Skip to content

Random Javascript and PHP generation

This code was based on a CAPTCHA I wrote but it could be useful in other areas such as comment spam protection. The idea is that a few random code blocks are generated on the client and server side, so each language (PHP, Javascript) has the same code. For example:-

num = 1330;
for(i=0;i<2;i++) {
num += 25;
for(j=0;j<2;j++) {
num += 25;
}
cfapqx = num

The variables and the code are completely randomised so you should never get the same value, PHP will actually have the same code and therefore knows the result of the Javascript code block.

Demo

Here’s the source, enjoy ;)

Random Javascript source

Share and Enjoy: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Digg
  • del.icio.us
  • Slashdot
  • StumbleUpon

Comments 16

  1. Jector wrote:

    Interesting… source code? ;)

    Posted 15 Aug 2007 at 10:04 am
  2. Gareth Heyes wrote:

    Hi Jector

    Yep I shall upload the source code for you.

    Posted 15 Aug 2007 at 10:06 am
  3. Jector wrote:

    Thanks a lot, Gareth Heyes.
    I think that’s an interesting idea. There is no graphical CAPTCHA for users to disturb them, but there is spam-protection. No additional actions for users. That’s good.

    Thanks for source code, I’ll look through it :)

    P.S. and as I can see, you implemented this idea in your site, didn’t you?

    Posted 15 Aug 2007 at 10:18 am
  4. Gareth Heyes wrote:

    Yeah I implemented a variant of this idea, I actually released a Wordpress plugin, which uses an older method of code creation but still works fine because I don’t get any comment spam on this site.

    Posted 15 Aug 2007 at 10:28 am
  5. Jector wrote:

    Aha, I see. Anyway, thanks for great idea.

    Posted 15 Aug 2007 at 10:38 am
  6. Gareth Heyes wrote:

    Before I forget, I must mention that much of the code was inspired by Ronald’s blog and you should visit his excellent site to learn more stuff about security.

    Posted 15 Aug 2007 at 10:49 am
  7. Harold wrote:

    I’ve used something similar a while back. I used a MD5 JavaScript to create a hash of the users’ name before submitting the form.

    I then created the same hash in php and compared them to each other…

    This reduced the spam posted using the contact form of that particular site to zero.

    -H-

    Posted 15 Aug 2007 at 11:20 am
  8. Gareth Heyes wrote:

    Yep it’s surprising how much of this comment spam isn’t parsing Javascript, they certainly have the ability to do it.

    The problem with the technique you mentioned is that it is quite easy for a spammer to create the key (server side) without having to parse Javascript. Therefore your technique relies on the spammer not knowing how you are protecting the form.

    Posted 15 Aug 2007 at 11:30 am
  9. nEUrOO wrote:

    We start seeing more and more JavaScript (based) crawlers. They won’t have any problem with these kind of protections.

    But well, sure it’s working well so far. I used to work on this kind of protection for a phpBB forum I have, and well, no more spam :)

    Posted 15 Aug 2007 at 3:27 pm
  10. Gareth Heyes wrote:

    Yep I look forward to developing something to defeating them if they get passed my spam protection :)

    Posted 15 Aug 2007 at 3:31 pm
  11. Thorin wrote:

    :) There’s the gauntlet :)

    Posted 15 Aug 2007 at 7:38 pm
  12. Ronald Allan MOjica wrote:

    looks great !!! its a big help!!!

    Posted 08 Sep 2007 at 2:15 pm
  13. deviantz wrote:

    ei thanks! i will try this code.. actually i need this kind of code for my new project.

    thanks again!

    Posted 08 Sep 2007 at 2:15 pm
  14. Bobby wrote:

    Thanks for this plugin! 8)

    Posted 16 Sep 2007 at 8:34 pm
  15. Dave wrote:

    Thanks for this code. Very interesting.

    Posted 17 Sep 2007 at 10:30 pm
  16. Gareth Heyes wrote:

    No problem enjoy :D

    Posted 17 Sep 2007 at 11:24 pm

Post a Comment

Your email is never published nor shared. Required fields are marked *

Comment spam protected by SpamBam