View Full Version : Adding CAPTCHA for first-time use of my site's shoutbox.

09-07-2009, 11:09 AM

I was wondering if it was possible to include a CAPTCHA field on my sites Shoutbox (http://kwivia.co.uk/c/), but, the CAPTCHA would disappear once the user has entered in a code once.

Is it possible?
If yes, how could I do this?


09-07-2009, 01:05 PM
You could set some session variable after the CAPTCHA is entered. E.g. like this:

$_SESSION['captcha_entered'] = 1;

If the variable is not empty (http://php.net/empty) or is set (could be checked with isset() (http://php.net/isset)), you would not show the CAPTCHA ever again.

// Show your CAPTCHA here

// Show your CAPTCHA here

Please notice that it is possible to make an attack when an attacker enters the CAPTCHA for the first time manually. And then uses a script to send as much spam to your shoutbox as he wishes...

09-07-2009, 01:25 PM
If you use sessions, they'd expire and the user has to type in the captcha code again.

Or you could log it in the database - which if they have posted a captcha code and input it in a table, and then check if the user has posted a captcha code.

But as the person above me said, it could be dangerous.