includes/captcha/engine_freecap.php
author Dan
Mon, 03 Aug 2009 02:58:43 -0400
changeset 1071 f374801eb775
parent 558 fd082123f2f4
child 1227 bdac73ed481e
permissions -rw-r--r--
Sessions: fixed logout() destroying normal session (instead of elevated) if $level = USER_LEVEL_CHPREF. Possible very minor security concern: elevated sessions were not fully destroyed, so if a normal session is opened from the same IP, the elevated one may be reusable for 15 minutes.

<?php
/************************************************************\
*
*		freeCap v1.4.1 Copyright 2005 Howard Yeend
*		www.puremango.co.uk
*
*    This file is part of freeCap.
*
*    freeCap is free software; you can redistribute it and/or modify
*    it under the terms of the GNU General Public License as published by
*    the Free Software Foundation; either version 2 of the License, or
*    (at your option) any later version.
*
*    freeCap is distributed in the hope that it will be useful,
*    but WITHOUT ANY WARRANTY; without even the implied warranty of
*    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
*    GNU General Public License for more details.
*
*    You should have received a copy of the GNU General Public License
*    along with freeCap; if not, write to the Free Software
*    Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
*
*
\************************************************************/

/**
 * A port of the freeCap captcha engine to Enano.
 */

class captcha_engine_freecap extends captcha_base
{
  
  var $site_tags = array();
  var $tag_pos = 0;
  var $rand_func = "mt_rand";
  var $seed_func = "mt_srand";
  var $hash_func = "sha1";
  var $output = "png";
  var $use_dict = false;
  var $dict_location = "";
  var $max_word_length = 7;
  var $col_type = 1;
  var $max_attempts = 20;
  var $font_locations = Array();
  var $bg_type = 3;
  var $blur_bg = false;
  var $bg_images = Array();
  var $merge_type = 0;
  var $morph_bg = true;
  var $im, $im2, $im3;
  var $font_size = 36;
  var $debug = false;
  
  function __construct($s, $r = false)
  {
    parent::__construct($s, $r);
    
    // try to avoid the 'free p*rn' method of CAPTCHA circumvention
    // see en.wikipedia.org/wiki/CAPTCHA for more info
    // $this->site_tags[0] = "To avoid spam, please do NOT enter the text if";
    // $this->site_tags[1] = "this site is not puremango.co.uk";
    // or more simply:
    // $site_tags[0] = "for use only on puremango.co.uk";
    // reword or add lines as you please
    // or if you don't want any text:
    $this->site_tags = array();
    
    // where to write the above:
    // 0=top
    // 1=bottom
    // 2=both
    $this->tag_pos = 1;
    
    // functions to call for random number generation
    // mt_rand produces 'better' random numbers
    // but if your server doesn't support it, it's fine to use rand instead
    $this->rand_func = "mt_rand";
    $this->seed_func = "mt_srand";
    
    // which type of hash to use?
    // possible values: "sha1", "md5", "crc32"
    // sha1 supported by PHP4.3.0+
    // md5 supported by PHP3+
    // crc32 supported by PHP4.0.1+
    $this->hash_func = $this->session_fetch('hash_func', 'sha1');
    // store in session so can validate in form processor
    
    // image type:
    // possible values: "jpg", "png", "gif"
    // jpg doesn't support transparency (transparent bg option ends up white)
    // png isn't supported by old browsers (see http://www.libpng.org/pub/png/pngstatus.html)
    // gif may not be supported by your GD Lib.
    $this->output = "png";
    
    // 0=generate pseudo-random string, true=use dictionary
    // dictionary is easier to recognise
    // - both for humans and computers, so use random string if you're paranoid.
    $this->use_dict = false;
    // if your server is NOT set up to deny web access to files beginning ".ht"
    // then you should ensure the dictionary file is kept outside the web directory
    // eg: if www.foo.com/index.html points to c:\website\www\index.html
    // then the dictionary should be placed in c:\website\dict.txt
    // test your server's config by trying to access the dictionary through a web browser
    // you should NOT be able to view the contents.
    // can leave this blank if not using dictionary
    $this->dict_location = ENANO_ROOT . "/includes/captcha/dicts/default.php";
    
