Kelly Thompson wrote:
> So if I don't use captchas (having tons of trouble with all of them, due
> to dependencies, and being on a shared host) what is a good "text" method?
> Or any method actually that will help with spam, and DOS attacks...
>
> Currently you have to register and then click a link in your email that
> we send, to activate your account anyway.
>
> Is that enough?
>
> What else can I do?
>
>
> Thanks before hand!!
I'm in a bit of a rush, but if you want something simple, here is a rough
outline:
-----------------------------------------------------------------
[% rand_number = cgi.orig_number || random_integer(0, 99999); %]
<input type="hidden" name="orig_number" value="[% rand_number | html %]">
Type [% rand_number | html %] here:<input type="text" name="number" value="[%
cgi.number | html %]">
-----------------------------------------------------------------
Pass this in via TT's process vars unless you already have a random routine:
sub random_integer {
#get a random integer between $lower and $upper (can include both $lower and
$upper)
my $lower = shift;
my $upper = shift;
return $lower + int(rand($upper - $lower + 1));
}
Using something like this in perl would be fine too: int(rand(99999)).
Then you just verify that the two values are integers and equal
(cgi.orig_number == cgi.number) on submit. This will catch many bots that like
to throw various random data into fields as well as ones that don't enter the
correct value. You also don't have to worry about storing the number in the
user's session or anywhere else with this method. The number will also stay the
same if there is an error on your form and you have to redisplay it. (Less
confusing to users if you have multiple form refreshes going on.) To make
things harder for the bots just whack the "cgi.orig_number ||" part at the top
to generate a new number every time the form is refreshed.
You can enhance that in various ways to make it better and more robust, but
that should help a decent amount by itself. If you find yourself having
troubles, reword the question "type x here" and change the number/orig_number
names.
Cheers,
-- Josh
_______________________________________________
templates mailing list
[email protected]
http://mail.template-toolkit.org/mailman/listinfo/templates
