I should add it’s just a concept.

An example source:

<form action="?" method="POST">
			<input type="hidden" name="submit">
			<input type="hidden" name="hiddenHash" value="dd3ee4b49241284a76ce135baaf891ac">
			What is 1 + 6 ? <input type="text" name="myAnswer"> <input type="submit" value="Verify">
			</form>

One can send $_POST['hiddenHash'] with the value “dd3ee4b49241284a76ce135baaf891ac” and $_POST['myAnswer'] equal to 7 - every time. As I said, all the SPAMer needs to know is that his answer is being checked statically.

<?php

$randomString = '03B7c9B0aB33064891f4B7197a084F0e'; // just a random hash we'll use =)

if( isset($_POST['submit'] )) {
	if( $_POST['hiddenHash'] == md5( $_POST['myAnswer'] . $randomString ) ) {
		// his verification is okay
		print 'you\'re okay';
	} else {
		print 'wrong answer';
	}
} else {
	// generate the info
	$_1 = mt_rand(1,10);
	$_2 = mt_rand(1,10);
	$answer = $_1 + $_2;
	$hiddenHash = md5( $answer . $randomString );
	print '<form action="?" method="POST">
			<input type="hidden" name="submit">
			<input type="hidden" name="hiddenHash" value="' . $hiddenHash . '">
			What is ' . $_1 . ' + ' . $_2 . ' ? <input type="text" name="myAnswer"> <input type="submit" value="Verify">
			</form>';
}
?>

The only drawback of this approach is that if a SPAMer realizes his answer is being checked statically he’ll just SPAM with the any hiddenHash and it’s corresponding correct myAnswer.

You’re welcome =) Thanks for the kind words.

Thanks for the nice info
Keep your LifeStyle .. It Rocks

Regarding your second question, actually I didn’t code this modification from scratch. It’s a premade plugin called cforms if my memory serves me right. However, that’s not how similar procedures are implemented. Having a hidden value is just the same because a SPAM will just send it’s own _POST value that has the correct answer to it’s imaginary solution. Even hashing the result and sending it won’t do any good, anything that is not tested in-house (by in-house I mean on the server) is not worth of implementing.

The easiest way to implement a similar task would be sending a hash to the user alongside the question, a random hash that has nothing in common with the question, and that same hash stored in my database with the correct answer. That way when the user submits I query for the hash that I’m sure was generated by me, making sure he’s human. That’s how CAPTCHA works except that it stores the hash on its own server not the server it’s being installed on.

bas Q#1:
eeeh lazmet enak te3mel two variables le el min, max ??
leeh met2olsh 3la tool $_1 = mt_rand(1, 10);

Q#2:
ba3d ma 3amlt generate le el random numbers
ezay tet2aked enno da5lha ??
hal enta hatSend el result fe Hidden Input ??

Regards,

@Kamasheto:
I knw Akismet and itsnt really great belive me
i had loads of spam using it, i had to switch to another plugin which was better but i can’t remember it’s name.But if it’s working dunt fix it

if( ! in_array( array($_1, $_2), $arr) && ! in_array( array($_2,$_1), $arr) )

basically makes sure my two numbers have not already been printed - i.e., deals with all duplicates.

The problem with generating random numbers and generating the results is that it would give me all the duplicates that I don’t really want in my list, it’s a waste of memory resource.

Your code was removed by wp, try making it postable first then post it.

@Salem:

Wordpress has Akismet, it is a very sophisticated built-in system that catches spam efficiently. I never got one spam message passing through, not a single one!