There has been a sharp rise in form-based spam getting through to the mailboxes of a couple of the web sites I manage, so I have been thinking of a simple way to fight that. The obvious answer would be to use a captcha, however they are notoriously inaccessible. My solution to this problem is to simply generate a random number, ask the user to confirm that number, and then to test that the two are the same before allowing the form to submit.
Now the code. we place the following at the top of the page where the form resides:
$sec = rand(10000, 99999);
Simple enough, we just generate a 5 digit random number. Next, in the form, we echo that number into a hidden input field and ask the user to verify the number in a text input field.
So now we have the variables 'security' and 'check' which will be posted to the script that handles our forms, there we just need to test if the two variables are equal, actually, we test to see if the aren't equal:
$security = $_POST['security'];
$check = $_POST['check'];
if ($security != $check) header("Location:/form.php");
If the random number and the number the user enter aren't equal, the script stops processing and sends the user back to the form, otherwise the script goes about its business of processing and completes.
If we wanted to secure the form even more, we could, and probably should, test for the existence of the two variables like this:
$security = $_POST['security'];
$check = $_POST['check'];
if ((!isset($_POST['security'])) || (!isset($_POST[check])) || ($security != $check)) header("Location:/form.php");
Now, if the 'security' or 'check' variables haven't been sent via POST to the script, we get sent back to the form also.
So there we have it, like any security measure, it is not 100% secure, however it has worked for several of the sites I manage, one in particular going from 50+ spam form submissions to 0 literally overnight. This method also has the benefit of being highly accessible to all sorts of browsers. I tested the method in the Lynx browser and could understand the directions quite easily.
If you found this to be useful or have a comment or suggestion, please leave a note below.
Pete, Thanks for reading. I
Pete,
Thanks for reading.
I would be honored to have you publish my solution on your site. Let me know when you do and I'll post a link back.
Hi Robert, I still haven't
Hi Robert,
I still haven't figured out why some Captchas are small and not readable when it is possible to create GIANT sized captcha images which can also be very clear to read even by the miopic.
The main point I am writing here is:
would you be interested in letting me publish your numeric captcha solution on my website ?
( www.captcha.biz )
Obviously with due credit given.
thanks
Pete