I have made a nice picture with random letters popping up. But I have a questions. When you do this, how do you compare what they write with the picture it self.

I mean you have to store it somewhere as plain text don't you? And if you store it in the HTML then any bot can just read it. So what is the common practice for this kind of stuff?

- ØØ -

i dont understand please explanation ?

I suppose the answer is you need to remember it somehow on the server. If you have started a session with session_start(), session_register(), etc, then you can simply add the correct response to the $_SESSION assoc. array:


$_SESSION['correct_answer'] = 'abfj124';


// ....
if ($_GET['correct_answer'] == $_SESSION['correct_answer'])
{
// ...
}

We used a session var - another way would be to store the md5 of the code in the HTML. Session var is tidier though.

Ahhh, heard about that. NEver tried it before. Will try it out, and tell you if I fail misserably..:)



- ØØ -

Using sesisons is the only bot proof way, an MD5 can be forged easy enough. Simply add the session ID to one of the form variables or append it to the query string. No need to use a session cookie.

I have a session handler which I will upload later.

No need, I got it working. Even if the performance of my server these days is like someone is stuck on the F5 button on my front page.....



http://www.noteme.com/images/ss/thanks.jpg
- ØØ -