    // used to calculate image width, and for non-dictionary word generation
    $this->max_word_length = 7;
    
    // text colour
    // 0=one random colour for all letters
    // 1=different random colour for each letter
    $this->col_type = 1;
    
    // maximum times a user can refresh the image
    // on a 6500 word dictionary, I think 15-50 is enough to not annoy users and make BF unfeasble.
    // further notes re: BF attacks in "avoid brute force attacks" section, below
    // on the other hand, those attempting OCR will find the ability to request new images
    // very useful; if they can't crack one, just grab an easier target...
    // for the ultra-paranoid, setting it to <5 will still work for most users
    $this->max_attempts = 20;
    
    // list of fonts to use
    // font size should be around 35 pixels wide for each character.
    // you can use my GD fontmaker script at www.puremango.co.uk to create your own fonts
    // There are other programs to can create GD fonts, but my script allows a greater
    // degree of control over exactly how wide each character is, and is therefore
    // recommended for 'special' uses. For normal use of GD fonts,
    // the GDFontGenerator @ http://www.philiplb.de is excellent for convering ttf to GD
    
    // the fonts included with freeCap *only* include lowercase alphabetic characters
    // so are not suitable for most other uses
    // to increase security, you really should add other fonts
    $this->font_locations = Array(
        //ENANO_ROOT . "/includes/captcha/fonts/assimila.ttf",
        //ENANO_ROOT . "/includes/captcha/fonts/elephant.ttf",
        //ENANO_ROOT . "/includes/captcha/fonts/swash_normal.ttf",
        //ENANO_ROOT . "/includes/captcha/fonts/.ttf",
        //ENANO_ROOT . "/includes/captcha/fonts/trekker_regular.ttf"
        ENANO_ROOT . "/includes/captcha/fonts/FreeMonoBold.ttf",
        ENANO_ROOT . "/includes/captcha/fonts/FreeSerifBold.ttf",
        ENANO_ROOT . "/includes/captcha/fonts/LiberationSans-Bold.ttf",
      );
    
    // background:
    // 0=transparent (if jpg, white)
    // 1=white bg with grid
    // 2=white bg with squiggles
    // 3=morphed image blocks
    // 'random' background from v1.3 didn't provide any extra security (according to 2 independent experts)
    // many thanks to http://ocr-research.org.ua and http://sam.zoy.org/pwntcha/ for testing
    // for jpgs, 'transparent' is white
    $this->bg_type = 3;
    // should we blur the background? (looks nicer, makes text easier to read, takes longer)
    $this->blur_bg = false;
    
    // for bg_type 3, which images should we use?
    // if you add your own, make sure they're fairly 'busy' images (ie a lot of shapes in them)
    $this->bg_images = Array(
        ENANO_ROOT . "/includes/captcha/pics/freecap_im1.jpg",
        ENANO_ROOT . "/includes/captcha/pics/freecap_im2.jpg",
        ENANO_ROOT . "/includes/captcha/pics/freecap_im3.jpg",
        ENANO_ROOT . "/includes/captcha/pics/freecap_im4.jpg",
        ENANO_ROOT . "/includes/captcha/pics/allyourbase.jpg"
      );
    
    // for non-transparent backgrounds only:
    // if 0, merges CAPTCHA with bg
    // if 1, write CAPTCHA over bg
    $this->merge_type = 0;
    // should we morph the bg? (recommend yes, but takes a little longer to compute)
    $this->morph_bg = true;
    
    // you shouldn't need to edit anything below this, but it's extensively commented if you do want to play
    // have fun, and email me with ideas, or improvements to the code (very interested in speed improvements)
    // hope this script saves some spam :-)
  }
  
