pureMango.co.uk
there's nothing about mangos or purity. It's just a name..
freeCap support
First of all, make sure you're using the latest version.
To be emailed when (and only when) a new version becomes available, send an email to the address listed on the homepage.
Many thanks to everyone who has contributed fixes and tips :-)
Common Problems
In the format: "last affected version - problem":
any - How do I integrate freeCap with xyz application?
See the main PHP CAPTCHA page - there are plugins for mambo/joomla, plugins for phpBB, a wiki with CAPTCHA, a blog with CAPTCHA and other implementations of freecap linked there.
any - Where are the installation instructions?
There are none. A future version will include examples and instructions. For the moment, some experience with PHP is required, but see the question about getting it to send email, below.
1.4.1 - The image doesn't display, or
1.4.1 - There are NOTICE errors displayed
add the following line to the top of all php files:
error_reporting(E_ALL ^ E_NOTICE);
This will be fixed in the next version
1.4.1 - How do I get it to send email?, or
1.4.1 - In the filename I put in the Header line, how do I see the form fields?
At the moment, it's just a CAPTCHA script; i.e. it won't fully integrate with your existing form without a little work on your part.
A future version will include several example scripts, but for the moment, on about line 54, where it says
// now process form
just put
include("xxx.php");
exit();
where xxx.php is the file that your old form used to submit to, eg mail.php
1.4.1 - Where are the fonts/images?
For security, they begin with a '.', which means that Apache won't allow people to view them directly. Unfortunately, Windows also sees files beginning with a dot as hidden. Make sure that you're set up to see hidden files in windows explorer (your file browser); go to the 'Tools' menu, then 'Folder Options', click the 'View' tab and make sure "Show hidden files and folders" has a check mark next to it. Press OK and you should see all the fonts and images appear on your local machine - now you can upload them. (thanks to David for that tip)
Some FTP clients, including Dreamweaver's, don't 'see' files beginning with '.' - try a different FTP client (like WS_FTP LE). You should be able to see ".ht_freecap_font1.gdf", ".ht_freecap_font2.gdf" and so on in your freecap directory.
1.4.1 - All I get is a blank image, or
1.4.1 - I get an error about "fopen(./.ht_freecap_font1.gdf):"
Make sure that you have uploaded the fonts (see above), and the dictionary file, if you have, try changing freecap's config to use a randomly generated CAPTCHA; if it works after that, make sure the permissions on .ht_freecap_words are set to 700.
If it still doesn't work, see the answer below, and if that doesn't apply, contact me.
1.4.1 - All I get is a blank image - part two
If you're not using an intel processor (in other words your server is not Linux or Windows, it is mac, sparc, aix, motorola, etc), then I'm afraid this is a bastard problem from hell for which I have no fix yet.
GD fonts are architecture-dependant, which means that for your big-endian processors I need to produce special font files.
Try to get hold of some big-endian GD fonts and *PLEASE* let me know if you find some. I'm sorry but I don't have the resources to fix this. If you manage to get freeCap working on your processor please let me know so I can publish your findings and help other big-endians.
The only workaround I can suggest is to either:
-find big-endian GD fonts
-hex edit the included fonts and send me copies
-use an older version of freeCap that didn't use GD fonts and hack in the security updates from earlier versions (bad idea)
-use a different CAPTCHA system :-(
any - What does 'service no longer available' mean?
freeCap has built-in brute force detection; this message is shown once a user has tried more than a reasonable amount of times to enter the text. As with almost all freeCap features, this is user-definable; to disable this feature, set $max_attempts to something massive like 999999999999999.
A future version will provide a less hacky way of disabling this feature.
any - Fatal error: Call to undefined function: imagecreate() or image_anything()
You must have GD installed in order to use freeCap
1.4 - The image never changes
Upgrade to 1.4.1, or upgrade your PHP version.
This is because older PHP versions do not initialise the Random Number Generator automatically.
any - How can I make the image more readable?
freeCap is designed to be as customisable as possible. There are several variables you can change to make the text more readable:
-Change the bg_type to 0, 1 or 2
-Reduce the chunk factor
-Use more readable fonts
-Alter the fade factor
But bear in mind that increased human readability means decreased OCR-resistance. On the other hand, a CAPTCHA is more often simply a deterrent and the actual theoretical security matter little.
any - What can you do about accessibility issues?
Nothing, but see below.
any - Is there an audio CAPTCHA?
No. Firstly, it'd be bloody hard to code in PHP. Secondly, it's bloody hard to make it secure - see this eye-opening page about cracking voice captcha for more info.
