tags:

views:

140

answers:

2
+1  Q: 

recaptcha still submits form when one word invalid

Um so I was in for a little bit of a surprise tonight. I spent a good 20 mins trying to figure out why I was able to submit a form knowing that what I entered into the recaptcha field was invalid. Is it true that you don't need to input the exact words it displays? If it shows me two words and I misspelled one of the words, I still pass validation? Same goes if "hello world" and I input "hell man" it still works.

+1  A: 

With recaptcha, you are only tested on one of the words, while the other is used to help computers in scanning printed material. So you only need to get one right to pass (which one you need is random). :D

CrazyJugglerDrummer  2010-03-12 00:54:09
yea, it would've helped if I RTFM! Now I have to figure out which field I should check against when using it w/ Codeigniter. "recaptcha_challenge_field" or "recaptcha_response_field." Or does it not matter.
luckytaxi  2010-03-12 00:55:30
why are you messing with challenge_field and response_field yourself? just use recaptcha_check_answer. http://saidur.wordpress.com/2008/10/21/how-to-use-recaptcha-in-codeigniter/ http://recaptcha.net/plugins/php/
CrazyJugglerDrummer  2010-03-12 01:01:41
I'm not, I wanted to make sure I was "checking" against the correct field. I've seen tutorials where some folks check against 'recaptcha_challenge_field' while others check against 'recaptcha_challenge_field'
luckytaxi  2010-03-12 01:30:52
A: 

the recaptcha site describes why this is. You need to get one of the two words correct; only recaptcha knows which one.

But if a computer can't read such a CAPTCHA, how does the system know the correct answer to the puzzle? Here's how: Each new word that cannot be read correctly by OCR is given to a user in conjunction with another word for which the answer is already known. The user is then asked to read both words. If they solve the one for which the answer is known, the system assumes their answer is correct for the new one. The system then gives the new image to a number of other people to determine, with higher confidence, whether the original answer was correct.

Michael Petrotta  2010-03-12 00:56:34
It only checks for one actually. One it knows to be correct, the other it doesn't.
Laykes  2010-03-12 00:58:40
@Laykes: good point. Edited.
Michael Petrotta  2010-03-12 01:16:34

related questions

Need help with reCAPTCHA - keep getting incorrect-captcha-sol
Using reCaptcha with BlogEngine.net
How do I show multiple recaptchas on a single page?
How would one integrate ReCaptcha in to BlogEngine.net (ASP.net C#)?
Possible - cancel user control rendering if not loaded in x seconds?
Where should I place Recaptcha.dll in my asp.net mvc application?
Captcha Implementation in ROR
Installing Recaptcha in Joomla 1.5 user registration
Rails Recaptcha plugin always returns false
How to resize recaptcha?
Multiple reCAPTCHAs in one ASP.Net page
reCaptcha Widget using PHP/Curl
How might I design a system similar to reCAPTCHA?
reCaptcha values not appearing in $_POST
Has anyone gotten Recaptcha to run on the Google App Engine (in Java)?
Recommendations for java captcha libraries
Is the ReCaptcha "customization options dictionary" JSON?
Problems with ASP.NET recaptcha and JQuery
using reCAPTCHA with ajax....javascript loading problem
Verifying RECAPTCHA with jQuery
Are reCAPTCHA CAPTCHAs getting harder or is just me
Are there any alternatives to recaptcha.net, for stopping spam?
Has reCaptcha been cracked / hacked / OCR'd / defeated / broken?
Problem with Recaptcha
How to make reCAPTCHA work with a ValidationGroup in ASP.Net (captcha)