Chris Shiflett wrote: > Before anyone notes my hypocrisy, my blog requires people to indicate my > first name in order to post a comment, and although I might adopt a > better approach, at least this approach is accessible.
A simple, extensible and accessible continuation of this approach might be implemented as follows: Create a table with 4 columns: challenge_id questions answer_match times_used This table would contain a list of questions, along with a preg_match pattern for acceptable answers, and a count of how many times the question has been used. Select one of the x (a number greater than the maximum new challenges added at any one time) least-used questions from the table at random and present it to the user along with a text box for their answer. Store the challenge_id in the session. When the form is submitted, check the answer against the regex and allow or deny access as required. Optionally, you could store the number of failed attempts and eliminate questions which yield too many failures. This would automatically remove questions that are either too difficult for the average user, or are getting hammered by spammers. In this way it would be trivial to add new or more difficult challenges, and if someone is hammering on the form they will continually get new questions from the pool. I haven't needed to implement this myself, but it does seem like question/answer based challenges are a good approach. This is mostly because they don't suffer from the class breaks inherent in most image-based captcha systems (once you crack the captcha algorithm you can solve any captcha using that system), assuming you take the time to add some questions which are unique to the individual instance of the system. And of course, they are fully accessible. Dan _______________________________________________ New York PHP Community Talk Mailing List http://lists.nyphp.org/mailman/listinfo/talk NYPHPCon 2006 Presentations Online http://www.nyphpcon.com Show Your Participation in New York PHP http://www.nyphp.org/show_participation.php
