side Script Validation

<?php

 

}

 

else

 

 

//form is submitted, execute server side validation on Asirra catpcha

 

{

 

$inResult = 0;

 

$passed = 0;

 

function startElement($parser, $name, $attrs)

 

{

 

global $inResult;

 

$inResult = ($name=="RESULT");

 

}

 

function endElement($name)

 

{

 

global $inResult;

 

$inResult = 0;

 

}

 

function characterData($parer, $data)

 

{

 

global $inResult;

 

global $passed;

 

if ($inResult && $data == "Pass")

 

{

 

$passed = 1;

 

}

 

}

 

 

//PHP function to actually validate the captcha server side, so the first step is to get the ticket from the POST, then connect to the Asirra server using CURL.

 

//Once the response has been received, it will be used to check whether the validation succeeded or not.

 

function ValidateAsirraChallenge()

 

{

 

global $passed;

 

$AsirraServiceUrl = "http://challenge.asirra.com/cgi/Asirra";

 

$ticket = $_POST['Asirra_Ticket'];

 

$url = $AsirraServiceUrl."?action=ValidateTicket&ticket=".$ticket;

 

$ch = curl_init();

 

curl_setopt($ch, CURLOPT_URL, $url);

 

curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);

 

curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 5);

 

$resultXml = curl_exec($ch);

 

curl_close($ch);

 

$xml_parser = xml_parser_create();

 

xml_set_element_handler($xml_parser, "startElement", "endElement");

 

xml_set_character_data_handler($xml_parser, "characterData");

 

xml_parse($xml_parser, $resultXml, 1);

 

xml_parser_free($xml_parser);

 

if (!$passed)

 

{

 

die("Asirra validation failed!");

 

}

 

}

 

ValidateAsirraChallenge();

 

 

//Now that the captcha validation has been successful, process the rest of the PHP form processing script.

 

echo ‘</head>';

 

echo ‘<body>';

 

echo "<p>Hi ".htmlspecialchars($_POST['UserName'])."!  Since you read this page, you are really a human and NOT a robot!";

 

echo "And your favorite food is ".htmlspecialchars($_POST['FavoriteFood']).".";

 

echo ‘<br /><br />';

 

echo ‘You may <a href="/asirracaptchaform.php">take this again</a>.';

 

}

 

?>

 

</body>

 

</html>

 

{mospagebreak title=Complete Working Script and Implementation Technique}

You can see a fully working example here, based on the code discussed previously:

http://www.php-developer.org/asirracaptchaform.php 

You can download the complete script here: http://www.php-developer.org/wp-content/uploads/scripts/asirracaptcha.txt  

Implementation Tips

1. When you download the script at the link above, you’ll see detailed instructions for how to add the Asirra code blocks into your existing PHP web application.

2. There are around five code blocks to be added to your application. These blocks of code can be integrated as simply as performing copy and paste. No further configuration required, except for some minor tweaks on how the dog/cat images will be displayed on your form.

3. If you would like to use a much cleaner code and implement through several pages dynamically, you can further modify the script and maybe use PHP includes. In that case, however, you need to be more careful about security and the coding details.

Important note: According to Microsoft, “Asirra is still in beta testing; the service and its API may both be unstable.” And the following are some weaknesses of Asirra captcha system:

1. Currently, it contains no support for audio captcha features (useful for the blind).

2. The captcha system is still in the beta testing stage. 

[gp-comments width="770" linklove="off" ]

chat sex hikayeleri Ensest hikaye