Random Javascript and PHP generation

This code was based on a CAPTCHA I wrote but it could be useful in other areas such as comment spam protection. The idea is that a few random code blocks are generated on the client and server side, so each language (PHP, Javascript) has the same code. For example:-

num = 1330;
for(i=0;i<2;i++) {
num += 25;
for(j=0;j<2;j++) {
num += 25;
cfapqx = num

The variables and the code are completely randomised so you should never get the same value, PHP will actually have the same code and therefore knows the result of the Javascript code block.


Here's the source, enjoy πŸ˜‰

Random Javascript source

16 Responses to “Random Javascript and PHP generation”

  1. Jector writes:

    Interesting… source code? πŸ˜‰

  2. Gareth Heyes writes:

    Hi Jector

    Yep I shall upload the source code for you.

  3. Jector writes:

    Thanks a lot, Gareth Heyes.
    I think that’s an interesting idea. There is no graphical CAPTCHA for users to disturb them, but there is spam-protection. No additional actions for users. That’s good.

    Thanks for source code, I’ll look through it πŸ™‚

    P.S. and as I can see, you implemented this idea in your site, didn’t you?

  4. Gareth Heyes writes:

    Yeah I implemented a variant of this idea, I actually released a WordPress plugin, which uses an older method of code creation but still works fine because I don’t get any comment spam on this site.

  5. Jector writes:

    Aha, I see. Anyway, thanks for great idea.

  6. Gareth Heyes writes:

    Before I forget, I must mention that much of the code was inspired by Ronald’s blog and you should visit his excellent site to learn more stuff about security.

  7. Harold writes:

    I’ve used something similar a while back. I used a MD5 JavaScript to create a hash of the users’ name before submitting the form.

    I then created the same hash in php and compared them to each other…

    This reduced the spam posted using the contact form of that particular site to zero.


  8. Gareth Heyes writes:

    Yep it’s surprising how much of this comment spam isn’t parsing Javascript, they certainly have the ability to do it.

    The problem with the technique you mentioned is that it is quite easy for a spammer to create the key (server side) without having to parse Javascript. Therefore your technique relies on the spammer not knowing how you are protecting the form.

  9. nEUrOO writes:

    We start seeing more and more JavaScript (based) crawlers. They won’t have any problem with these kind of protections.

    But well, sure it’s working well so far. I used to work on this kind of protection for a phpBB forum I have, and well, no more spam πŸ™‚

  10. Gareth Heyes writes:

    Yep I look forward to developing something to defeating them if they get passed my spam protection πŸ™‚

  11. Thorin writes:

    πŸ™‚ There’s the gauntlet πŸ™‚

  12. Ronald Allan MOjica writes:

    looks great !!! its a big help!!!

  13. deviantz writes:

    ei thanks! i will try this code.. actually i need this kind of code for my new project.

    thanks again!

  14. Bobby writes:

    Thanks for this plugin! 8)

  15. Dave writes:

    Thanks for this code. Very interesting.

  16. Gareth Heyes writes:

    No problem enjoy πŸ˜€