没有会话的PHP Captcha [英] PHP Captcha without session
问题描述
好的,这是一个问题:在我正在从事的项目中,我们不能依靠服务器端会话来获得任何功能。
Ok, here is an issue: in the project i'm working on, we can't rely on server-side sessions for any functionality.
问题在于,常见的验证码解决方案要防止自动提交,需要会话存储字符串以使其与验证码相匹配。
The problem is that common captcha solutions from preventing robotic submits require session to store the string to match captcha against.
问题是-有没有不用会话就可以解决问题的方法吗?我想到的是-提供隐藏的表单字段(包含一些哈希)以及验证码输入字段,以便服务器可以将这两个值匹配在一起。但是我们如何才能确保此方法的安全性,使其不能轻松破解验证码。
The question is - is there any way to solve the problem without using sessions? What comes to my mind - is serving hidden form field, containing some hash, along with captcha input field, so that server then can match these two values together. But how can we make this method secure, so that it couldn't be used to break captcha easily.
推荐答案
会话或数据库源于需要将图像的GET与包含该图像的html页面进行协调,因此如何使用相同的代码来嵌入验证码图像:[img src ='data:image / jpeg; base64,... '],使用随机盐将其哈希值作为文本哈希值,然后通过单个GET将随机盐和哈希值与图像一起发送给客户端?
The need for session or database comes from the need to coordinate the GET for the image with the html page containing it, so how about use the same code to embed a captcha image: [img src='data:image/jpeg;base64,...'], use a random salt to hash its text, then sending the random salt and hash together with the image to the client in a single GET?
在回发时,您附加用户输入盐,然后比较哈希值。只是想知道这样做会有多安全...
On postback you append the user text to the salt then compare the hashes. Just wondering how safe this would be...
这篇关于没有会话的PHP Captcha的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
