Uncaptcha::Timer
Constructors
- Timer(String varname,Int mindelay,Int maxdelay)
Usage
The logic behind this filter is described in a UseNet post by its inventor Ben Bacarisse in the message 87abj0fbpy.fsf@bsb.me.uk
varname is the variable name that will be used to send the timing state information (the information will be encrypted to prevent tampering). You can use any non-empty value for this provided that it is not otherwise used in the form.
mindelay is the minimum delay in seconds between the form being created and the user submitting it. This should be not be too large, or genuine fast users of the form may be blocked. If this value is negative, no requests will be blocked for being too fast.
maxdelay is the maximum delay in seconds between the form being created and the user submitting it. This aims to prevent the 'distributed' attacks where one hijacked computer obtains the form and places it into a queue, and another hijacked computer takes it from the queue several hours later and submits it. The delay should not be too small, however, especially for complex forms. If this value is negative, all requests will be blocked.
You should always redisplay a form that fails this check, as genuine users may also trigger this check on rare occasions (or if you have set the delays too harshly).
// in the form generating function
enableTimer(fieldset,myTimer);
// in the form handling function
if (checkTimer(myTimer)) {
// process the form or do further checks
} else {
// give an error message, redisplay the form.
}
// myTimer (sample values only - do not use!)
Timer myTimer = Timer("myvarname",20,10000);