  //////////////////////////////////////////////////////
  ////// Functions:
  //////////////////////////////////////////////////////
  function make_seed() {
  // from http://php.net/srand
      list($usec, $sec) = explode(' ', microtime());
      return (float) $sec + ((float) $usec * 100000);
  }
  
  function rand_color() {
    $rf =& $this->rand_func;
    if($this->bg_type==3)
    {
      // needs darker colour..
      return $rf(10,100);
    } else {
      return $rf(60,170);
    }
  }
  
  function myImageBlur($im)
  {
    // w00t. my very own blur function
    // in GD2, there's a gaussian blur function. bunch of bloody show-offs... :-)
  
    $width = imagesx($im);
    $height = imagesy($im);
  
    $temp_im = ImageCreateTrueColor($width,$height);
    $bg = ImageColorAllocate($temp_im,150,150,150);
  
    // preserves transparency if in orig image
    ImageColorTransparent($temp_im,$bg);
  
    // fill bg
    ImageFill($temp_im,0,0,$bg);
  
    // anything higher than 3 makes it totally unreadable
    // might be useful in a 'real' blur function, though (ie blurring pictures not text)
    $distance = 1;
    // use $distance=30 to have multiple copies of the word. not sure if this is useful.
  
    // blur by merging with itself at different x/y offsets:
    ImageCopyMerge($temp_im, $im, 0, 0, 0, $distance, $width, $height-$distance, 70);
    ImageCopyMerge($im, $temp_im, 0, 0, $distance, 0, $width-$distance, $height, 70);
    ImageCopyMerge($temp_im, $im, 0, $distance, 0, 0, $width, $height, 70);
    ImageCopyMerge($im, $temp_im, $distance, 0, 0, 0, $width, $height, 70);
    // remove temp image
    ImageDestroy($temp_im);
  
    return $im;
  }
  
  function sendImage($pic)
  {
    // output image with appropriate headers
    global $output,$im,$im2,$im3;
    // ENANO - obfuscation technique disabled
    // (this is for ethical reasons - ask dan at enanocms.org for information on why)
    // Basically it outputs an X-Captcha header showing freeCap version, etc. Unnecessary
    // header(base64_decode("WC1DYXB0Y2hhOiBmcmVlQ2FwIDEuNCAtIHd3dy5wdXJlbWFuZ28uY28udWs="));
    
    if ( $this->debug )
    {
      $x = imagesx($pic) - 70;
      $y = imagesy($pic) - 20;
      
      $code = $this->get_code();
      $red = ImageColorAllocateAlpha($pic, 0xAA, 0, 0, 72);
      ImageString($pic, 5, $x, $y, $code, $red);
      ImageString($pic, 5, 5, $y, "[debug mode]", $red);
    }
    
    switch($this->output)
    {
      // add other cases as desired
      case "jpg":
        header("Content-Type: image/jpeg");
        ImageJPEG($pic);
        break;
      case "gif":
        header("Content-Type: image/gif");
        ImageGIF($pic);
        break;
      case "png":
      default:
        header("Content-Type: image/png");
        ImagePNG($pic);
        break;
    }
  
    // kill GD images (removes from memory)
    ImageDestroy($this->im);
    ImageDestroy($this->im2);
    ImageDestroy($pic);
    if(!empty($this->im3))
    {
      ImageDestroy($this->im3);
    }
    exit();
  }
  
  function make_image()
  {
    //////////////////////////////////////////////////////
    ////// Create Images + initialise a few things
    //////////////////////////////////////////////////////
    
    // seed random number generator
    // PHP 4.2.0+ doesn't need this, but lower versions will
    $this->seed_func($this->make_seed());
    
    // how faded should the bg be? (100=totally gone, 0=bright as the day)
    // to test how much protection the bg noise gives, take a screenshot of the freeCap image
    // and take it into a photo editor. play with contrast and brightness.
    // If you can remove most of the bg, then it's not a good enough percentage
    switch($this->bg_type)
    {
      case 0:
        break;
      case 1:
      case 2:
        $bg_fade_pct = 65;
        break;
      case 3:
        $bg_fade_pct = 50;
        break;
    }
    // slightly randomise the bg fade
    $bg_fade_pct += $this->rand_func(-2,2);
    
