$user_answer = $_POST['captcha'];
if ( $_SESSION[ 'captcha_answer' ] == $user_answer )
{
//user is human!
}
[web] CAPTCHA checking in PHP
Author
I've been reading a few articles on developing a good CAPTCHA system in PHP. The problem that I find with these methods is that the solution that the user is supposed to type in is stored in the $_SESSION array.
for example, here's a small code snipped to check if the what the user typed into the CAPTCHA form is correct:
My problem is that can't a spam-bot easily look into the session array for the answer?
Or am I a bit misguided as to where the session data is stored?
Author
Quote:Original post by UziMonkey
Sessions are stored server-side so no, they can't.
Oh ok. So, do you mind telling me what exactly is stored client-side?
I'm just curious.
[EDIT]^^^ i'm too slow ;)
A key-number is stored client side. The client send this number to the server, which the server then uses to load up the right session array.
A key-number is stored client side. The client send this number to the server, which the server then uses to load up the right session array.
Author
I guess I should reword my question.
What is stored client-side that tells the server which session is the clients?
What is stored client-side that tells the server which session is the clients?
This topic is closed to new replies.
Advertisement
Popular Topics
Advertisement
