On Wed, February 21, 2007 7:17 am, Bare wrote: > Ok, I could store actual security code in a hidden text field of the > form, > but then it wold be visible to spam bots, isn't it? Google for CAPTCHA to find a zillion solutions, and read them. But you are on the right track, and your assumptions about hidden text fields are correct. If, however, you store an ID for the user, such as with http://php.net/session_start and then store the correct answer on the SERVER where they cannot get it, in, say $_SESSION, then you can check their answer with the correct one, without actually exposing it to them. Unless, of course, they want to write an OCR routine to examine the pixels of your CAPTCHA, and defeat it that way. Which means that any CAPTCHA that isn't going to be too tricky for humans can be beat by the computer, if somebody wants to badly enough. CAPTCHA also has serious accessiblity issues. -- Some people have a "gift" link here. Know what I want? I want you to buy a CD from some starving artist. http://cdbaby.com/browse/from/lynch Yeah, I get a buck. So? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