    // read each font and get font character widths
    // $font_widths = Array();
    // for($i=0 ; $i<sizeof($this->font_locations) ; $i++)
    // {
    //   $handle = fopen($this->font_locations[$i],"r");
    //   // read header of GD font, up to char width
    //   $c_wid = fread($handle,15);
    //   $font_widths[$i] = ord($c_wid{8})+ord($c_wid{9})+ord($c_wid{10})+ord($c_wid{11});
    //   fclose($handle);
    // }
    
    // modify image width depending on maximum possible length of word
    // you shouldn't need to use words > 6 chars in length really.
    $width = ($this->max_word_length*($this->font_size+10)+75);
    $height = 90;
    
    $this->im = ImageCreateTrueColor($width, $height);
    $this->im2 = ImageCreateTrueColor($width, $height);
    
    ////////////////////////////////////////////////////////
    // GENERATE IMAGE                                     //
    ////////////////////////////////////////////////////////
    
    $word = $this->get_code();
    
    // save hash of word for comparison
    // using hash so that if there's an insecurity elsewhere (eg on the form processor),
    // an attacker could only get the hash
    // also, shared servers usually give all users access to the session files
    // echo `ls /tmp`; and echo `more /tmp/someone_elses_session_file`; usually work
    // so even if your site is 100% secure, someone else's site on your server might not be
    // hence, even if attackers can read the session file, they can't get the freeCap word
    // (though most hashes are easy to brute force for simple strings)
    
    //////////////////////////////////////////////////////
    ////// Fill BGs and Allocate Colours:
    //////////////////////////////////////////////////////
    
    // set tag colour
    // have to do this before any distortion
    // (otherwise colour allocation fails when bg type is 1)
    $tag_col = ImageColorAllocate($this->im,10,10,10);
    $site_tag_col2 = ImageColorAllocate($this->im2,0,0,0);
    
    // set debug colours (text colours are set later)
    $debug = ImageColorAllocate($this->im, 255, 0, 0);
    $debug2 = ImageColorAllocate($this->im2, 255, 0, 0);
    
    // set background colour (can change to any colour not in possible $text_col range)
    // it doesn't matter as it'll be transparent or coloured over.
    // if you're using bg_type 3, you might want to try to ensure that the color chosen
    // below doesn't appear too much in any of your background images.
    $bg = ImageColorAllocate($this->im, 254, 254, 254);
    $bg2 = ImageColorAllocate($this->im2, 254, 254, 254);
    
    // set transparencies
    ImageColorTransparent($this->im,$bg);
    // im2 transparent to allow characters to overlap slightly while morphing
    ImageColorTransparent($this->im2,$bg2);
    
    // fill backgrounds
    ImageFill($this->im,0,0,$bg);
    ImageFill($this->im2,0,0,$bg2);
    
    if($this->bg_type!=0)
    {
      // generate noisy background, to be merged with CAPTCHA later
      // any suggestions on how best to do this much appreciated
      // sample code would be even better!
      // I'm not an OCR expert (hell, I'm not even an image expert; puremango.co.uk was designed in MsPaint)
      // so the noise models are based around my -guesswork- as to what would make it hard for an OCR prog
      // ideally, the character obfuscation would be strong enough not to need additional background noise
      // in any case, I hope at least one of the options given here provide some extra security!
    