My suggestion for accessibility is to allow people to enter their details without passing the CAPTCHA, but send non-captcha'ed submittals to a 'pending' queue for manual review. It's a much much simpler solution that still leaves the site accessible.
Add your questions below. I will not respond via email, so check back here for a response, or email me for an email response.
Once resolved, I remove comments from here - if your comment is gone, it's been resolved - look above. Thanks for contributing.
Please only add support questions here. For general comments, use this page.
User Comments:Who:
When: December 4th, 2006
Says: It works good besides I can't implement it with my old form mail. It will redirect but wont pick up the value of the fields. Is there an alternative to get the form mail working with captcha?
---
from u24:
please email me the code you're trying to integrate freecap with
Who:
When: December 18th, 2006
Says: Hello.
I am having trouble integrating FreeCap with contact.php in OsCommerce.
I can get the image to show and change just fine, but the session is somehow not transfered to and from freecap.php.
This prevents validating the image, and I wonder if you have some pointers for me.
The 'word' is registered in the session, but none of the hash variables makes it back. It looks like the freecap.php has its own session as it maintains the variables locally. I have tried outputting them using the image tag and they are all present there. None of them make it back to the main script though.
Thank you in advance.
Cheers,
Andreas
Who: u24
When: December 20th, 2006
Says: does contact.php include a "session_start()" line?
Who:
When: December 24th, 2006
Says: Andreas,
I had the same problem with another app. Check where OSCommerce saves the sessions and what the sessionid is. In my case, I had changed the sessionid so that FreeCap and the app had the same id, but session were not sharing. Turns out sessions in the app were stored in mySQL, while FreeCap uses whatever the PHP default is, which is this case was flat files saved to /tmp.
Modifying FreeCap so that it would save to the DB was as simple as including some of the apps include files, but you may have to hack it more for it work right.
HTH,
Chris.
---
from u24:
thanks for sharing this.
Who:
When: December 26th, 2006
Says: Sweet. Thanks for the help so far.
OSCommerce does indeed store the session in MySQL by default. I will look into this armed with this info.
I will let you know how it turns out after digging through some of the include files where the sessions are created.
Cheers,
Andreas
---
from u24:
let me know how you get on - if you send me any changes to the code, we can help other osCommercers :-)
Who: Teriel9
When: January 12th, 2007
Says: Can this be integrated into FrontPage 2003 please?
---
from u24:
probably can be, but I don't have the right software to do it.
Who: (unknown)
When: January 17th, 2007
Says: I've been pulling my hair out over this for 5 straight hours.
I was getting the problems with line 174 in freecap.php (I don't know how or where to turn debug on or off... )
I followed the fix listed above and it did clear up 99% of all of the error messages listed when I ran the freecap.php script.
However, I have one error still showing on the page when I try to run it:
"Parse error: parse error, unexpected T_VARIABLE in C:wwwwormboardfreecapfreecap.php on line 174 "
Any help would be appreciated. I'm under heavy attack from porn spammers. :(
---
from u24:
never seen that error before, and I can't see anything wrong on 174 - try downloading the script again.
add the following to the top of freecap.php:
error_reporting(E_ALL ^ E_NOTICE);
Who:
When: January 25th, 2007
Says: For the life of me I can't get the image to display. No errors... just no image. I copied over your 2 source files unaltered (except for the path pointing to freecap.php) but still a blank image. error_reporting(E_ALL ^ E_NOTICE); returns nothing.
Suggestions?
--- from u24:
sorry it took me so long to respond; have a look at the "Where are the fonts/images" and "All I get is a blank image" answers, above.
Who:
When: February 5th, 2007
Says: Hi,
Looks like an excellent script.
I need to add freecap to my existing forms, which demand certain form variables. How do I include these in the FreeCap form. For example my form requires the following line:
Freecap's tag is very different. What do I need to do to be able to send my form info on to my form processor, using my 'Form' details as shown above?
Thanks,
Guy
---
from u24:
you can keep all the hidden fields, but your form seems to be submittin a CGI script, not a PHP script - freecap will only work within a PHP environment. You could write an intermediary script to submit the form to, which checked the captcha and passed the relevant variables to the CGI.
Who:
When: February 13th, 2007
Says: I installed freecap on 2 forums i own. www.irishkendofederation.org/phpbb2/index.php and www.drop-d.ie/phpbb2/index.php
both were freshinstalled and patched to the latest php version. I did not change any of the details in either and installed freecap onto both identically.
Thing is the kendo site can use freecap fine, but drop-d site cannot... when you type in the correct word it fails to recognise it....
