科技改变生活-雨落星辰 - 所有的伟大,都源于一个勇敢的开始

    最新消息:雨落星辰是一个专注网站SEO优化、网站SEO诊断、搜索引擎研究、网络营销推广、网站策划运营及站长类的自媒体原创博客
    你的位置: 首页>programmer>forms - Javascript Captcha - Stack Overflow

    forms - Javascript Captcha - Stack Overflow

    programmeradmin2浏览0评论

    I found this great little code online but it doesn't seem to be paring the two strings after removing the spaces correctly? I know some js but whatever wrong here is beyond my understanding. Hopefully someone will know the answer to this.

    Note: it seems to also validate based on the number of chs and not what those chs are, the numbers dont seem to need to match up, just so long as there's enough of them.

    Org code was done by "mama21mama" from ".php?t=6489&highlight=captcha"

    I have made some small personal modifications to try to fix it, below is my vr.

    <script type="text/javascript">
    function DrawCaptcha() {
        var a = Math.ceil(Math.random() * 9)+ '';
        var b = Math.ceil(Math.random() * 9)+ '';       
        var c = Math.ceil(Math.random() * 9)+ '';  
        var d = Math.ceil(Math.random() * 9)+ '';  
        var e = Math.ceil(Math.random() * 9)+ '';  
        var f = Math.ceil(Math.random() * 9)+ '';  
        var g = '10';  
        var code = a + ' ' + b + ' ' + ' ' + c + ' ' + d + ' ' + e + ' '+ f + ' ' + g;
        document.getElementById("txtCaptcha").value = code
    }
    function ValidCaptcha() { // valida los numeros ingresados
        var str1 = removeSpaces(document.getElementById('txtCaptcha').value);
        var str2 = removeSpaces(document.getElementById('txtInput').value);
        if (str1 == str2){
            return true; } 
        else {
            return false; } 
    }
    function removeSpaces(string) { 
        return string.split(' ').join('');
    } 
    </script>

    I found this great little code online but it doesn't seem to be paring the two strings after removing the spaces correctly? I know some js but whatever wrong here is beyond my understanding. Hopefully someone will know the answer to this.

    Note: it seems to also validate based on the number of chs and not what those chs are, the numbers dont seem to need to match up, just so long as there's enough of them.

    Org code was done by "mama21mama" from "http://osticket./forums/showthread.php?t=6489&highlight=captcha"

    I have made some small personal modifications to try to fix it, below is my vr.

    <script type="text/javascript">
    function DrawCaptcha() {
        var a = Math.ceil(Math.random() * 9)+ '';
        var b = Math.ceil(Math.random() * 9)+ '';       
        var c = Math.ceil(Math.random() * 9)+ '';  
        var d = Math.ceil(Math.random() * 9)+ '';  
        var e = Math.ceil(Math.random() * 9)+ '';  
        var f = Math.ceil(Math.random() * 9)+ '';  
        var g = '10';  
        var code = a + ' ' + b + ' ' + ' ' + c + ' ' + d + ' ' + e + ' '+ f + ' ' + g;
        document.getElementById("txtCaptcha").value = code
    }
    function ValidCaptcha() { // valida los numeros ingresados
        var str1 = removeSpaces(document.getElementById('txtCaptcha').value);
        var str2 = removeSpaces(document.getElementById('txtInput').value);
        if (str1 == str2){
            return true; } 
        else {
            return false; } 
    }
    function removeSpaces(string) { 
        return string.split(' ').join('');
    } 
    </script>
    • javascript
    • forms
    • validation
    • captcha
    Share Improve this question asked Sep 27, 2011 at 16:19 webmaster alex lwebmaster alex l 6634 gold badges17 silver badges32 bronze badges 6
    • 1 It seems fine to me (enter the numbers, result of ValidCaptcha is alerted onblur of input): jsfiddle/APzxv/5 – James Allardice Commented Sep 27, 2011 at 16:24
    • 1 This doesn't seem like a very secure captcha to me. One could easily rewrite ValidCaptcha to just return true. Hopefully others will chime in on that as I'm not a captcha expert. – Matt Greer Commented Sep 27, 2011 at 16:35
    • Validating a CAPTCHA client side in this way would mean it would be easily bypassed. Related ment: stackoverflow./questions/1998341/… – mattle Commented Sep 27, 2011 at 16:38
    • I need to add captcha to my form, is there an easier way to plug the function in? – webmaster alex l Commented Sep 27, 2011 at 16:42
    • You can't do the captcha client side and have it be secure. It's entirely possible the captcha doesn't need to be that secure. But if it does, you need to do the validation on the server. You can always use an AJAX call to do that. – Matt Greer Commented Sep 27, 2011 at 16:50
     |  Show 1 more ment

    1 Answer 1

    Reset to default 9

    Do not use this code. It does nothing to increase security.

    In order for a captcha to be effective, the answer to the captcha must be a secret known only by the server. A client-side script cannot implement a captcha because the client code would necessarily know the answer.

    This script does nothing to secure your sever against a malicious attack. All the JavaScript in the world doesn't prevent an attacker from writing a script that POSTs a fake form to your server. Since the captcha validation happens on the client, your sever is clueless as to whether the request is legitimately generated by a human.

    This captcha also misses the point by rendering the challenge as plain text. Any script could read the challenge from the DOM and provide the correct answer.

    This script is useless if a browser has JavaScript disabled. This script is useless if I type ValidCaptcha = function() { return true; } in the console.

    Instead of trying to roll your own, use reCAPTCHA. It is free, has an easy API, and has built-in acodations for blind users.

    与本文相关的文章

    发布评论

    评论列表(0)

    1. 暂无评论