I’ve always thought that captchas are a barrier to some internet users so I worked out an alternative method.

My method uses random field names and values.

The script generates a random MD5 hash from several blocks of random numbers. This hash is used create a field and variable name for your form and script. A second MD5 hash is generated from more random numbers and stored in the form field names and script variable. The generated variable and value can then be stored in the session (or database).

$var=substr( md5( rand(1000,4000).rand(3000,7500).rand(1000,9999) ),0, 15 );

${$var}=substr( md5( rand(1000,4000).rand(3000,7500).rand(1000,9999) ),0, 15 );

$_SESSION['varname']=$var;
$_SESSION['var']=${$var};

   	 
.
.
.

Once the form has been submitted a script has to confirm that the variables match. Once confirmed (or rejected) your script can proceed.

if ( isset( $_POST[ $_SESSION['varname'] ] ) && $_POST[ $_SESSION['varname'] ]!='' && $_POST[ $_SESSION['varname'] ] == $_SESSION['var'] )
{
.
.
.
}

Filed under: Programming — Tags: captcha, form, hardening, spam — admin @ 9:46 pm

What happens if your page get found on Google but it should be inside an iframe? For me the answer was simple, detect if you’re inside an iframe and if not redirect to the destination you want.

To find out if you’re in an iframe you can get the number of frames from the parent window. If the number of frames if less than 0, you’re not in an iframe and you need to redirect. The same principle can be used to escape from an iframe.

if ( window.parent.frames.length>0 )  {}  // check how many frames, if none do nothing
else
{
  
  window.location="[new destination]";  // else change the current location 
  
}

Filed under: Programming — Tags: iframe, javascript — admin @ 8:49 pm