I believe this is a problem with sessions as when i fiddled and found that when you submit the "word" does not come from the freecap.php in fact the string is null...
ANy help with this would be greatly appreciated as before i wiped drop-d i was getting bout 50 spam regristrations per day.
---
from u24:
that's weird.
I've run it on windows servers of various types, so there's no reason it shouldn't run. um...
do sessions normally work? yes, of course they do, phpBB is installed.. um.. I really don't know why that should be a problem...
Who:
When: February 13th, 2007
Says: oops forgot to say, the kendo site is run on a linux server and drop-d is run on a windows server
Who:
When: March 15th, 2007
Says: Trying to use captcha, it looks right, and it generates the words correctly, but no matter what I type in word text box. It sees it as incorrect.
I'm trying to use. . .
if($word_ok!==false)
{
if($word_ok=="yes")
{
echo "OK";
} else {
echo "Please try entering word again!";
echo " click here to go back";
exit;
}
}
---
from u24:
try this:
echo "[".$word_ok."]";
at the top, to see if that's the problem.
try echo-ing the $_POST'ed word to make sure it's picking it up ok.
basically, echo variables out at every stage in the checking process, to see where the error lies. email me the code if you get stuck.
Who:
When: March 22nd, 2007
Says: I have fully installed freecap, the captcha shows up in the registary page with random dictionary words each time. But I have tested it and I always get "The confirmation code you entered was incorrect".
Try it yourself here http://www.spoilscircuit.com/forum/profile.php?mode=register
I cannot figure why the if I enter the exact code displayed it still says that it is incorrect.
---
from u24:
are you using the phpBB plugin or are you trying to integrate it from scratch? If you're not using the plugin, I suggest you try it. Otherwise, make sure sessions are working, and make sure that when you compare the word with the stored has, that you are looking at $_POST['captcha'], and that you're hashing it.
Who: jellybeanybearhug
When: March 22nd, 2007
Says: I'm not aware of a phpBB plugin for freecap, I guess I am integrating it. I used this guide.
http://www.matthewleverton.com/howto/phpBB2-captcha.html
I can only assume its being hashed, I tried both "sha1" and "crc32" and still get the same results.
The $_POST['captcha'] code you mention looks the same as the one I put into the usercp_register.php
Who: jellybeanbearhug
When: March 22nd, 2007
Says: I posted some info on the phpbb boards.
http://www.phpbb.com/community/viewtopic.php?f=15&t=266787&p=2901277#p2901277
I'm froto, maybe you can see whats wrong by the settings there. Also I dont know where to get the freecap plugin, I cant find it at phpbb.com
---
from u24:
I should have posted a link here - there's a link on freecap's main page, or go here:
http://www.phpbb.com/community/viewtopic.php?t=344831
Try that first, and then come back if it still doesn't work :-) Hope you get it sorted.
Who: jellybeanbearhug
When: March 25th, 2007
Says: It worked using the mod. Thanks
---
from u24:
glad to hear it. :-)
I've removed your email address from the post above, as it's no longer needed.
Who: ??
When: April 16th, 2007
Says: your captcha looks great. the freecap_wrap.php works on my server just fine. i inserted into a form. the captcha is there, but it passes everything and doesn't fail any words. i really know very little. i am a guess, cut and paste programer. I don't know what hashing is. I hope you can explain what is missing at a very elementary level. example: http://www.theconnect.com/freecap1.4.1/billtest2.php
---
from u24:
make sure your form has the following line:
session_start()
and that the test for $_POST['word'] is in your form just as it is in freecap_wrap
Who: EarlyWarning
When: April 24th, 2007
Says: Hello - I love this product and use it with all our code. Is there a version that can be purchased that will not display the -
'freeCap v1.4 - puremango.co.uk'?
---
from u24:
I'm glad you like it :-)
and I'm such a nice guy that I don't even charge people to get rid of that message; just search for "$tag" in freecap.php and replace the message with whatever you like.
If you'd like to donate some funds using paypal, I'd appreciate that - the button's on your right :D
cheers,
-h.
Who: Shudogg
When: April 28th, 2007
Says: it works great so far. XRumer is a good spamming software that has been able to get past any security I have implemented. Setup freecap and XRumer is stumped!!! FreeCAP Works!!! I highly suggest doing unique things like fonts, backgrounds and such to make the security last longer!
---
from u24:
thanks for sharing your success story :-)
I removed your other comment, as that's just a feature of PHP in general.
Who: HWL
When: April 29th, 2007
Says: I am a novice (not a PHP student), but I assume that Frontpage breaks the ability to upload the "." files thru any method like FP or FTP. I get critical file xfer errors.
