|
|
Posted by Gordon Burditt on 05/10/06 22:10
>I am developing a website where users can sign up for a service. They
>essentially can become a memeber. It will allow anyone to sign up, but
>I need to make it so only humans can sign up. I need to avoid any
>automatic scripts that could create tons of bogus accounts.
>
>What I believe is the best solution for me is to have an image appear
>as part of the form they fill out to get the account. In the image
>will be scrambled text. The user must decipher the text in order to
>create the account. That should take care of just about all bots.
One way to deal with this is to generate the images on the fly.
The signup page generates a random string to put in the image. (Be
VERY careful about the randomness of your generator, and DON'T use
the session ID to generate it, since the bot gets the session ID,
but not the data in the session). Stick the random string into the
session. The PHP "page" that returns the image uses this string
to generate it on the fly. The page that checks for the correct
answer also uses it.
As to how you generate the image from a string in such a way that it
can't be OCR'd by a bot, I don't have an answer for that, but I assume
it's been solved.
>The only way I can think to do this is to manually create a ton of
>images to use for this. Does anyone know of a more simple way to do it?
Gordon L. Burditt
Navigation:
[Reply to this message]
|