On Friday 20 March 2009 07:44:51 Patrick R. Michaud wrote:
> In order for captchas to be at all workable and not easily circumvented,
> the information about the displayed captcha has to be kept somewhere
> on the server. PmWiki's captcha recipe uses session files for this
> purpose -- I'm not sure what would/could provide a better solution
> to this. Ultimately it's simply the fact that the captchas are
> being displayed that is causing the files to be generated.
How about using crypt() with a unique salt that changes but not very often ?
$CaptchaValue = rand(1000, 9999);
$CaptchaKey = crypt($CaptchaValue, md5_file("$LocalDir/config.php"));
The form will have a hidden field containing $CaptchaKey, and a text field
where the visitor writes $CaptchaValue.
We should find some way to send the $CaptchaValue to the function which
creates the image. It could be a small control file
wiki.d/.captchas/$CaptchaKey.txt. We erase it when the picture is created or
if it is older than X minutes.
Thanks,
Petko
_______________________________________________
pmwiki-users mailing list
[email protected]
http://www.pmichaud.com/mailman/listinfo/pmwiki-users