Also, even when I try to launch a form from my desktop IE, I still get a "red x".
Wish I could get this working.....
tried adding the error_reporting(E_ALL ^ E_NOTICE); too put no go.
---
from u24:
yes, the "." problem will be solved in the next version; try downloading a different FTP client such as WS_FTP
Who:
When: April 30th, 2007
Says: How do I change the font files to something a little more professional?
---
from u24:
there are a few GD font libraries online, or you can create your own using my GD fontmaker program; see the web projects section.
What do you mean by "more professional", though? If you give me some feedback, I can incorporate that into the next version.
Who:
When: April 30th, 2007
Says: I have installed this on phpbb, and the installation was a breeze. However, everytime I test the captcha from the registration, it gives me this:
The word you entered did not match the image.
The confirmation code you entered was incorrect
---
from u24:
did you use the phpBB captcha plugin, or did you install it manually?
the phpBB plugin is linked from freecap's main page, and has it's own support page in the phpBB forums.
If you installed it manually, I suggest you use the plugin, and if you used the plugin, I would ask the developers of the plugin - I'm not directly involved with that project.
thanks for using freecap, in either case :-)
Who: grant
When: May 5th, 2007
Says: having trouble integrating it with existing script are you able to help?
---
from u24:
If you tell me exactly what kind of trouble, then I'll try to help you fix it.
If you're asking me to be a free contractor, then no.
Who: Melissa
When: May 10th, 2007
Says: So, I have been using the freecap for quite some time now, and it works great with my guestbook! However, I recently wanted to add it to my mail form because I have been getting lots of spam lately, However, when I tried to implement it, I had lots of problems, and now the mail still gets sent even if you don't put a word in. Any suggestions? I tried reading the thing above, but my mail form doesn't bring you to a new page when you submit, so I wouldn't know how to implement the code above, plus I don't know a whole lot about php to beable to change the code a lot..
The site is http://eternal-ka.net/contact.php
My e-mail is: lulusoccer@gmail.com
if anybody has any suggestions! Thanks!
----
from u24:
if you email me the code, I'll take a look and see what I can do.
Nice artwork on your homepage by the way.
Who:
When: May 24th, 2007
Says: My "include" processing file, (around line 54, per FAQ above) is a PERL file in a cgi-enabled directory. It doesn't seem to work with freecap_wrap.php style of wrapper when used as an "include".
Any hints?
Thanks!
---
from u24:
No, it won't work with perl. You'll either need to rewrite the processor in PHP or use a perl captcha.
I'm sure there is a way to get freecap_wrap to call the perl script, and I imagine it would involve faking a http post request to the perl script
You see, freecap_wrap won't work with perl via an include() because include just grabs the local file; i.e. the raw source code and tries to process that according to the PHP processor - so with your include, freecap_wrap is trying to execute the perl script as if it was PHP.
What you'd need to do is work out a unix command that would result in your perl being run (eg "/usr/bin/perl /home/sites/cgi-bin/processform.pl" or something like that) and then in freecap_wrap, instead of include(), try exec("the command to run perl").
I'm still not sure if that would work though, because perl might not (almost certainly wouldn't, thinking about it) have access to the POSTed variables, so what you'd need to do in that case would be to get the PHP to fake a POST request to you perl script, forwarding the variables from your form. If you want to give that a shot, my headerspoof code (in the "web projects" section) will be helpful.
But if you don't fancy hacking away at some arcane system that you'll forget how it works in 6 months, my real advice would be: recode your perl in PHP, or find a perl captcha.
Who:
When: May 25th, 2007
Says: Thanks for the help, I was afraid that was the case. Pity.
BTW, I really like your photos in the image gallery - you've got a knack!
Thanks again!
---
from u24:
thanks :D and sorry I couldn't give you better news.
Who:
When: June 21st, 2007
Says: Love the script, but there was one problem I ran into. You open the script with
Who:
When: June 21st, 2007
Says: ...To continue, since it axed the text:
You open with GREATER THAN ? (not GREATER THAN ? php)--if that hackneyed response makes sense, which caused it to not function at all on my server.
This is due to a PHP directive, short_open_tag. Some hosts disable this directive, and the php.ini file itself mentions this.
In a future version, can you change the script to use
Who:
When: September 16th, 2007
Says: I have implemented freeCap as part of a simple website management system I've written. I'm using the system on small websites I design, and I released it open source.
See SOSWebpages.com
And yes, I left puremango.co.uk.
