[pmwiki-users] 90,000 Session Files

Petko Yotov 5ko at 5ko.fr
Fri Mar 20 05:58:30 CDT 2009

On Friday 20 March 2009 07:44:51 Patrick R. Michaud wrote:
> In order for captchas to be at all workable and not easily circumvented,
> the information about the displayed captcha has to be kept somewhere
> on the server.  PmWiki's captcha recipe uses session files for this
> purpose -- I'm not sure what would/could provide a better solution
> to this.  Ultimately it's simply the fact that the captchas are
> being displayed that is causing the files to be generated.

How about using crypt() with a unique salt that changes but not very often ?

  $CaptchaValue = rand(1000, 9999);
  $CaptchaKey = crypt($CaptchaValue, md5_file("$LocalDir/config.php"));

The form will have a hidden field containing $CaptchaKey, and a text field 
where the visitor writes $CaptchaValue.

We should find some way to send the $CaptchaValue to the function which 
creates the image. It could be a small control file 
wiki.d/.captchas/$CaptchaKey.txt. We erase it when the picture is created or 
if it is older than X minutes.


More information about the pmwiki-users mailing list