Stan’s Obligatory Blog

I have a home-made CAPTCHA on my pages to keep out comment spam. It uses an image with a random character string. I noticed that once in a while, the image would be broken and have unprintable characters in it.

I finally figured this out, so I figured I should write it down for my records and just in case anyone else ever has this problem.

There is a function that makes up a random string like ‘DGQZA’, which is then run through mcrypt to turn it into garbage. This renders it as an encrypted string that may or may not be printable. So then I run it through base64encode to make it into a fully printable string so it can be passed to the image-generation script to make up the image. The problem was when the base64-encoded string had a ‘+’ or ‘/’ or such in it. These characters break the URL. So the fix was to run it through the urlencode function to render the string as something like ‘wDhn8h%2BI2hg%3D’.

Nota Bene: The act of sending the encoded string through to the image-generation script automagically decodes the special characters in the URL, so it is not necessary to send it through ‘urldecode’. In fact, doing that breaks it.

So now it works.

I think.

If anyone notices it behaving badly, please let me know.

I was reading Digg today at lunch, and they had an article about another method of stopping bandwidth theft by hotlinking:

www.thesitewizard.com/archive/bandwidththeft.shtml

So I went and implemented this in my blog photos and also in my photo albums. Take that, myspace.com.

Here are the most popular photos with the hotlinkers:

1134.org/blog/images2005/IMG_0667a.jpg
1134.org/gallery/albums/random/ace.sized.jpg
1134.org/blog/images2005/IMG_0453a.jpg

All together, these three photos account for 2.6% of my total bandwidth for the month. Hmm. Maybe this isn’t as big a deal as I thought. Still, it’s annoying.