---
from u24:
thankyou, I'll add you to the list :=)
Who:
When: November 21st, 2007
Says: Had 1.41 working just fine, then updated the php from 4.3 to 5.1.6
*kapow*
I had to change all of the imagefunctioncalls to lower case in freecap.php (except for your defined ones of course), but the error message I am left with is on line 173 where you are reading in the font width.
Any ideas? I am using a LAMP server CentOS based with selinux.
Paul
---
from u24:
yep, PHP5 is not very well supported I'm afraid.
This issue might be something to do with the font files themselves; because they're architecture-dependant. Try using different font files? (Or hardcode the font width)
Who:
When: November 22nd, 2007
Says: Further info: Works just fine after I discovered that my upgraded php did not include gd.
After installing the php-gd module, it works just fine!
The imagefunctioncalls case and the fread() were red herrings due to the gd support (or lack thereof) in my php 5.1.6 install.
It even works without expanding the short php tags.
Now I can upgrade my live site with few worries.
Thanks again for a great script. I particularly like the option of the custom dictionary - I fill mine with ham radio terms
Who:
When: December 27th, 2007
Says: It works good besides I can't implement it with my old form. It will redirect but wont pick up the value of the fields. Is there an alternative to get the form working with captcha?
---
from u24:
you'll need to copy your old form fields into the example form, and copy the old processing code into the freecap page.
Who:
When: February 11th, 2008
Says: I'm trying to get freecap to work with a CMS called phpwebsite. On a linux server, no problems, at least not on freecap's end. On IIS, the image will not display at all.
Does freecap work with IIS?
when i try a test by just going directly to the freecap.php file, on linux i see an image, on IIS i get a lot of this:
6 chars in length really. $width = ($max_word_length*(array_sum($font_widths)/sizeof($font_widths))+75); $height = 90; $im = ImageCreate($width, $height); $im2 = ImageCreate($width, $height); ////////////////////////////////////////////////////// ////// Avoid Brute Force Attacks: ////////////////////////////////////////////////////// if(empty($_SESSION['freecap_attempts'])) { $_SESSION['freecap_attempts'] = 1; }
about a page of that.
running php 5.2.4
GD version is 2.0.34
Who: jt
When: February 13th, 2008
Says: OK I am a stinking worthless moron. I put in the phpBB MOD files exactly as in the instructions. CAPTCHA is a red X. So I figured out that I needed to install freecap IN ADDITION TO THE MOD, so I put the files in the same folder (red hat and apache machine) as the MOD. Still a red x.
GD and ZLIB are both present in PHP 4.4.7, so it is obviously that I am supposed to ***know*** exactly where everything should go even though I am a total complete novice who wants to keep the porn site ads off a Christian BBS.
But these things do not work and it is obviously not getting to freecap.php.
Where EXACTLY should freecap.php and the other freecap install files be placed? Should they be in the includes/freecap folder with the MOD? Should they be in a freecap folder?
Just where EXACTLY should everything be?
Who: jt
When: February 19th, 2008
Says: Ignore my previous. When I dropped the MOD linked in this site and went with the fix HERE:
http://www.matthewleverton.com/howto/phpBB2-captcha.html
I solved my problem and the spam registrations at the site went from 50+ per day to ABSOLUTE ZERO! I know the site owner gave you money for this, and I am thrilled to leave in the promo as well.
Thanks!!!!! :)
Who: j [.] k [.]
When: February 26th, 2008
Says: Thanks a lot! Works like a charm.
If anyone is wondering how not to show the captcha to the registered users in phpbb, you can put the code in profile_add_body.tpl between switch_user_logged_out tags:
..captcha code goes here..
Thnx again!
Who: j [.] k [.]
When: February 26th, 2008
Says: err...
the tags dissappeared in my previous post:
< ! - - BEGIN switch_user_logged_out - - >
..captcha code goes here..
< ! - - END switch_user_logged_out - - >
I hope you get the idea :)
Who: zeromind
When: March 7th, 2008
Says: i try your DEMO in my comp using wamp server with php5.2.5 and gd2
the image is work nice and good but the problem is when i enter the word that show in image the result always not right.
i think something in session is not working i try to echo the $_SESSION['freecap_word_hash'] but its always empty
i try to use freecap on my form and it exactly act the same. the image is shown perfectly but the validation is not working. the same like your DEMO. But my other php script that using session is workin well.
do you have any clue what is happen. is it something wrong with my php config or is the problem on the freecap.
any suggestion pls.
overall your freecap is very great. your imaging code is very good.
thx
Who:
When: March 8th, 2008
Says: it is not working with the new wampserver for some reason? it was working with the old version
Add your comments:* denotes a required field.
Your email address will be converted to an image to prevent spambots picking it up.
