Jump to content
  • Advertisement
Sign in to follow this  
rainny

[web] CAPTCHA checking in PHP

This topic is 3772 days old which is more than the 365 day threshold we allow for new replies. Please post a new topic.

If you intended to correct an error in the post then please contact us.

Recommended Posts

I've been reading a few articles on developing a good CAPTCHA system in PHP. The problem that I find with these methods is that the solution that the user is supposed to type in is stored in the $_SESSION array. for example, here's a small code snipped to check if the what the user typed into the CAPTCHA form is correct:
$user_answer = $_POST['captcha'];
if ( $_SESSION[ 'captcha_answer' ] == $user_answer )
{
  //user is human!
}

My problem is that can't a spam-bot easily look into the session array for the answer? Or am I a bit misguided as to where the session data is stored?

Share this post


Link to post
Share on other sites
Advertisement
Quote:
Original post by UziMonkey
Sessions are stored server-side so no, they can't.


Oh ok. So, do you mind telling me what exactly is stored client-side?
I'm just curious.

Share this post


Link to post
Share on other sites
[EDIT]^^^ i'm too slow ;)
A key-number is stored client side. The client send this number to the server, which the server then uses to load up the right session array.

Share this post


Link to post
Share on other sites
I guess I should reword my question.

What is stored client-side that tells the server which session is the clients?

Share this post


Link to post
Share on other sites
Sign in to follow this  

  • Advertisement
×

Important Information

By using GameDev.net, you agree to our community Guidelines, Terms of Use, and Privacy Policy.

We are the game development community.

Whether you are an indie, hobbyist, AAA developer, or just trying to learn, GameDev.net is the place for you to learn, share, and connect with the games industry. Learn more About Us or sign up!

Sign me up!