Unset not Unsetting

mark_and_co

Hi,

I am setting up an affiliate section to my website - I want it to be secure so that no robots can create loads of accounts.

What I've decided to do is make the form in one php page split into 3-4 different browser pages. At the end of each browser page is a submit button which enters/updates the database then pulls up the next screen. In each form is a hidden form value so the site know which page to load next.

If I wasn't concerned about the security aspect I would simply do a Header(location: to/my/site/page.php?id=2); but this is not possible as the value needs to be POST not GET.

Am I going the wrong way about this?

pls let me know
Thanks

Mark Baker

dalecosp

Hi, Mark....

First of all, your topic is confusing. I don't see any mention of [man]unset/man in your post. This is probably just a mistake on your part; but it could be construed as antisocial behavior if it happens often 😉

The standard practice, these days, for disallowing robot submissions seems to be dynamic image generation, as most bots don't seem to be able to read image content and post it into the form.

PHP is very capable of dynamic image generation. I have run a tutorial or two, but haven't yet had cause to implement this on a real world project.

It would be rather trival to create small PNG images of each letter of the alphabet, and have PHP pick several of them at random to display; then the user would have to enter this garbage word into a verification field. This might be the thing you want in this situation.

Finally, I'm curious about this:

If I wasn't concerned about the security aspect I would simply do a Header(location: to/my/site/page.php?id=2); but this is not possible as the value needs to be POST not GET.

If you are splitting form submission across several pages, how would you submit the form with a call to [man]header/man? Headers must be sent prior to any output, whatsoever, to the browser.

HTH,

mark_and_co

Hi,

Sorry for the lack of construct in my previous post (and most probably this one)... time is money and all...

Anyway, could you point me in the direction of those image scripts.

Just to clarify your last point. By using the header method I would have to append to the URL like ?foo=bar&foo1=bar1 etc.

This is something I wanted to avoid. I want to be able to carry the form from one page to a next without it causing problems if the page is refreshed for any reason.

I did warn you about the lack of... well everything.

Cheers anyway.

dalecosp

The tutorials I worked through on dynamic images were at Zend.com ... shouldn't be too hard to find there.

I was thinking, in that 4th paragraph, of a simple homebrew type script. Make 26 images, or so, and do something like:

<?php

$remember_image=array();
while ($x<8) {
     $img=rand(1, 26);
      echo "<img src=\"images/alpha/$img.png\">
";
     $x++;
     $remember_image[$x]=$img;
}

Then you'd have them input the random letters ... you'd have to figure a bit more work to do the actual comparison, but $remember_image is a start to that idea ...

HAND,