Skip to main content

Notice: this Wiki will be going read only early in 2024 and edits will no longer be possible. Please see: https://gitlab.eclipse.org/eclipsefdn/helpdesk/-/wikis/Wiki-shutdown-plan for the plan.

Jump to: navigation, search

Phoenix formsecurity

Revision as of 10:59, 2 May 2008 by Matt.ward.eclipse.org (Talk | contribs) (New page: =Form Security Class= ==Intro== The FormSecurity class was created to be a generic way to added a random mathematical question to any page with a form, in order to try and prevent bots ...)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Form Security Class

Intro

The FormSecurity class was created to be a generic way to added a random mathematical question to any page with a form, in order to try and prevent bots and scripts from automatically filling out the forms and flooding work channels,email and db systems. It does this by generating a question and computing the answer and storing the answer in a crypt hash, for later comparsion. On form submission it can compare the users answer with the stored result and if they match you can be reasonably sure that the form was filled out by a person, or at least by a script that was written by someone that knew what they were doing.

Class description

The class contains the following functions:

  1. getStoredCrypt : This function returns the value stored in the protected dataspace of the class. By default it should contain the encrypted result of the question computation.
  2. setStoredCrypt : Sets the value for getStoredCrypt to return. Used internally within the class, but available outside.
  3. HardSecureQuestion : Generates a 'hard' random question consisting of 3 values and 2 mathematical operations(+/-) decided randomly. Requires that you pass it a password(text string) to encrypt the result with. You can also specify the uppper limit on the values that will be used to generate the question, the limit defaults to 100 if not given. The return is a text string of the question itself, so that it can be displayed
  4. EasySecureQuestion : Generates an 'easy' random question consisting of 2 values and 1 mathematical operation(+/-) decided randomly. Requires that you pass it a password(text string) to encrypt the result with. You can also specify the uppper limit on the values that will be used to generate the question, the limit defaults to 10 if not given. The return is a text string of the question itself, so that it can be displayed
  5. Crypt : Generates a binary safe encrypted value. Requires the password and the data to encrypt. Returns a binary safe version via base64_encode.
  6. DeCrypt : Generates the orginal crypt() result from a binary safe version. Essentially it backs out the packing done by the Crypt function. Used primarily within the class, but available outside.
  7. Verify : Given a password, and user value and a binary safe Crypt() result, will check if the supplied inputs match. It works by calling DeCrypt on the Crypt() result and then comparing that to the results of the system crypt() function as applied to the password and user value. The password here *must* match the password given to either HardSecureQuestion ro EasySecureQuestion, or else the values will never match.

Sample Code

<?
$security = new FormSecurity();
 
if FORM_POSTED  {
  if ( $security->Verify( $_POST['useranswer'], "text", $_POST['securityanswer'])
== 1 ){
   print "Go Dude!";
  else
   print "bummer";
}
 
<form>
Please answer: <? print ($security->EasySecurityQuestion( "text",20 ) ); ?>
<input type=text name=useranswer >
<input type=hidden name=securityanswer value="<? $security->getStoredCrypt();
?>
<input type="submit" value="post">
</form>
Retrieved from "https://wiki.eclipse.org/index.php?title=Phoenix_formsecurity&oldid=95765"

Back to the top