Ajax software     Free javascripts 
↑


Main Page

To include the CAPTCHA question in a page, you simply need to include the simple CAPTCHA library,

and then call the

display_demo_form()

method somewhere on the page:

// display CAPTCHA question

SimpleCAPTCHA::display_demo_form();

This call will generate a form like this:

<form>What is six hundred fifty-seven + five?

<input type=”text” name=”response”>

<input type=”hidden” name=”hash” value=”be3159ad04564bfb90db9e32851ebf9c”>

</form>

The hidden hash field contains the

hashed

version of the correct answer.

When the form is submitted, the response typed by the visitor, together with the visitor ’s IP address, are

hashed, and the hash value is compared to the known hashed version of the correct answer. When the

form is submitted, it passes through GET both the answer submitted by the visitor, and the hash value

of the known correct answer:

http://localhost/seophp/comments.php?response=662&hash=

be3159ad04564bfb90db9e32851ebf9c

What Is Hashing?

Hashing is a means by which you obtain a unique calculated value that repre

-

sents another object. Different objects should always have different hash

values. The two most popular hashing algorithms are MD5 (Message Digest 5 —

http://en.wikipedia.org/wiki/MD5

) and SHA (Secure Hash Algorithm —

http://en.wikipedia.org/wiki/SHA-1

).

The hash value of a piece of data is calculated by applying a mathematical func-

tion (the hash algorithm) to that data. The property of these hashing algorithms

that makes it very useful when security is involved is that you can’t easily obtain

the original data from its hashed version (the algorithm is effectively one-way).

Take the example at hand: the hashed value of “662” is “be3159ad04564bfb90db

-

9e32851ebf9c,” but you couldn’t obtain the original “662” value if someone told

you the hash value. This property makes hashing particularly useful when storing

user passwords into a database. When the user tries to authenticate, the typed pass-

word is hashed, and the resulting hash value is compared to the hash value of the

original (correct) password, which was stored when the user initially created his or

her password. If the two values are identical, the entered password is correct. You

do not even need to store the passwords to authenticate users.

193

Chapter 8: Black Hat SEO

c08.qxd:c08 10:59 193

Ajax software     Free javascripts 
→