2

Um so I was in for a little bit of a surprise tonight. I spent a good 20 mins trying to figure out why I was able to submit a form knowing that what I entered into the recaptcha field was invalid. Is it true that you don't need to input the exact words it displays? If it shows me two words and I misspelled one of the words, I still pass validation? Same goes if "hello world" and I input "hell man" it still works.

Gordon Gustafson
  • 40,133
  • 25
  • 115
  • 157
sdot257
  • 10,046
  • 26
  • 88
  • 122

2 Answers2

4

With recaptcha, you are only tested on one of the words, while the other is used to help computers in scanning printed material. So you only need to get one right to pass (which one you need is random). :D

Gordon Gustafson
  • 40,133
  • 25
  • 115
  • 157
  • yea, it would've helped if I RTFM! Now I have to figure out which field I should check against when using it w/ Codeigniter. "recaptcha_challenge_field" or "recaptcha_response_field." Or does it not matter. – sdot257 Mar 12 '10 at 00:55
  • why are you messing with challenge_field and response_field yourself? just use recaptcha_check_answer. http://saidur.wordpress.com/2008/10/21/how-to-use-recaptcha-in-codeigniter/ http://recaptcha.net/plugins/php/ – Gordon Gustafson Mar 12 '10 at 01:01
  • I'm not, I wanted to make sure I was "checking" against the correct field. I've seen tutorials where some folks check against 'recaptcha_challenge_field' while others check against 'recaptcha_challenge_field' – sdot257 Mar 12 '10 at 01:30
  • I think, it is worth noting, that now (2014) it is more and more often, that reCAPTCHA requires **both** words to be solved correctly. – trejder Jun 04 '14 at 08:57
0

the recaptcha site describes why this is. You need to get one of the two words correct; only recaptcha knows which one.

But if a computer can't read such a CAPTCHA, how does the system know the correct answer to the puzzle? Here's how: Each new word that cannot be read correctly by OCR is given to a user in conjunction with another word for which the answer is already known. The user is then asked to read both words. If they solve the one for which the answer is known, the system assumes their answer is correct for the new one. The system then gives the new image to a number of other people to determine, with higher confidence, whether the original answer was correct.

Michael Petrotta
  • 59,888
  • 27
  • 145
  • 179