问题标签 [captcha]

I want to redirect the user to another page to fill out a captcha but i would like to keep the post data, and if the captcha pass to send it 'back' and complete the previous page action.

When/if the user succeeds i like to add an captchaPass=true and would like access the post data and continue processing. Right now i am using redirects but ATM i am not required to use it.

Is it possible to carry the post data? keep in mind i may the user access multiple pages so separating data and not having a mixup is necessary.

One idea is to get and save all posted data [1] on the captcha page, and then recreate a middle white page with this form data and automatically make a new post to the previous page.

Can this work with out any issues with hash checks and security ?

Is there a better idea with out this white redirect page ?

[1] One other issue here, how to send this posted data with the redirect ? and not change the url - or make it too big to accept it. Keep in mine that a server transfer may not good idea because is complicate the thinks on captach post back.

Update 1

The basic idea here is how some one capture the full post back of a page, show a different one page and then send the post back data to the original first one.

The reason is to stop a bad user, or an attacker bot program that try to bring down the pages/server by making many post back from different pages in short time. All that happens with out javascript, and most attackers use custom made programs that just make post of data to all page together try to bring down the system.

For example, if a page have a search box, is very easy for most of the the site to bring them down by start making hundred of random search with wildcard (called and Dos Attacks using SQL wildcards) and make the sql server and the computer spend his time and cpu to search and search thinks. So to prevent an attack like this you need to recognize multiple post backs from the same computer, and then the next step is to redirect him to a captcha page to block him out in case that is a computer program.

Other example, many page have email submit, very easy you can submit hundred times the email of his and full his mail box in no time with hundred of emails, or on a store to place all items on the cart again and again and full the database with stuff like that.

So ajax and javascript is not working in this case, and we need a way to redirect him after the post back to a page that can check if is a real user or an attacker and stop him - but if is a real user must return back to his normal action.

Update 2

This all must be done in a general way, eg on BasePage, or on Global.asax or somewhere that is independed from the content of any page. Because we try to prevent a DoS attack, or multiple submit anywhere on any random place of any random page.

Yes I know how you can place a captcha on the contact page, but this is not what this question was first asked for - this questions asked how can carry post data to one different page, keep them there and then resend them back to the original one.

The obvious solution is to read all post back, and save them on the form, and then read them back and make on fly a form only with that data and make the post back. Here I am asking if there are any other better than this solution.

Other Applications

There is also the case that a user is inside a page that request authentication, but the authentication ticket has expired, and the user make post back. In this case we need to keep somewhere all the posted back data, to proceed with the login page, and resend them back to the first page that request the authentication.

我是否需要创建数据库表才能在注册表单上实现验证码？

我已经在我的表单中实现了一个验证码，但它似乎没有得到验证。我在下面包含了代码，以查看我的布局中是否有任何明显的内容以及如何进行修改。该帖子的公钥和私钥已被删除。

谢谢。

因此，我通过以下说明在我的 ASP.NET MVC 应用程序中实现了 ReCaptcha：

http://devlicio.us/blogs/derik_whittaker/archive/2008/12/02/using-recaptcha-with-asp-net-mvc.aspx

我的问题是，在我创建了对我的 dll 的引用之后，我应该将 DLL 放在我的解决方案中的什么位置？我应该只创建一个参考文件夹还是...？

什么是我应该将 recaptcha.dll 放置在我的项目中的最佳实践，以便参考将适用于其他下拉我的解决方案的人。

这可能是一个百灵鸟，但是对于recaptcha控件，因为有时需要很长时间才能呈现，这可能吗？

如果渲染时间超过 5 秒，我想停止对象的渲染并显示我自己的验证码。

我会在页面加载时启动一个计时器，如果 5 秒过去了，在某些情况下，在 recaptcha 控件（prerender？）中，我会取消渲染或使其不可见或类似的效果。它是第 3 方用户控件，所以我没有来源。

更新：

我发布后尝试了下面的代码。它的工作原理是，如果用户控件无法连接其服务器，即 - 我关闭我的互联网连接，但是当控件等待服务器返回时，当有很长的暂停时它没有感觉给它。即使我将毫秒间隔更改为 1，控件也会呈现。

在 SO 和其他博客的博客评论中，我注意到一些用户发布他们必须解决的验证码是什么才能让他们的帖子被接受的趋势。

他们这样做是为了帮助破解验证码的机器人吗？

如果是这样，有没有办法以编程方式（服务器端）将用户的输入与验证码进行比较以将其从评论中删除？这值得努力吗？

我以标准方式在我的各种网站上使用了CAPTCHA ，我在图像中生成了一些模糊的字符串（奇数对单词、随机数等），供用户在文本框中手动复制。我还知道recaptcha.net它扩展了从人类中筛选机器人的基本功能，并帮助将书籍数字化。我刚刚遇到了另一种使用AJAX Fancy CAPTCHA jQuery 插件执行 CAPTCHA 的方法，它不是要求用户重现一个字符串，而是要求用户将易于识别的图像（剪刀、铅笔、书等）拖到一个同样可识别的区域。当我看到这个时，我不得不对自己说：“哇……太酷了！”

问题：有没有人有任何其他执行验证码的简洁和不同方式的示例，而无需在图像中生成随机字符串供用户尝试和阅读（或重新生成直到他们可以），以便他们可以手动把它输入一个盒子里？

我在 PHP 中有一个用户注册表单。我在页面中放置了验证码图像检查。我像这样使用它

//img id="imgCaptcha" src="create_image.php"//

在我的 javascript 中，我想用图像中生成的相同数字（来自 create_image.php 页面）来验证它。该数字也在会话变量中设置。但是当我从 SESSION 获得号码时，我得到了前一个生成的号码。但是当我发布该页面时，我得到了由 SESSION 的 create_image.php 生成的正确的一个。

那么，如何在不从 SESSION 发布该页面的情况下获得最近生成的号码？

目前我想知道是否有一种方法可以使用验证码发布到网站进行人工检查。提出以下问题，当然这是使用随机数完成的：

表单使用 AJAX 发送。因此，当重新加载网站时，要输入的数字会发生变化。

获得通过的一种方法是读取和转换数字，然后发布一些数据，但在第二次请求时，数字已经被更改（这很好）。但是有没有办法避免这种情况？

不要认为我将其用于不良意图，所描述的形式用于我的一个应用程序中。这只是确保机器人无法通过的检查。

到目前为止谢谢:-)

当用户提交表单时，我想间歇性地显示/重定向到验证码页面（基于一些自定义规则），如果经过验证，则执行/提交第一个操作

有没有办法使用 ActionFilter 做到这一点？或任何其他方式？