zaterdag 16 februari 2013

The official CAPTCHA boycot.


Dear readers.

For years now, all the internet users have been proving to websites that they are not robots, thanks to a small group of exploiters, who automate crawlers to post their link everywhere on the internet.

For these same years, there have been alternate methods to keep spammers out, but webmasters and programmers are either too LAZY  to adept, or too scared of not being mainstream, causing all of us to waste our energy into telling a computer for example that 2+2=4, as if a 50 year old computer couldn't calculate that.

So how can we stop this pure timewasting? Share this post to any webmaster or webprogrammer or website that you know.
If you arent one of those, then you are allowed to stop reading now, as the stuff below doesnt concern you.


Below here is the example of an alternate method to keep spammers out, this one is written in PHP, but any web programming language can use this method. Smallest issue is that anyone submitting a form using this method, needs to have cookies plus javascript enabled, but c'mon, this is 2013, not the middle ages. Most captcha scripts also require javascript enabled anyway.

------------------
form html:
-------------
<form class="sec"  action="formhandler.php">
<input type="text" name='required"
onfocus="
var d= new Date();
$.get('handlers/token.php?'+d.getTime()+'='+d.getTime(),
function (txt){
$('.sec').append('<input type=\'hidden\' name=\'ts\' value=\''+txt+'\' />');
});
this.focus;this.select();
"

You can see this small part is written partly in jQuery markup, feel free to re-write it in normal javascript.
You can also note we need a token.php file.




------------
token.php:
------------
<?php

$ct=time();
setcookie('token',md5($_SERVER['SERVER_SIGNATURE'].$_SERVER['PATHEXT'].$_SERVER['HTTP_USER_AGENT'].$ct), 0, '/');
echo $ct;

?>



 --------------
 handler.php:
---------------
 <?php
$formtimeout=60*20; # 20 minute for fill in a form



$override="o"; # "on" for disable spammerprotection







## anti spambot validation
if (isset($_POST['ts']) && isset($_COOKIE['token']) && $_COOKIE['token']==md5($_SERVER['SERVER_SIGNATURE'].$_SERVER['PATHEXT'].$_SERVER['HTTP_USER_AGENT'].$_POST['ts']) && (int)$_POST['ts']+$formtimeout > time()){
#$allowsql=true;
}else{ if ($override!="on"){

#spamprotect debugging
#echo md5($_SERVER['SERVER_SIGNATURE'] . $_SERVER['PATHEXT']. $_SERVER['HTTP_USER_AGENT']. $_POST['ts']). "<hr />";echo $_COOKIE['token']."<hr />";
#if ((int)$_POST['ts']+$formtimeout > time()){echo  (int)$_POST['ts']+$formtimeout."<hr />";echo time();}

#possible unsafe user redirect to main page
#header("Location: ../index.html");
die("unsafe user");}
}

#your  form processing  here

 ?>

Geen opmerkingen:

Een reactie posten