      $this->im3 = ImageCreateTrueColor($width,$height);
      $temp_bg = ImageCreateTrueColor($width*1.5,$height*1.5);
      $bg3 = ImageColorAllocate($this->im3,255,255,255);
      ImageFill($this->im3,0,0,$bg3);
      $temp_bg_col = ImageColorAllocate($temp_bg,255,255,255);
      ImageFill($temp_bg,0,0,$temp_bg_col);
      
      // we draw all noise onto temp_bg
      // then if we're morphing, merge from temp_bg to im3
      // or if not, just copy a $widthx$height portion of $temp_bg to $this->im3
      // temp_bg is much larger so that when morphing, the edges retain the noise.
    
      if($this->bg_type==1)
      {
        // grid bg:
    
        // draw grid on x
        for($i=$this->rand_func(6,20) ; $i<$width*2 ; $i+=$this->rand_func(10,25))
        {
          ImageSetThickness($temp_bg,$this->rand_func(2,6));
          $text_r = $this->rand_func(100,150);
          $text_g = $this->rand_func(100,150);
          $text_b = $this->rand_func(100,150);
          $text_colour3 = ImageColorAllocate($temp_bg, $text_r, $text_g, $text_b);
    
          ImageLine($temp_bg,$i,0,$i,$height*2,$text_colour3);
        }
        // draw grid on y
        for($i=$this->rand_func(6,20) ; $i<$height*2 ; $i+=$this->rand_func(10,25))
        {
          ImageSetThickness($temp_bg,$this->rand_func(2,6));
          $text_r = $this->rand_func(100,150);
          $text_g = $this->rand_func(100,150);
          $text_b = $this->rand_func(100,150);
          $text_colour3 = ImageColorAllocate($temp_bg, $text_r, $text_g, $text_b);
    
          ImageLine($temp_bg,0,$i,$width*2, $i ,$text_colour3);
        }
      } else if($this->bg_type==2) {
        // draw squiggles!
    
        $bg3 = ImageColorAllocate($this->im3,255,255,255);
        ImageFill($this->im3,0,0,$bg3);
        ImageSetThickness($temp_bg,4);
    
        for($i=0 ; $i<strlen($word)+1 ; $i++)
        {
          $text_r = $this->rand_func(100,150);
          $text_g = $this->rand_func(100,150);
          $text_b = $this->rand_func(100,150);
          $text_colour3 = ImageColorAllocate($temp_bg, $text_r, $text_g, $text_b);
    
          $points = Array();
          // draw random squiggle for each character
          // the longer the loop, the more complex the squiggle
          // keep random so OCR can't say "if found shape has 10 points, ignore it"
          // each squiggle will, however, be a closed shape, so OCR could try to find
          // line terminations and start from there. (I don't think they're that advanced yet..)
          for($j=1 ; $j<$this->rand_func(5,10) ; $j++)
          {
            $points[] = $this->rand_func(1*(20*($i+1)),1*(50*($i+1)));
            $points[] = $this->rand_func(30,$height+30);
          }
    
          ImagePolygon($temp_bg,$points,intval(sizeof($points)/2),$text_colour3);
        }
    
      } else if($this->bg_type==3) {
        // take random chunks of $this->bg_images and paste them onto the background
    
        for($i=0 ; $i<sizeof($this->bg_images) ; $i++)
        {
          // read each image and its size
          $temp_im[$i] = ImageCreateFromJPEG($this->bg_images[$i]);
          $temp_width[$i] = imagesx($temp_im[$i]);
          $temp_height[$i] = imagesy($temp_im[$i]);
        }
        
        $blocksize = $this->rand_func(20,60);
        for($i=0 ; $i<$width*2 ; $i+=$blocksize)
        {
          // could randomise blocksize here... hardly matters
          for($j=0 ; $j<$height*2 ; $j+=$blocksize)
          {
            $this->image_index = $this->rand_func(0,sizeof($temp_im)-1);
            $cut_x = $this->rand_func(0,$temp_width[$this->image_index]-$blocksize);
            $cut_y = $this->rand_func(0,$temp_height[$this->image_index]-$blocksize);
            ImageCopy($temp_bg, $temp_im[$this->image_index], $i, $j, $cut_x, $cut_y, $blocksize, $blocksize);
          }
        }
        for($i=0 ; $i<sizeof($temp_im) ; $i++)
        {
          // remove bgs from memory
          ImageDestroy($temp_im[$i]);
        }
    
