PHP Captcha without session
Ok, here is an issue: in the project i\'m working on, we can\'t rely on server-side sessions for any functionality.
The problem is that common captcha solutions fro
-
Use the honeypot technique: place a text field with a greedy name, as 'email', into an field hidden by CSS (display: none; visibility: hidden;).
When you have to sanitize the form, simply check if that field is empty, is being send by an human (that cant see the field and so cant fill it up), else, from a spammer.
That's why usually spammer use to fill up all the fields in the page with predefinited values before sending the form... and doesnt bother the user for reading the captcha.
Else, rely on the human reading, something like "Write the first $x letter of the word "$word" in the field:"
Then, you only have to send the $x and $word to the next page and check it (and of course, you can randomize the fields name to be more accurated)
I remember that a plugin for phpBB forum rely on the fact that, usually, the spam bots selects the first option avaiable (with a value) in the
fields; Just put as first optionThere are many ways to protect against spambots, playing on one factor that bots will never have: imagination
加载中...
- 热议问题