This is btw not a very useful CAPTCHA, because it should stop computers from submitting data, but a little bit smart programmer knows that he has to get session information from the image, and submit that to the form. Or what i saw used lately by a cracker, he was just using his own values in session and post, and so they matched :) So you should never send the same code as the code that has to be entered. Even encrypting with MD5 only won't stop hackers to defeat your script. Maybe you could use a database with this, so that you pass a reference to the real number shown. So that you have an ID and a CODE column. in rnum1.php you store the code into the database, and get the ID of the last one inserted (A discussion about this was around this list lately) Then you show the code in an image, and you store the ID in the session. Then you get ID from the session, then get the code from the database using the ID and compare it to the one entered in the form. Tijnema
What about an audio Captcha? Your thoughts? tedd -- ------- http://sperling.com http://ancientstones.com http://earthstones.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
