Problem Getting A Little Anti-Spam Calculation To Work

[peppericious]

I want the user to answer a little calculation as an anti-spam measure but can't get it to work. Here's my code...

 

<?php
// create an anti-spam calculation to be answered
$first_num = rand(1, 3);
$second_num = rand(1, 3);
$multiplier = rand(2,3);

$actual_answer = ($first_num + $second_num) * $multiplier;


if($_SERVER['REQUEST_METHOD'] == 'POST') {
if($_POST['user_answer'] !== $actual_answer) {
echo "You didn't answer the anti-spam calculation correctly.";
} else {
echo "Correct!";
}
} else {
?>
<form method='post' action=''>
<?php echo "($first_num + $second_num) x $multiplier) = "; ?>
<input type='text' name='user_answer' id='user_answer' /><br /><br />
<input type='submit' name='submit' value='go' />
</form>
<?php
}

 

Can anybody tell me what I'm doing wrong? Thanks in advance for your help.

[Muddy_Funster]

each time the page loads $actualanswer is being recalculated, so the odds of it matching the post answer from the last generation are pretty slim. you need to pass the actual answer, either in a session or in a hidden form element, along with the given answer to compare the correct $actualanswer with the one given

[peppericious]

Thanks, Muddy_Funster. Got it working with this...

 

<?php
session_start();
// create an anti-spam calculation to be answered
$first_num = rand(1, 3);
$second_num = rand(1, 3);
$multiplier = rand(2,3);

if($_SERVER['REQUEST_METHOD'] == 'POST') {
if($_POST['user_answer'] !== $_POST['actual_answer']) {
echo "You didn't answer the anti-spam calculation correctly.";
} else {
echo "Correct!";
}
} else {


?>
<form method='post' action=''>
<?php echo "($first_num + $second_num) x $multiplier) = "; ?>
<input type='hidden' name='actual_answer' id='actual_answer' value="<?php echo $_SESSION['actual_answer'] = ($first_num + $second_num) * $multiplier;?>" />
<input type='text' name='user_answer' id='user_answer' /><br /><br />
<input type='submit' name='submit' value='go' />
</form>
<?php
}

[Christian F.]

Not the best of solutions, as now the bots doesn't even have to guess: They can just read the correct answer from the HTML code directly...

 

The correct way to do this would have been to save the correct answer in the session, or at least as a salted and hashed value in the form. Then only recalculate the correct answer once it's been established that the form needs to be shown again. Either because the previous answer was wrong, or because no form has been posted yet.

[AyKay47]

Not the best of solutions, as now the bots doesn't even have to guess: They can just read the correct answer from the HTML code directly...

Nonsense.

 

Using both a hidden input and a session is a bit of overkill here. Storing the value in a session will be fine.

 

<?php
session_start();
// create an anti-spam calculation to be answered
$first_num = rand(1, 3);
$second_num = rand(1, 3);
$multiplier = rand(2,3);

if($_SERVER['REQUEST_METHOD'] == 'POST') {
if($_POST['user_answer'] !== $_SESSION['actual_answer']) {
echo "You didn't answer the anti-spam calculation correctly.";
} else {
echo "Correct!";
}
} else {
$_SESSION['actual_answer'] = ($first_num + $second_num) * $multiplier;


?>
<form method='post' action=''>
<?php echo "($first_num + $second_num) x $multiplier) = "; ?>
<input type='text' name='user_answer' id='user_answer' /><br /><br />
<input type='submit' name='submit' value='go' />
</form>
<?php
}

[Christian F.]

AyKay47: I'm afraid it's not nonsense, if you read his code again you'll see for yourself. He's echoing the unmodified result into the HTML form, even as a hidden input it's clearly available for anyone who looks. The session variable isn't even used in his script, other than to simply save the answer (and nothing else).

 

Your code, however, fixed that issue. As specified in my post.

[peppericious]

Thanks AyKay47, I had been trying to do it with a session... very simple now that I see your solution. Much appreciated.