        // for debug:
        //sendImage($temp_bg);
      }
    
      // for debug:
      //sendImage($this->im3);
    
      if($this->morph_bg)
      {
        // morph background
        // we do this separately to the main text morph because:
        // a) the main text morph is done char-by-char, this is done across whole image
        // b) if an attacker could un-morph the bg, it would un-morph the CAPTCHA
        // hence bg is morphed differently to text
        // why do we morph it at all? it might make it harder for an attacker to remove the background
        // morph_chunk 1 looks better but takes longer
    
        // this is a different and less perfect morph than the one we do on the CAPTCHA
        // occasonally you get some dark background showing through around the edges
        // it doesn't need to be perfect as it's only the bg.
        $morph_chunk = $this->rand_func(1,5);
        $morph_y = 0;
        for($x=0 ; $x<$width ; $x+=$morph_chunk)
        {
          $morph_chunk = $this->rand_func(1,5);
          $morph_y += $this->rand_func(-1,1);
          ImageCopy($this->im3, $temp_bg, $x, 0, $x+30, 30+$morph_y, $morph_chunk, $height*2);
        }
    
        ImageCopy($temp_bg, $this->im3, 0, 0, 0, 0, $width, $height);
    
        $morph_x = 0;
        for($y=0 ; $y<=$height; $y+=$morph_chunk)
        {
          $morph_chunk = $this->rand_func(1,5);
          $morph_x += $this->rand_func(-1,1);
          ImageCopy($this->im3, $temp_bg, $morph_x, $y, 0, $y, $width, $morph_chunk);
    
        }
      } else {
        // just copy temp_bg onto im3
        ImageCopy($this->im3,$temp_bg,0,0,30,30,$width,$height);
      }
    
      ImageDestroy($temp_bg);
    
      if($this->blur_bg)
      {
        $this->myImageBlur($this->im3);
      }
    }
    // for debug:
    //sendImage($this->im3);
    
    //////////////////////////////////////////////////////
    ////// Write Word
    //////////////////////////////////////////////////////
    
    // write word in random starting X position
    $word_start_x = $this->rand_func(5,32);
    // y positions jiggled about later
    $word_start_y = 50;
    
    // use last pixelwidth
    $font_pixelwidth = $this->font_size + 10;
    
    if($this->col_type==0)
    {
      $text_r = $this->rand_color();
      $text_g = $this->rand_color();
      $text_b = $this->rand_color();
      $text_colour2 = ImageColorAllocate($this->im2, $text_r, $text_g, $text_b);
    }
    
    // write each char in different font
    for($i=0 ; $i<strlen($word) ; $i++)
    {
      if($this->col_type==1)
      {
        $text_r = $this->rand_color();
        $text_g = $this->rand_color();
        $text_b = $this->rand_color();
        $text_colour2 = ImageColorAllocate($this->im2, $text_r, $text_g, $text_b);
      }
    
      $j = $this->rand_func(0,sizeof($this->font_locations)-1);
      // $font = ImageLoadFont($this->font_locations[$j]);
      // ImageString($this->im2, $font, $word_start_x+($font_widths[$j]*$i), $word_start_y, $word{$i}, $text_colour2);
      ImageTTFText($this->im2, $this->font_size, 0, $word_start_x+(($font_pixelwidth)*$i), $word_start_y, $text_colour2, $this->font_locations[$j], $word{$i});
    }
    
    // for debug:
    // $this->sendImage($this->im2);
    
    //////////////////////////////////////////////////////
    ////// Morph Image:
    //////////////////////////////////////////////////////
    
    // calculate how big the text is in pixels
    // (so we only morph what we need to)
    $word_pix_size = $word_start_x+(strlen($word)*$font_pixelwidth);
    
    // firstly move each character up or down a bit:
    $y_pos = 0;
    for($i=$word_start_x ; $i<$word_pix_size ; $i+=$font_pixelwidth)
    {
      // move on Y axis
      // deviates at least 4 pixels between each letter
      $prev_y = $y_pos;
      do{
        $y_pos = $this->rand_func(-5,5);
      } while($y_pos<$prev_y+2 && $y_pos>$prev_y-2);
      ImageCopy($this->im, $this->im2, $i, $y_pos, $i, 0, $font_pixelwidth, $height);
    
