Hardening a form to spammers without captcha

July 15, 2010

I’ve always thought that captchas are a barrier to some internet users so I worked out an alternative method.

My method uses random field names and values.

The script generates a random MD5 hash from several blocks of random numbers. This hash is used create a field and variable name for your form and script. A second MD5 hash is generated from more random numbers and stored in the form field names and script variable. The generated variable and value can then be stored in the session (or database).

$var=substr( md5( rand(1000,4000).rand(3000,7500).rand(1000,9999) ),0, 15 );

${$var}=substr( md5( rand(1000,4000).rand(3000,7500).rand(1000,9999) ),0, 15 );

$_SESSION['varname']=$var;
$_SESSION['var']=${$var};
. . .

Once the form has been submitted a script has to confirm that the variables match. Once confirmed (or rejected) your script can proceed.

if ( isset( $_POST[ $_SESSION['varname'] ] ) && $_POST[ $_SESSION['varname'] ]!='' && $_POST[ $_SESSION['varname'] ] == $_SESSION['var'] )
{
.
.
.
}
Filed under: Programming — Tags: , , , — admin @ 9:46 pm

No Comments »

No comments yet.

RSS feed for comments on this post. TrackBack URL

Leave a comment

About me

Jonathan Spicer

My CV

My curriculum vitae and a wealth of other facts about me.

Warhammer Quest tools

Flickering flame effect Flickering flame effect Flickering flame effect

Powered by WordPress