creating own audio captcha in php

Question

I wanted to make a little audio captcha in php, so I needed to convert text to speech, but I have two restrictions:

First it should be a php-solution. creating a mp3/ogg would be fine, it could be inserted and played with audio-tags etc.

Second I need to install it on a server only using ftp-access. So, I can't use standard applications to which php would speak.


So, I already investigated some solutions:

Jquery's Jtalk can read text aloud, but it's kind of impractical here as javascripts is always open source => the captcha would be plain in the source-Code.

Google has an Api to speak aloud, too. However, you need to make a call to an extern file with the text as part of the url. so, listening to the outgoing requests will reveil the captcha, too.

I tried to combine my own audio-files using php. I have read in some posts here, that many player supports simply a echo file_get_contents['audio1.ogg'].file_get_contents['audio2.ogg']; solution. However, using the plugin in Firefox, only the first file is played. Downloading and playing in VLC reveals both audio files. I'm also not really happy with this one, even if it would work, as one could just associate the ogg-source with the letter and recognise the captcha by slicing the audio-source-code... I also thought of loading all letters in audio-tags and playing them as needed, but that will again reveal the captcha in the web's source code.

Lastly I heard of "flite" which promised to be able to do all these things, but I think I got a little mistaken and it needs to get installed directly on the server rather than just putting a few files on an ftp.


So, does anybody know how to make a text to speech solution with only ftp-access and without contacting other websites with the text as part of the url?

Regards, Julian

Answer 1

So, I have made up a solution combining javascript and php which is pleasing for my taste and could get modified for additional security (like adding noise or having something else than a letter per sound file).

It works like this: you set up a sounds-folder, protected per htaccess, only allowing a captcha.php-script to get files. There is one file per letter you want to display. The script can also access the captcha via Session, database or protected file and has a pointer to the position that is currently read. Every time it is visited, it gives the audio of the next letter back. This could get done by e.g.

echo file_get_contents('sounds/'.$_SESSION["curaudio"].'.ogg');

Then you only need to insert the audio-element into your html:

<audio hidden id="Sound_captcha">
    Your browser does not support the audio element.
</audio> 

And Use javascript to switch to the next letter. For that, use the src-attribute of the audio and give the address of your captcha.php-file. Remember to add a value to prevent Cache:

"captcha.php?"+(new Date()).getTime()

You can call the play()-function of the audio-element to play the file.

To switch to the next requires to either stay at a fixed amount of time per file (very insecure) or to use the ended-event of the audio-element.

Of course, your php-script should at the end also tell when the captcha has been read completely (e.g. to be read with another script where you need a an ajax-request or e.g. the script that produces the sound does it only at every odd access, otherwise status, or the script tells you at the beginning how many reloads you need...)

That is actually all for a basic player, which would also need to get modified to prevent an easy bot-access... however, in my opinion, this is at least as secure as a standard text-captcha and removes a great barrier for people with eye-problems.