[Solar-talk] Image Captchas and RTE's
Paul M Jones
pmjones at solarphp.com
Thu Aug 3 08:34:57 PDT 2006
On Aug 3, 2006, at 10:26 AM, Rodrigo Moraes wrote:
> On 8/3/06, Paul M Jones wrote:
>> Perhaps storing it in a session variable would be sufficient? That
>> might help to avoid a database hit.
>
> Yes, this could be a solution... I'm thinking that a reference to the
> session key would be needed in the form to allow concurrent captchas
> for the same user (hm, this would be a requirement for me). I'm not
> sure if it is a good idea to disclose a session key in a form,
> however.
(Disclaimer, I don't use captchas much.)
I don't think you'd have to disclose the session key; that's already
being maintained by PHP automatically. I think all that'd be
required is to check the user-entered captcha value against the
session variable. If it matches, then life is good. If not, you can
refuse the submit, write a new captcha value to the session variable,
and send back the refused form with a new captcha image.
Does that make sense?
--
Paul M. Jones <http://paul-m-jones.com>
Solar: Simple Object Library and Application Repository
for PHP5. <http://solarphp.com>
Savant: The simple, elegant, and powerful solution for
templates in PHP. <http://phpsavant.com>
More information about the solar-talk
mailing list