reCAPTCHA is a useful tool to prevent automated spam signups. We discussed it in Chapter 14, Deploying, Security, and Maintenance. There are a number of advantages and disadvantages to using this — one advantage being that it helps prevent automated signups, a disadvantage being sometimes they can be difficult to read, and thus act as a barrier to sign up.
The reCAPTCHA website has a PHP library available,http://recaptcha.net/plugins/php/. We need to download this, and sign up for an API key. When we have done this, we simply need to put some code into the signup process.
On the registration page, we require the following code; this includes the library, sets the API key, and adds the reCAPTCHA HTML to the form.
require_once('lib/recaptchalib.php'); $publickey = "APIKEY"; $this->registry->getObject('template')->getPage()-> addTag('captcha', recaptcha_get_html($publickey) );
When the customer submits their registration, we need the following code to check their response to the CAPTCHA challenge was correct:
require_once('lib/recaptchalib.php'); $privatekey = "APIKEY"; $resp = recaptcha_check_answer ($privatekey, $_SERVER["REMOTE_ADDR"], $_POST["recaptcha_challenge_field"], $_POST["recaptcha_response_field"]); if (!$resp->is_valid) { // the sign up wasn't successful, store this, and display an error }