      // for debug:
      // ImageRectangle($this->im,$i,$y_pos+10,$i+$font_pixelwidth,$y_pos+70,$debug);
    }
    
    // for debug:
    // $this->sendImage($this->im);
    
    ImageFilledRectangle($this->im2,0,0,$width,$height,$bg2);
    
    // randomly morph each character individually on x-axis
    // this is where the main distortion happens
    // massively improved since v1.2
    $y_chunk = 1;
    $morph_factor = 1;
    $morph_x = 0;
    for($j=0 ; $j<strlen($word) ; $j++)
    {
      $y_pos = 0;
      for($i=0 ; $i<=$height; $i+=$y_chunk)
      {
        $orig_x = $word_start_x+($j*$font_pixelwidth);
        // morph x += so that instead of deviating from orig x each time, we deviate from where we last deviated to
        // get it? instead of a zig zag, we get more of a sine wave.
        // I wish we could deviate more but it looks crap if we do.
        $morph_x += $this->rand_func(-$morph_factor,$morph_factor);
        // had to change this to ImageCopyMerge when starting using ImageCreateTrueColor
        // according to the manual; "when (pct is) 100 this function behaves identically to imagecopy()"
        // but this is NOT true when dealing with transparencies...
        ImageCopyMerge($this->im2, $this->im, $orig_x+$morph_x, $i+$y_pos, $orig_x, $i, $font_pixelwidth, $y_chunk, 100);
    
        // for debug:
        //ImageLine($this->im2, $orig_x+$morph_x, $i, $orig_x+$morph_x+1, $i+$y_chunk, $debug2);
        //ImageLine($this->im2, $orig_x+$morph_x+$font_pixelwidth, $i, $orig_x+$morph_x+$font_pixelwidth+1, $i+$y_chunk, $debug2);
      }
    }
    
    // for debug:
    //sendImage($this->im2);
    
    ImageFilledRectangle($this->im,0,0,$width,$height,$bg);
    // now do the same on the y-axis
    // (much easier because we can just do it across the whole image, don't have to do it char-by-char)
    $y_pos = 0;
    $x_chunk = 1;
    for($i=0 ; $i<=$width ; $i+=$x_chunk)
    {
      // can result in image going too far off on Y-axis;
      // not much I can do about that, apart from make image bigger
      // again, I wish I could do 1.5 pixels
      $y_pos += $this->rand_func(-1,1);
      ImageCopy($this->im, $this->im2, $i, $y_pos, $i, 0, $x_chunk, $height);
    
      // for debug:
      //ImageLine($this->im,$i+$x_chunk,0,$i+$x_chunk,100,$debug);
      //ImageLine($this->im,$i,$y_pos+25,$i+$x_chunk,$y_pos+25,$debug);
    }
    
    // for debug:
    //sendImage($this->im);
    
    // blur edges:
    // doesn't really add any security, but looks a lot nicer, and renders text a little easier to read
    // for humans (hopefully not for OCRs, but if you know better, feel free to disable this function)
    // (and if you do, let me know why)
    $this->myImageBlur($this->im);
    
    // for debug:
    //sendImage($this->im);
    
    if($this->output!="jpg" && $this->bg_type==0)
    {
      // make background transparent
      ImageColorTransparent($this->im,$bg);
    }
    
    
    
    
    
    //////////////////////////////////////////////////////
    ////// Try to avoid 'free p*rn' style CAPTCHA re-use
    //////////////////////////////////////////////////////
    // ('*'ed to stop my site coming up for certain keyword searches on google)
    
    // can obscure CAPTCHA word in some cases..
    
