|
|
Posted by pittendrigh on 09/20/06 00:27
Let's say we're trying to keep blog and forum spammers out
of our site--we're not trying to protect fort knox.
1) Step one is a one-time-only step.
We create six different css files that define the
same six color names differently, but each such
css file assigns red to one and only
one of those same six color names, and then store
the six somewhere in the document_root.
2) We make a dynamically generated GET page that mods a random number
to
between 1 and 6 and sets that number as session variable.
That number will tell us in a later POST which of the six
css files to use when we generate a dynamic POST page.
We also randomly create 6 digits between 1 - 256 and concatenate
them
into a comma delimeted string. We set that string
as a session variable.
3) In the post we generate a page that specifies one
of the six css files in its header, according the value
of first session variable. Because we have that session
variable, and because we know which of the six different
css schemes we are now using, we know which css attribute
in the current scheme means red. We don't care about the other
colors.
4) Now we generate 256 random digits (between 1 - 256) into an array.
We loop through the array and concatenate a <b class="xx">$digit</b>
onto a string. Foreachsuch <b> tag we randomly choose one of
the css colors known not to red, except for the N array index digits
we get from the exploded comma-delimeted session var #2.
We set those <b class="yy"> tags to the color known (only to us)
to be red.
5) Now we echo the string of <b> tags. Six out of the
256 randomly generated digits will be red, all the others
some undetermined color. But we know which ones are
red.
6) Now we do another post, asking the user to tell us which
of the 256 digits are red.
7) if the post variable matches the session stuff, we proceed,
else we tell the client computer to chop the fingers off
the spammer's hands and smoke the seat of his pants.
Navigation:
[Reply to this message]
|