Tag Archives: email

Death to Internet Explorer 6

This morning, much like every morning, I wake, prepare for the day, walk my partner to work, get home and read through my emails and RSS subscriptions before I start my working day.

This morning I came across a post from Ryan Stemkoski about How IE 6 is Dead and a comment from that post how Ryan gets 23% and Thomas J Brown gets ~2% of IE 6 visitors. I checked out my statistics and I get 37.7% of my visitors using IE 6.

Top 6 Browsers to visit my Blog.

Top 6 Browsers to visit my Blog.

The top 6 browsers to visit my Blog are IE 5, 6 & 7, Firefox 2 & 3 and Safari.

I can’t believe that IE 6 is kicking around in such high percentages, and worse still is some IE 5 visitors! On a recent website we blocked all support for IE 6 and below, it directed to a splash page with links to download the decent major players. Generally I just let the visitor browse the site as is.

You have an Old Browser - Upgrade

You have an Old Browser - Upgrade

For the first time I loading this blog with this new theme in IE 6 and it does display well, although there is nothing fancy with the design.

http://sheldon.lendrum.co.nz In IE 6

http://sheldon.lendrum.co.nz In IE 6

In all – Why oh why?

Why do so many people use these old browsers? Because of lazy IT departments, yes, Because of illegitimate copies of Windows that stop windows updater, I bet. But surely with Safari and Firefox both being free?

Do it for us Developers and upgrade ! Please!

PHP Captcha Image Verification

This article is mostly based on my post on my business website Zipline Interactive, PHP Captcha Image Verification. For a demo refer to this link or contact me.

This CAPTCHA is a PHP script that protects websites against spam bots by dynamically generating a random string of text that humans can read but current computer programs cannot. For example, humans can read the randomized text as the one shown below, but automatic spam systems ca not read the random image text.

This CAPTCHA uses PHP, Sessions and PHP’s GD Library with PNG support.

The term CAPTCHA (for Completely Automated Turing Test To Tell Computers and Humans Apart) was coined in 2000 by Luis von Ahn, Manuel Blum, Nicholas Hopper and John Langford of Carnegie Mellon University.

< ?php
// Captcha Image Verification by Sheldon Lendrum of Zipline Interactive
// http://www.gozipline.com
// http://www.gozipline.com/52,phpcaptchaimageverification
// info@gozipline.com
// 07/08/2008

// captch.php
// DECLARE SESSION

@session_start();

// LENGTH OF CAPTCHA STRING
$length=5;
// FONT SIZE 1 (SMALLEST) - 5 (LARGEST)
$font = 5;
// POSSIBLE CHARACTERS IN CAPTCHA STRING
$possible = "23456789bcdfghjkmnpqrstvwxyz";
// PATH TO PNG BACKGROUND IMAGE
$captcha = imagecreatefrompng("./captcha.png");
$i = 0;
$g = 60;
$hash = "";
// CYCLE THROUGH LETTERS TO MAKE STRING
while ($i < $length) {
// GET RANDOM COLOURS, 0-255
// IN THIS EXAMPLE I HAVE SELECTED DARK COLOURS ONLY SO THE
// S ARE READABLE ON THE LIGHT BACKGROUND
$c1 = rand(0, 155);
$c2 = rand(0, 155);
$c3 = rand(0, 155);
$colour = imagecolorallocate($captcha, $c1, $c2, $c3);
// CHOOSE RANDOM CHARACTER
$string = substr($possible, mt_rand(0, strlen($possible)-1), 1);
// BUILD STRING TO SEND TO PROCESSING
$hash .= $string;
// WRITE STRING TO IMAGE
imagestring($captcha, $font, $g, 20, $string, $colour);
$i++;
$g = ($g + 20);
// CLEAR LETTERS TO STOP DUPLICATES
unset($string);
}
// SET ENCRYPTED CAPTCHA STRING TO A SESSION STRING
$_SESSION['spammer'] = md5($hash);
// OUTPUT CAPTCHA IMAGE
header("Content-type: image/png");
imagepng($captcha);

?>

To show your new Captcha Image in your form, simply call the ‘captcha.php’ file in your image tag as follow:

Captch Image Verification

When you process your form, you need to compare the $_POST captcha data with your Session string:

< ?php
// Captcha Image Verification by Sheldon Lendrum Zipline Interactive
// http://www.gozipline.com
// http://www.gozipline.com/52,phpcaptchaimageverification
// info@gozipline.com
// 07/08/2008

// process.php
// DECLARE SESSION

@session_start();

// $_POST['spammer'] IS THE NAME OF THE IMAGE VERIFICATION FIELD IN THE FORM.

// MAKE SURE BOTH THE FORM SPAMMER FIELD AND THE SESSION STRING ARE NOT EMPTY

if(empty($_POST['spammer']) or empty($_SESSION['spammer'])){
	// THE POST STRING OR THE SESSION STRING WAS EMPTY
	die("

The Captcha Image Verification was empty! "); }else{ // BOTH POST STRING AND SESSION STRING HAVE A VALUE. // MD5 POST STRING $postSpammer = md5($_POST['SPAMMER']); $sessionSpammer = $_SESSION['SPAMMER']; // COMPARE STRINGS if($postSpammer !== $sessionSpammer){ // THE POST STRING FROM THE FORM DID NOT MATCH THE SESSION STRING // RESET THE SESSION $_SESSION['spammer'] = NULL; die("

The Captcha Image Verification did not match. This is Case Sensitive!

"); }else{ // BOTH STRINGS MATCHED // RESET THE SESSION $_SESSION['spammer'] = NULL; // CAPTCHA IMAGE VERIFICATION PASSED, CONTINUE PROCESSING THE FORM... // ... } } ?>

Here is a PNG background image you can use.

Form Security & Spaming

I really hate spam. I’m sure every one has received some sort of unsolicited mail at some stage. I live and work on the internet and have my email plastered around, forums, sites like FaceBook, MySpace and own my own gallery/professional sites.

So last night I was helping a friend or friends friend rather, fix his Word Press, the menu wouldn’t display correctly. I some how came across that my friends Contact Form on his site was very open to attack. I develop in PHP, and I consider myself to be semi decent and mostly write strong and structured code.

So I click ‘Send’ on his form and it submitted an empty form, it did this 3 or 4 times, then prompted him over MSN (msn@inboxdesign.co.nz) that he Really should but some user verification/security on his form, Shit I even offered to help him.

To prove my point, I became the evil spammer I hate most, I wrote a real quick and dirty cURL script to would send a bunch of requested on his form, I even got a little inventive with it, and rather than submitting a bunch of empty forms, built a random array of porn sites to randomly populate the form.

It worked well, with in 2 or 3 minutes I had flooded his mail box with a vast array or lovely naked ladies.

Securing a web form is not hard and does not take long. It will save a lot of stress ad Junk in your inbox, masking the real email, that could be important, imagine missing an email of a friends baby, or a job request or just not checking your mail because you get so much junk !

In the next few days I am going to write a post of Securing a PHP Form, yeah there are thousands out there, but one more wont hurt, and may even help.

If you want to see my spam script, Email me.