|
|
Posted by Csaba Gabor on 03/12/06 19:11
Scott wrote:
> I've been trying to come up with a way to ensure user input is coming
> from the form on my site, and not auto-submitted from elsewhere, and I
> don't want to use the "enter the code shown in the image" method. I know
> the $_SERVER['HTTP_REFERER'] contents can be spoofed, so I thought of
> doing something similar to this:
....
> Your thoughts?
Several people have discussed how it might be possible to use cURL as a
means to simulate user input. And the conclusion was essentially that
it is a somewhat moot point since one doesn't tend to get much spam via
forms.
There's another way that is perhaps not so fast as cURL which I find
quite convenient in automating browser simulation: it's an extension to
Firefox called GreaseMonkey. The standard usage, which I'm sure many
people already know, is that when you bring up a specific web site in
your browser (FF), it will customize the page (e.g. I just *might* have
a two line script that removes the ads at the top of the page on yahoo
mail).
However, this customization extends fairly far. For example, I can
schedule a FF to regularly start (hidden) in the background and
sequence through a series of pages (and if there are passwords, I don't
have to put them in the code since FF is storing them for me (though
the security on stored passwords is bad. If other people have access
to your machines, they have access to those stored passwords)).
The point is that if you want to access pages on an automated basis, FF
allows you to do it in a way that completely simulates using a browser
since you ARE using a browser. It may not be as fast (since the DOM
has to be built - heck, you're running an entire browser), and it may
not be at the same level of granularity (such as controlling the number
of redirections), and it's strictly client based (whereas cURL can be
run in a web server), but for most tasks it's more powerful and easier
to use.
Csaba Gabor from Vienna
Navigation:
[Reply to this message]
|