Home/ Questions/Q 5941985
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-22T16:11:15+00:00

As proposed by Stopping Bot [SO] – PHP i’ve developed a anti-bot system in

  • 0

As proposed by Stopping Bot [SO] – PHP i’ve developed a anti-bot system in PHP which code can be viewed at https://codereview.stackexchange.com/questions/2362/anti-bot-comment-system-php

But anyone can obtain a token by viewing getToken.php
In SO they get the token from stackauth.com [i think so by viewing page code], but when i browsed it it just showed some text !
How can i do something like that ? [token to be passed only when requested by the code, not by the browser]

The process of generating and verifying token
in the form page

$hash=sha1($time.$myKey);
echo $time.'#'.$hash;

In the poster/verification page

$token=explode($_POST['token'],'#',2);
if (sha1($token[0].$myKey)==$token[1])
 echo 'A good Human';

Edit
I do not store used token in the database, and a token get expired after [say] 5 minutes !
Think a bad user gets the token 2011-05-18 11:10:12#AhAShKey000000000 he can use the token to submit random text to 2011-05-18 11:15:12, how can i fix this issue ?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    After reading all the answer carefully i’ve developed this [thanx to all the people for their valuable comment and answer] 

    <?php
$time = microtime();
for ($i=1;$i<=10000;$i++)
 generateMath();

echo 'Generating '.$i.' math Took '.(microtime()-$time);

function generateMath()
{
 $operands = array(43,45,42);
 $val = chr(rand(48,57));
 $ope = chr($operands[rand(0,2)]);
 $txt = $val.$ope; //42* 43+ 45- 47/
 $val2 = chr(rand(48,57));
 $txt .= $val2;
 $ans = 0;
 if ($ope == '+')
  $ans = $val + $val2;
 else if ($ope == '-')
  $ans = $val - $val2;
 else if ($ope == '*')
  $ans = $val * $val2;
 echo $txt.' -> '.$ans.'<br/>';
}
?>

    This can be enhanced by adding random number of spaces in $txt = $val.$spaces.$ope.$spaces.$val2;

    And it was faster than CAPCHA, people will have to do a really simple math if they post more than 30 or so comments in an hour !

    • 0