$user_answer = $_POST['captcha'];
if ( $_SESSION[ 'captcha_answer' ] == $user_answer )
{
//user is human!
}
[web] CAPTCHA checking in PHP
I've been reading a few articles on developing a good CAPTCHA system in PHP. The problem that I find with these methods is that the solution that the user is supposed to type in is stored in the $_SESSION array.
for example, here's a small code snipped to check if the what the user typed into the CAPTCHA form is correct:
My problem is that can't a spam-bot easily look into the session array for the answer?
Or am I a bit misguided as to where the session data is stored?
Quote:Original post by UziMonkey
Sessions are stored server-side so no, they can't.
Oh ok. So, do you mind telling me what exactly is stored client-side?
I'm just curious.
[EDIT]^^^ i'm too slow ;)
A key-number is stored client side. The client send this number to the server, which the server then uses to load up the right session array.
A key-number is stored client side. The client send this number to the server, which the server then uses to load up the right session array.
This topic is closed to new replies.
Advertisement
Popular Topics
Advertisement