    // write site tags 'shining through' the morphed image
    ImageFilledRectangle($this->im2,0,0,$width,$height,$bg2);
    if(is_array($this->site_tags))
    {
      for($i=0 ; $i<sizeof($this->site_tags) ; $i++)
      {
        // ensure tags are centered
        $tag_width = strlen($this->site_tags[$i])*6;
        // write tag is chosen position
        if($this->tag_pos==0 || $this->tag_pos==2)
        {
          // write at top
          ImageString($this->im2, 2, intval($width/2)-intval($tag_width/2), (10*$i), $this->site_tags[$i], $site_tag_col2);
        }
        if($this->tag_pos==1 || $this->tag_pos==2)
        {
          // write at bottom
          ImageString($this->im2, 2, intval($width/2)-intval($tag_width/2), ($height-34+($i*10)), $this->site_tags[$i], $site_tag_col2);
        }
      }
    }
    ImageCopyMerge($this->im2,$this->im,0,0,0,0,$width,$height,80);
    ImageCopy($this->im,$this->im2,0,0,0,0,$width,$height);
    // for debug:
    //sendImage($this->im);
    
    
    
    
    //////////////////////////////////////////////////////
    ////// Merge with obfuscated background
    //////////////////////////////////////////////////////
    
    if($this->bg_type!=0)
    {
      // merge bg image with CAPTCHA image to create smooth background
    
      // fade bg:
      if($this->bg_type!=3)
      {
        $temp_im = ImageCreateTrueColor($width,$height);
        $white = ImageColorAllocate($temp_im,255,255,255);
        ImageFill($temp_im,0,0,$white);
        ImageCopyMerge($this->im3,$temp_im,0,0,0,0,$width,$height,$bg_fade_pct);
        // for debug:
        //sendImage($this->im3);
        ImageDestroy($temp_im);
        $c_fade_pct = 50;
      } else {
        $c_fade_pct = $bg_fade_pct;
      }
    
      // captcha over bg:
      // might want to not blur if using this method
      // otherwise leaves white-ish border around each letter
      if($this->merge_type==1)
      {
        ImageCopyMerge($this->im3,$this->im,0,0,0,0,$width,$height,100);
        ImageCopy($this->im,$this->im3,0,0,0,0,$width,$height);
      } else {
        // bg over captcha:
        ImageCopyMerge($this->im,$this->im3,0,0,0,0,$width,$height,$c_fade_pct);
      }
    }
    // for debug:
    //sendImage($this->im);
    
    
    //////////////////////////////////////////////////////
    ////// Write tags, remove variables and output!
    //////////////////////////////////////////////////////
    
    // tag it
    // feel free to remove/change
    // but if it's not essential I'd appreciate you leaving it
    // after all, I've put a lot of work into this and am giving it away for free
    // the least you could do is give me credit (or buy me stuff from amazon!)
    // but I understand that in professional environments, your boss might not like this tag
    // so that's cool.
    $tag_str = "";
    // for debug:
    //$tag_str = "[".$word."]";
    
    // ensure tag is right-aligned
    $tag_width = strlen($tag_str)*6;
    // write tag
    ImageString($this->im, 2, $width-$tag_width, $height-13, $tag_str, $tag_col);
    
    // unset all sensetive vars
    // in case someone include()s this file on a shared server
    // you might think this unneccessary, as it exit()s
    // but by using register_shutdown_function
    // on a -very- insecure shared server, they -might- be able to get the word
    unset($word);
    // the below aren't really essential, but might aid an OCR attack if discovered.
    // so we unset them
    
    // output final image :-)
    $this->sendImage($this->im);
    // (sendImage also destroys all used images)
  }
  
  function rand_func($s, $m)
  {
    global $_starttime;
    $tn = microtime_float() - $_starttime;
    if ( $tn > 5 )
    {
      echo '<pre>';
      enano_debug_print_backtrace();
      echo '</pre>';
      exit;
    }
    $rf =& $this->rand_func;
    return $rf($s, $m);
  }
  
  function seed_func($s)
  {
    $rf =& $this->seed_func;
    return $rf($s);
  }
  
  function hash_func($s)
  {
    $rf =& $this->hash_func;
    return $rf($s);
  }
  
}