穷人的验证码:为什么这不起作用? [英] Poor man's captcha: why wouldn't this work?
问题描述
让我们说我们正在努力让博客和论坛垃圾邮件发送者保持在我们网站的
之外 - 我们并没有试图保护堡垒诺克斯。
1)第一步是一次性步骤。
我们创建六个不同的css文件,用不同的方式定义
相同的六个颜色名称,但是每个这样的
css文件将红色分配给一个并且只有这两个相同的六个颜色名称之一的
,然后存储
document_root。
2)我们制作一个动态生成的GET页面,修改一个随机数
到
在1到6之间并将该数字设置为会话变量。
该数字将在稍后的POST中告诉我们生成动态POST页面时要使用的六个
我们还随机创建1到256之间的6位数字,并将它们连接成一个逗号分隔的字符串中的
。我们将该字符串
设置为会话变量。
3)在帖子中我们生成一个页面,指定一个
of根据第一个会话变量的值
,其标题中的六个css文件。因为我们有那个会话
变量,并且因为我们知道我们现在使用的六种不同的
css方案中的哪一种,我们知道哪个css属性
$ b当前计划中的$ b表示红色。我们不关心其他的颜色。
4)现在我们生成256个随机数字(介于1-256之间)到一个数组中。 br />
我们遍历数组并将< b class =" xx"> $ digit< / b>
连接到一个字符串上。 Foreachsuch< btag我们随机选择一个
已知的红色css颜色,除了N数组索引数字
我们从爆炸的逗号中获得-delimeted session var#2。
我们将那些< b class =" yy标签设置为已知的颜色(仅限我们)
为红色。
5)现在我们回显< btags字符串。随机生成的256个数字中的六个随机生成的数字将为红色,其他所有数字都是b / b
某些未确定的颜色。但是我们知道哪些是红色的。
红色。
6)现在我们再做一个帖子,要求用户告诉我们哪个
$ b $ 256位数的b为红色。
7)如果post变量与会话内容匹配,我们继续,
否则我们告诉客户端计算机要切手指关闭
垃圾邮件发送者的双手和吸烟的座位。
Let''s say we''re trying to keep blog and forum spammers out
of our site--we''re not trying to protect fort knox.
1) Step one is a one-time-only step.
We create six different css files that define the
same six color names differently, but each such
css file assigns red to one and only
one of those same six color names, and then store
the six somewhere in the document_root.
2) We make a dynamically generated GET page that mods a random number
to
between 1 and 6 and sets that number as session variable.
That number will tell us in a later POST which of the six
css files to use when we generate a dynamic POST page.
We also randomly create 6 digits between 1 - 256 and concatenate
them
into a comma delimeted string. We set that string
as a session variable.
3) In the post we generate a page that specifies one
of the six css files in its header, according the value
of first session variable. Because we have that session
variable, and because we know which of the six different
css schemes we are now using, we know which css attribute
in the current scheme means red. We don''t care about the other
colors.
4) Now we generate 256 random digits (between 1 - 256) into an array.
We loop through the array and concatenate a <b class="xx">$digit</b>
onto a string. Foreachsuch <btag we randomly choose one of
the css colors known not to red, except for the N array index digits
we get from the exploded comma-delimeted session var #2.
We set those <b class="yy"tags to the color known (only to us)
to be red.
5) Now we echo the string of <btags. Six out of the
256 randomly generated digits will be red, all the others
some undetermined color. But we know which ones are
red.
6) Now we do another post, asking the user to tell us which
of the 256 digits are red.
7) if the post variable matches the session stuff, we proceed,
else we tell the client computer to chop the fingers off
the spammer''s hands and smoke the seat of his pants.
推荐答案
数字< / b>
到字符串上。 Foreachsuch< btag我们随机选择一个
已知的红色css颜色,除了N数组索引数字
我们从爆炸的逗号中获得-delimeted session var#2。
我们将那些< b class =" yy标签设置为已知的颜色(仅限我们)
为红色。
5)现在我们回显< btags字符串。随机生成的256个数字中的六个随机生成的数字将为红色,其他所有数字都是b / b
某些未确定的颜色。但是我们知道哪些是红色的。
红色。
6)现在我们再做一个帖子,要求用户告诉我们哪个
$ b $ 256位数的b为红色。
7)如果post变量与会话内容匹配,我们继续,
否则我们告诉客户端计算机要切手指关闭
垃圾邮件发送者的双手和吸烟裤子的座位。
digit</b>
onto a string. Foreachsuch <btag we randomly choose one of
the css colors known not to red, except for the N array index digits
we get from the exploded comma-delimeted session var #2.
We set those <b class="yy"tags to the color known (only to us)
to be red.
5) Now we echo the string of <btags. Six out of the
256 randomly generated digits will be red, all the others
some undetermined color. But we know which ones are
red.
6) Now we do another post, asking the user to tell us which
of the 256 digits are red.
7) if the post variable matches the session stuff, we proceed,
else we tell the client computer to chop the fingers off
the spammer''s hands and smoke the seat of his pants.
pittendrigh写道:
pittendrigh wrote:
让我们说我们正试图阻止博客和论坛垃圾邮件发送者
我们网站的
- - 我们不是想保护堡垒knox。
Let''s say we''re trying to keep blog and forum spammers out
of our site--we''re not trying to protect fort knox.
....好吧,垃圾邮件发送者并没有坐在键盘上,这是一个机器人。 br />
这就是为什么我们需要一个穷人的验证码。
....ok, the spammer is not sitting at a keyboard, it''s a bot.
That''s why we need a poor man''s captcha.
pittendrigh写道:
pittendrigh wrote:
现在我们回显< btags的字符串。 256个随机生成的
数字中的6个将是红色,其他所有数字都是未确定的颜色。但我们知道
哪些是红色的。
Now we echo the string of <btags. Six out of the 256 randomly generated
digits will be red, all the others some undetermined color. But we know
which ones are red.
如果用户是色盲,则不是。也许有可能使一些数字加粗,斜体或大小与其他数字不同。
基于颜色的任何东西都是一个很大的可访问性问题在这种情况下,很容易避免使用
。
-
Benjamin D. Esham
bd ***** @ gmail.com |目的:bdesham128 | Jabber:和电子邮件一样
" ...英语和一个纯粹的妓女一样纯洁。我们不只是用b
借词;有时候,英语已经追逐其他语言
沿着小巷打败他们失去意识并掏出他们的口袋
换新词汇。一个?? James Nicoll
Not if the user is colorblind. Perhaps it would be possible to make some of
the numbers bolded, italicized, or sized differently from the others.
Basing anything on color, though, is a big accessibility issue that is
easily avoided in this case.
--
Benjamin D. Esham
bd*****@gmail.com | AIM: bdesham128 | Jabber: same as e-mail
"...English is about as pure as a cribhouse whore. We don''t just
borrow words; on occasion, English has pursued other languages
down alleyways to beat them unconscious and rifle their pockets
for new vocabulary." a?? James Nicoll
这篇关于穷人的验证码:为什么这不起作用?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
