Captcha



    Just the other day DoctorDemon offered an interesting, in my opinion, version of captcha . In the comments to the post, the views of Habrausers were different and the main drawback was the ease of selection for bots. I became interested and thought - why not implement it?


    In the process of reflection, I came to a strong-willed decision that we would randomly generate the “labyrinth” every time in order to complicate the life of annoying bots.

    Implementation

    An attentive reader will notice that I abandoned other characters and slightly simplified the structure of the “labyrinth”, leaving only moving a whole cell - this simplifies the generation and subsequent navigation through the “labyrinth”. For greater beauty, the paths do not intersect. Those. we can imagine any labyrinth in the form of a tree, the vertex of which is the start point, and the children of each vertex - points, after following the branches “left”, “right”, “up” and “down”.

    Of course, all this simplified the task of bots - but it seems to me that the labyrinth thanks to this looks friendlier. The time for generating the maze is reduced and the process of passing the maze for the normal visitor is facilitated.
    You can try it in action here: http://star.nn.ru/
    Now we turn to the principle of work.

    So that the task of the bots differed from finding the answer to the question “enter 2 + 2”, I had to go for a trick. After the labyrinth is generated, it is stored in the database along with the session identifier. While the enthusiastic user moves to point “A”, all his movements with javascript are entered into the hidden form field. After passing, submit appears, clicking on which, the name of the commentator, the text and the path made are sent to the server. Already on the server side, the same labyrinth is loaded from the database and the diligent script repeats the user's actions, making sure that we do not go astray, but in the end we are at point “A”. If everything turned out that way - the captcha is completed and a comment is added. Otherwise, it is obvious that we have an ill-wisher and you can safely block it, for example, by IP-address (well, I did not do this).

    However, the task of selection does not become insoluble, and even more so the army of trained captcha-walkers will bypass any defense. This is the first minus.

    The second minus is the load on the server. Firstly, the very task of generating a maze requires resources. In addition, we need at least 2 accesses to the database — when we save the maze and when we load. In general, it would be desirable to erase it later. Well, here you can, of course, drag a maze from server to client and vice versa. You can even generate several hundred different mazes and give them out of the base randomly without generation.

    In addition, there are problems with “mobile” visitors and a large amount of additional data.

    PS This is just a sideways view, not without flaws, made during coffee breaks.


    Also popular now: