securing a registration form
Posted: Sat Jul 10, 2004 12:37 am
Hi, I designed a little snippet that prevents people from registering hundreds of accounts on a game server. It generates an image of 5 numbers, between 0 and 9. and they have to confirm that number in a text box.
There is one problem though, a malicious person could easilly get around this by going to script.php?securitycode=42181&confirmsecuritycode=42181
Because, they arent using the form to register, they are using a URL.
I need some way to prevent this, because the PHP page holds scode as a hidden form value, and the confirm is a form text value, but still, if you see what I'm saying, theres a way around this.
I'm terrible at ideas, hehe, that's the problem.
So could anyone help me? thanks.
There is one problem though, a malicious person could easilly get around this by going to script.php?securitycode=42181&confirmsecuritycode=42181
Because, they arent using the form to register, they are using a URL.
I need some way to prevent this, because the PHP page holds scode as a hidden form value, and the confirm is a form text value, but still, if you see what I'm saying, theres a way around this.
I'm terrible at ideas, hehe, that's the problem.
So could anyone help me? thanks.