I have a website that’s been having some spam problems, and so I created a system that makes a user do a captcha every week before they can access the website. None of it is super advanced, so just for reference, here is how it basically works:
[php]
<?php if($_COOKIE['beenhere']) { } else { header('Location: [Page with captcha]'); } ?>[/php]
This first section of PHP is on the page of the website that gets the spam problem. It checks to see if they have the cookie that lets them bypass the captcha. If they don’t, they are redirected to the page with the captcha on it. Once the captcha is submitted, they are sent to the page that verifies that the captcha is correct:
[php]
<?php [Irrelevant stuff from the captcha...The part below gets executed if the captcha is correct] ?> [/php]If it is correct, they are redirected to a page with that does this:
[php]<?php
$tk=$_GET[“tk”];
if ($tk==“123849084098430928004983029”) setcookie(“beenhere”,‘1’, time()+3600*168);
?>
This page sets the cookie and redirects them back to the homepage.
So the problem here is that just by going to the continue.php page, you would be able to get the cookie that allows you to bypass the captcha. So that’s why I temporarily added the part where you need that long number to be in the URL on the continue.php page in order for it to set the cookie.
What I’m wondering is if there is a way to make that long number be a different thing every time? Remember that the same random number would have to be on two different pages (is has to be like that…the captcha system was giving me errors when I tried to put the part where it created the cookie on the page that verifies that captcha). If that’s not possible, are there any other suggestions for what to do?
Thanks in advance!
