开发者

prevent query to captcha generator from YSlow

问答 作者:

i have a pretty simple captcha, something like this:

<?php
    session_start();
    function randomText($length) {
        $pattern = "1234567890abcdefghijklmnopqrstuvwxyz";
        for($i=0;$i<$length;$i++) {
            $key .= $pattern{rand(0,35)};
        }
        return $key;
    }
    $textCaptcha=randomText(8);
    $_SESSION['tmptxt'] = $textCaptcha;
    $captcha = imagecreatefromgif("bgcaptcha.gif");
    $colText = imagecolorallocate($captcha, 0, 0, 0);
    imagestring($captcha, 5, 16, 7, $textCaptcha, $colText);

    header("Content-type: image/gif");
    imagegif($captcha);
?>

the problem is that if the user have YSlow installed, the image is query 2 times, so, the captcha is re-generated and never match with the one inserted by the user.

i saw that is only query a second time if i pass the content-type header as gif, if i print it as a normal php, this doesn't happen.

someone have any clue about this? how i can prevent it or identify that the s开发者_开发技巧econd query is made by YSlow, to do not generate the captcha again.

Regards, Shadow.

YSlow does request the page components when run, so it sounds like your problem is cases where the user has YSlow installed and it's set to run automatically at each page load.

The best solution may be to adjust your captcha code to not recreate new values within the same session, or if it does to make sure the session variable matches the image sent.

But to your original question about detecting the second query made by YSlow, it's possible if you look at the HTTP headers received.

I just ran a test and found these headers sent with the YSlow request. The User-Agent is set to match the browser (Firefox in my case), but you could check for the presence of X-YQL-Depth as a signal. (YSlow uses YQL for all of its requests.)

Array
(
    [Client-IP] => 1.2.3.4
    [X-Forwarded-For] => 1.2.3.4,  5.6.7.8
    [X-YQL-Depth] => 1
    [User-Agent] => Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:8.0.1) Gecko/20100101 Firefox/8.0.1
    [Accept-Encoding] => gzip
    [Host] => www.example.com
    [Connection] => keep-alive
    [Via] => HTTP/1.1 htproxy1.ops.sp1.yahoo.net[D1832930] (YahooTrafficServer/1.19.5 [uScM])
)

继续阅读:captchaphpsessionyslow

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9