kreut Posted August 13, 2011 Share Posted August 13, 2011 Hello, I'm currently using Captcha as a means to prevent Spam on my website for user's comments in a "Contact Us" form. The more I think about it, the more I wonder why the heck I'd use such a difficult to read (annoying?) method as opposed to something like: Create a php script that generates two random numbers between 1 and 10 (x and y). Ask the user "Please prove you're human by telling me the sum of x and y.". If they don't, then the form won't be submitted. Also, I feel like I don't even really understand exactly HOW someone can spam my site: if, for example, there's an email form within my site on a secure page (in other words, after the user logs in), would a spamster be able to get to that? Thank you, Eric Quote Link to comment Share on other sites More sharing options...
ZulfadlyAshBurn Posted August 13, 2011 Share Posted August 13, 2011 creating a php script that generates two number is rather easy. i have done it and tested it. its working <?php session_start(); $maths = $_REQUEST['maths']; if(isset($maths)) { $sum = $_SESSION['sum']; if($maths == $sum) { echo "Correct "; } else { echo "Wrong "; } } else { $n1 = rand(1,10); $n2 = rand(1,10); $sum = $n1 + $n2; $self = $_SERVER['PHP_SELF']; $_SESSION['sum'] = $sum; echo "<form action='" .$self. "' method='post'/>". $n1 . " + " . $n2 . " =<input type='text' name='maths'/><input type='submit' value='submit'/></form>The correct answer would be: " . $sum; } ?> as for ppl spamming your site: if they are allowed to register on their own, they are able to do anything to the contact form. else, they can still get the url/page which sends you the data and send it Quote Link to comment Share on other sites More sharing options...
kreut Posted August 13, 2011 Author Share Posted August 13, 2011 Thanks for the response! But, can they get to things INSIDE my site? In other words, let's say a user has to register --AND PAY-- to use my site. Once in the site, they have a "Send me comments form". Could the spammer spam that if the "Send me comments form" is only accessible to paying users? Thanks again.... Quote Link to comment Share on other sites More sharing options...
PFMaBiSmAd Posted August 13, 2011 Share Posted August 13, 2011 If the form and the form processing code is correctly testing if the current visitor is logged in and is preventing access by non-logged in visitors, then generic spammers who are not members/not logged in would not be able to submit comments to your form processing code because you form processing code would ignore form submissions by non-logged in guests. What is your code that is detecting logged in members and is protecting your member only pages? Quote Link to comment Share on other sites More sharing options...
PFMaBiSmAd Posted August 13, 2011 Share Posted August 13, 2011 As to simple math and word problem captcha's. It is very easy to write a script that parses and solves math problems and simple copy/paste type of word problems. You can however make these type of captcha's more secure by dynamically outputting the question as an image, since that would require a hacker to both do accurate OCR on the image to find out the question, then solve the question. It is a lot harder to do OCR to accurately read several words, than it is to do OCR to accurately find a small number of letters/numbers that are typically used in a captcha. Quote Link to comment Share on other sites More sharing options...
kreut Posted August 13, 2011 Author Share Posted August 13, 2011 Thanks for responding to my post. To detect logged in members I'm using the Zend_Auth adapter with hasIdentity() to see if a user is correctly logged in and is of the appropriate user type; this is after they log in using Zend_Auth in conjunction with matching the credentials to my database using Zend_Auth_Adapter_DbTable. And, from what you said on your post, it sounds like the idea of dynamically generating a mathematical question then outputting it as an image could be an alternative to using Captcha ---do I understand you correctly? I feel pretty comfortable with php but have never output text as an image. Might you have a resource that could get me started? Quote Link to comment Share on other sites More sharing options...
PFMaBiSmAd Posted August 13, 2011 Share Posted August 13, 2011 You would use the GD image functions and draw a string on an image - http://www.php.net/manual/en/function.imagestring.php Quote Link to comment Share on other sites More sharing options...
kreut Posted August 13, 2011 Author Share Posted August 13, 2011 Thanks so much for your help! This seems way better than using reCaptcha from a customer service point of view. Why doesn't everyone do it this way? -Eric Quote Link to comment Share on other sites More sharing options...
The Little Guy Posted August 13, 2011 Share Posted August 13, 2011 My cousin came up with this, now I don't know if it would work or not, but what you do is create a text field and give it this css: "display: none;" Then when you validate the form, you check to see if that field is filled in or not. if it is not filled in, it was probably submitted by a human (due to the fact that they did not see it); if it is filled in then it was probably submitted by a robot. You would probably also give the field a common name, for example if it was a login, maybe the name "url". A robot would more than likely put a url in there and submit it making that field filled out and we now assume a robot put that in there. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.