Posted by Kimmo Laine on 09/20/06 06:18

"pittendrigh" <Sandy.Pittendrigh@gmail.com> wrote in message
news:1158712064.952149.317310@k70g2000cwa.googlegroups.com...
> Let's say we're trying to keep blog and forum spammers out
> of our site--we're not trying to protect fort knox.
>
> 1) Step one is a one-time-only step.
> We create six different css files that define the
> same six color names differently, but each such
> css file assigns red to one and only
> one of those same six color names, and then store
> the six somewhere in the document_root.
>
> 2) We make a dynamically generated GET page that mods a random number
> to
> between 1 and 6 and sets that number as session variable.
> That number will tell us in a later POST which of the six
> css files to use when we generate a dynamic POST page.
>
> We also randomly create 6 digits between 1 - 256 and concatenate
> them
> into a comma delimeted string. We set that string
> as a session variable.
>
> 3) In the post we generate a page that specifies one
> of the six css files in its header, according the value
> of first session variable. Because we have that session
> variable, and because we know which of the six different
> css schemes we are now using, we know which css attribute
> in the current scheme means red. We don't care about the other
> colors.
>
> 4) Now we generate 256 random digits (between 1 - 256) into an array.
> We loop through the array and concatenate a <b class="xx">$digit</b>
> onto a string. Foreachsuch <b> tag we randomly choose one of
> the css colors known not to red, except for the N array index digits
>
> we get from the exploded comma-delimeted session var #2.
> We set those <b class="yy"> tags to the color known (only to us)
> to be red.
>
> 5) Now we echo the string of <b> tags. Six out of the
> 256 randomly generated digits will be red, all the others
> some undetermined color. But we know which ones are
> red.
>
> 6) Now we do another post, asking the user to tell us which
> of the 256 digits are red.
>
> 7) if the post variable matches the session stuff, we proceed,
> else we tell the client computer to chop the fingers off
> the spammer's hands and smoke the seat of his pants.


Instead of coloring certain numbers to random colors, why not just make the
invisible using visibility:hidden; display:none; -> works for colorblind
people as well. That leaves us just the blind. You should set the letters
inaudible as well for screenreader using volume:silent; speak:none;
So your hiding css mask would be:
..xx {
visibility:hidden;
display:none;
volume:silent;
speak:none;
}

--
"Ohjelmoija on organismi joka muuttaa kofeiinia koodiksi" - lpk
http://outolempi.net/ahdistus/ - Satunnaisesti p�ivittyv� nettisarjis
spam@outolempi.net || Gedoon-S @ IRCnet || rot13(xvzzb@bhgbyrzcv.arg)

[Back to original message]