www.webdeveloper.com
Results 1 to 2 of 2

Thread: random picture by js to be POSTed to php

  1. #1
    Join Date
    Jun 2011
    Posts
    1

    random picture by js to be POSTed to php

    Hi there:

    The background of this thread is about CAPTCHA:

    HTML Code:
    <script language=javascript>
    id=Math.round(Math.random()*2)+1
    document.write("<img src="+id+".jpg>")
    </script>
    above is the js code I use to generate a random id, which in effect displays id.jpg on the web page (assume we have id.jpg in the right folder).

    When a user sees that page, he is going to choose what word describes the picture best. (purpose of CAPTCHA: verify the user is a human)
    HTML Code:
    <select name="selected[1]">
    <option value="">Click to identify</option>
    <option>Clock</option>
    <option>Dog</option>
    <option>Ship</option>
    <option>Tree</option>
    </select></td><td>
    The selection is sent to backend php script using POST method.


    Here is my problem:
    In the php script, I know, for example, the user chose Dog to describe the mysterious jpg generated by js code. But there's no way for me to know the id of the jpg file generated by js code. Hence, I will not be able to check whether the user chose a valid description of the jpg file.

    How can I send information about the id of the jpg file to the php script?

    Any idea is appreciated.

  2. #2
    Join Date
    Jan 2005
    Posts
    349
    Basically, you need to also write that number out to a (hidden) form field, so that it gets submitted alongside the rest of the form.

    One work of warning though - make sure that the OPTIONS in the SELECT are not in the same order as the images, and ideally have more than one image for each 'type', so that it really can't be worked out by a computer.

    Finally, bear in mind that on this basis, you will only have this secure if you also randomise the images on the server end, otherwise an attacker only needs to see your form once, then whatever number comes up can be recorded, and the corresponding answer used - you have no way of enforcing that the javascript runs at all. (You _could_ match things up on the server side, but that would require a lot of extra work - would be much easier just to make use of one of the pre-built CAPTCHA solutions.)

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
HTML5 Development Center



Recent Articles