"tom pester" wrote:
Hi Phil,
On the other hand, extracting two numbers from the HTML source of a
web page and adding them together is ridiculously easy. A combination
of file_get_conten ts() and simple string matching is all you need.
My point is that there is no real difference between the turing numbers and
the addition other than turing number are more difficult to read (fo now).
This took 2 minutes to write:
=============== =============== =============== ========
$s = file_get_conten ts("http://thereference.dy ndns.org:30000/MailPage.php");
$re = "/much is ([0-9]+) \+ ([0-9]+) .* humanGuid" value="([^"]+)"/m";
if (preg_match($re ,$s,$m)) {
echo 'Access code = ' . (1*$m[1]+1*$m[2]) . '\r\n';
echo 'Session ID = ' . $m[3];
} else echo "Couldn't find numbers";
=============== =============== =============== ========
Now I have the answer to your addition sum, and the session ID from your
"hidden" field. That wasn't difficult, was it?
Turing numbers are nowhere near as vulnerable. Implemented properly, they
are impossible for computers to read successfully without a lot of hard work
targeted at each specific implementation.
--
phil [dot] ronan @ virgin [dot] net
http://vzone.virgin.net/phil.ronan/