Current location: Hot Scripts Forums » Programming Languages » PHP » Enter security code before submitting form

Enter security code before submitting form

Reply
  #1 (permalink)  
Old
Newbie Coder
 
Join Date: Jun 2007
Posts: 38
Thanks: 0
Thanked 0 Times in 0 Posts
Enter security code before submitting form

Hi everyone. On some forms, before you submit the form, you have to enter a random code of letters and numbers in a box (as seen in the picture usually located above the box). I assume this is so that you can't setup a program to automatically keep submitting forms. I would like to implement something like this on my site. Does anyone have a link to a page where i can get the code for this or some code taht could stear me in the right direction. I assume that this would be some type of javascript....sorry for putting this in the wrong category if it is not a javascript program...not quite sure. An example of what I am looking for is at the bottom of the web page below:

https://signup.live.com/hmnewuser.as...ollrs=11&lic=1

Thank you for any help you can provide.
Reply With Quote

Featured Marketplace Scripts (view more)

  #2 (permalink)  
Old
End User's Avatar
Level II Curmudgeon
 
Join Date: Dec 2004
Posts: 3,029
Thanks: 14
Thanked 35 Times in 33 Posts
__________________
I don't live on the edge, but sometimes I go there to visit.
-------------------------------------------------------------------------
Sanitize Your Data | Oracle Date & Substring Functions | Code Snippet Library | Call Of Duty

Last edited by End User; 08-23-07 at 01:46 PM.
Reply With Quote
  #3 (permalink)  
Old
mab's Avatar
Community VIP
 
Join Date: Oct 2005
Location: Denver, Co. USA
Posts: 2,681
Thanks: 0
Thanked 4 Times in 4 Posts
What you are talking about is referred to as a CAPTCHA - http://en.wikipedia.org/wiki/CAPTCHA

You need a server side scripting language (PHP/ASP/ASP.NET...) to securely implement this. What server side scripting language do you know/want to use?
__________________
Error checking, error reporting, and error recovery. If your code does not have these to get it to tell you why it is not working, what makes you think someone in a programming forum will be able to tell you why it is not working???
Reply With Quote
  #4 (permalink)  
Old
Christian's Avatar
Community VIP
 
Join Date: Mar 2005
Location: ProgrammingTalk
Posts: 2,448
Thanks: 0
Thanked 6 Times in 5 Posts
Moved to PHP for the time being. If you prefer another language, please either report the thread requesting it to be moved or reply to the thread.
__________________
:: ImperialBB :: New version in the works! :: http://www.imperialbb.com ::

:: Have a question about the board? The Rules? An Infraction/Warning? :: Contact Form ::
Reply With Quote
  #5 (permalink)  
Old
Newbie Coder
 
Join Date: Jun 2007
Posts: 23
Thanks: 0
Thanked 0 Times in 0 Posts
I'd also recommend my script, Advanced Textual Confirmation:
http://www.hotscripts.com/Detailed/68995.html
In my opinion, it's the easiest ever CAPTCHA script to install. And a logical question is better than crappy images.
__________________
Install textual CAPTCHA in 1 minute. Read blog about Spam Bots and CAPTCHAs.
Reply With Quote
  #6 (permalink)  
Old
mab's Avatar
Community VIP
 
Join Date: Oct 2005
Location: Denver, Co. USA
Posts: 2,681
Thanks: 0
Thanked 4 Times in 4 Posts
For a question/answer script to be effective, there must be several distinct sets of questions/answers (10 would be a reasonable minimum) with a large number of questions/answers in each set (at least 10-20) and the current set is rotated in a round robin fashion on an irregular basis. Otherwise, it would be possible to quickly teach a script all the answers. By completely rotating to a different set of questions/answers, any script that was taught the answers to one set, will stop being able to bypass this method until it is discovered that the questions have changed and it is taught the new current set of answers.
__________________
Error checking, error reporting, and error recovery. If your code does not have these to get it to tell you why it is not working, what makes you think someone in a programming forum will be able to tell you why it is not working???
Reply With Quote
  #7 (permalink)  
Old
Newbie Coder
 
Join Date: Jun 2007
Posts: 23
Thanks: 0
Thanked 0 Times in 0 Posts
You are both right and wrong. Right, because it's easy to pass a protection of a concrete site. But follow the speculations on this funny story:
Quote:
Jim and Joe are out hiking in the forest, when in the distance, they see a huge bear. The bear notices them, and begins angrily running toward them. Jim calmly checks the knots of his shoes and stretches his legs. Joe asks incredulously, “What are you doing? Do you think you can outrun that bear!?” Jim replies, “I don’t have to outrun the bear, I just have to outrun you.”

