asdfg Posted July 16, 2012 Share Posted July 16, 2012 Hello, Does somebody now a really simple security question for my php form. Just what is 2+2 or what is the second letter of hello. Can someone give me a tutorial for that or a code. Thanks. Quote Link to comment https://forums.phpfreaks.com/topic/265788-simple-security-question-for-contact-form/ Share on other sites More sharing options...
memfiss Posted July 17, 2012 Share Posted July 17, 2012 u need to make table with question answers and id then when u henerate html code of ur form select one random question and id place question id into hidden input and after submiting check is answer correct Quote Link to comment https://forums.phpfreaks.com/topic/265788-simple-security-question-for-contact-form/#findComment-1362092 Share on other sites More sharing options...
ignace Posted July 17, 2012 Share Posted July 17, 2012 place question id into hidden input That's a bad idea. Imagine someone who wants to abuse the form would only have set the same question id and pre-fill the answer, eureka! Instead store the correct answer in the session instead of the form. Quote Link to comment https://forums.phpfreaks.com/topic/265788-simple-security-question-for-contact-form/#findComment-1362095 Share on other sites More sharing options...
Jessica Posted July 17, 2012 Share Posted July 17, 2012 Or just do the math... you don't need to store the answer if you do math, or any logic. What is the second letter of hello? Easy with logic. What is 2+2? Easy with logic. Quote Link to comment https://forums.phpfreaks.com/topic/265788-simple-security-question-for-contact-form/#findComment-1362147 Share on other sites More sharing options...
PFMaBiSmAd Posted July 17, 2012 Share Posted July 17, 2012 If you are going to do this, you need to output the question in the form of an image (that does not have a fixed/unique signature for each question) so that a bot script cannot simply scrape the question out of the html source and lookup the text answer or solve the math expression and post the answer. I was a moderator on a different php helo forum and the owner's office thought it would be a good idea to replace an existing traditional image based captcha (enter the letters/numbers you see) with a simple text based question/answer captcha, with a limited number of random questions/answers. The number of automated registrations (followed by spamming) went from one every few days to ~ 250 per day for a couple of days until the person that made the change got around to undoing what he did. Quote Link to comment https://forums.phpfreaks.com/topic/265788-simple-security-question-for-contact-form/#findComment-1362202 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.