When it comes to locking your blog down from SPAM attacks, you don’t have to own the most secure blog in town; it just has to be more secure than the other blogs being chased by the same bear.
Unique questions adds more security than using a popular captcha.

Probably the question-answer approach isn't very good, but it works well at the moment and in the nearest future. More and more people use Textual Confirmation/VIP code/Bot Question Hack for phpBB, and nospam plugin for vBulletin (this forum uses it too).
__________________
Install textual CAPTCHA in 1 minute. Read blog about Spam Bots and CAPTCHAs.
Reply With Quote
  #8 (permalink)  
Old
mab's Avatar
Community VIP
 
Join Date: Oct 2005
Location: Denver, Co. USA
Posts: 2,681
Thanks: 0
Thanked 4 Times in 4 Posts
A bear sees all of his targets at the same time and will go after the weaker one.

Each instance of a spam bot script (more than one bear) only sees the site it is targeting (can chase after each person separately) and it can be customized to exploit the weakness of that one target.

All I said in the above post is for the question/answer method to be effective, for at least a while, you need a large number of questions/answers in multiple sets that completely change.

BTW, I extracted the code from the bbantispam.php file on your site in just a few moments. It took a bit longer to add new-lines to make it formated and readable.
__________________
Error checking, error reporting, and error recovery. If your code does not have these to get it to tell you why it is not working, what makes you think someone in a programming forum will be able to tell you why it is not working???

Last edited by mab; 08-24-07 at 12:57 AM. Reason: added word
Reply With Quote
  #9 (permalink)  
Old
Newbie Coder
 
Join Date: Jun 2007
Posts: 23
Thanks: 0
Thanked 0 Times in 0 Posts
Quote:
A bear sees all of his targets at the same time and will go after the weaker one.
For a bear, any human is weak (unless with a gun).

Quote:
it can be customized to exploit the weakness of that one target.
That's the main point and counter-point: "can be customized". Possibility of something doesn't mean it will occur. Spammers don't spam for moral satisfaction, they spam for profit. They are not going to spend theirs valuable time to customize for one specific site when they can spam thousands.

Quote:
All I said in the above post is for the question/answer method to be effective, for at least a while, you need a large number of questions/answers in multiple sets that completely change.
Experience shows that at the moment even the default questions "are you human" and "say hello" work well. Yes, it will change soon, but anyway,

Quote:
BTW, I extracted the code from the bbantispam.php file on your site in just a few moments. It took a bit longer to add new-lines to make it formated and readable.
No problem, no DMCA complaint will follow :-) This project (bbAntiSpam) is mostly to make the life better, and this goal is easier to reach with some income.
__________________
Install textual CAPTCHA in 1 minute. Read blog about Spam Bots and CAPTCHAs.
Reply With Quote
  #10 (permalink)  
Old
mab's Avatar
Community VIP
 
Join Date: Oct 2005
Location: Denver, Co. USA
Posts: 2,681
Thanks: 0
Thanked 4 Times in 4 Posts
For anyone who has already or will decrypt a copyrighted work protected by the DMCA for the academic purpose of identifying a weaknesses in the method used to encrypt it, you are protected by the following exception in the DMCA -
Quote:
Encryption research. An exception for encryption
research permits circumvention of access control measures, and the
development of the technological means to do so, in order to identify
flaws and vulnerabilities of encryption technologies.
However, you may not distribute the device or method used to bypass the access control nor violate the actual copyright on the protected material.
__________________
Error checking, error reporting, and error recovery. If your code does not have these to get it to tell you why it is not working, what makes you think someone in a programming forum will be able to tell you why it is not working???
Reply With Quote
Reply

Bookmarks


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Looking for php mail form w/ attachments and required fields Sithlord999 Script Requests 0 08-11-06 04:14 AM
Form Submit Security Utilizing PHP sixflagsga PHP 1 06-19-06 03:05 AM
Submitting form error Tiffany677 PHP 4 05-16-06 04:47 PM
Validating form radio boxes on submit (edit my code) Cepeleon JavaScript 2 04-08-05 04:08 AM
Error trapping x@x.xxx in form jonathen JavaScript 1 07-11-03 03:02 AM


All times are GMT -5. The time now is 04:15 PM.
vBulletin® Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.