Error When Choosing Wrong Image

11 views
Skip to first unread message

EyeMagination-Brian

unread,
Feb 19, 2009, 6:15:11 PM2/19/09
to JustHumans
Anders posted:
When a user tries to submit a form but picks the wrong image, redirect
the user to a JustHumans page that re-challanges them with a new
puzzle. If they still pick the wrong image, tell them their form was
not submitted. If they pick the correct image in either case, redirect
to the redirect URL as it does now. (I'm still looking for feedback on
this. If you want this functionality, let us know.)

I love this idea if it's kept simple. I see it like this: If someone
picks the wrong shape, "Please Pick the Correct Image" (in red, 12pt
Bold font would) would show below. If they pick the wrong image
again, it goes to the error page we created.

For me, having duplicate requests is our #1 issue. I say "go for it"
Anders.

Agree? Disagree? Your Thoughts?

Anders Brownworth

unread,
Feb 19, 2009, 6:39:32 PM2/19/09
to justh...@googlegroups.com
Well, I like it. Interface-wise, this would be a great experience. But if I showed the logic to test the selection on the page without actually submitting it first, an attacker could easily reverse engineer that to figure out what to press. (because the answer would be hidden in the JavaScript I delivered to your browser. I suppose I could do that in an Ajax call but then we might have to ever-so-slightly reduce our "works everywhere" mantra. Is it really a big deal if a bad choice were to result in an intermediary JustHumans-delivered page that said "Please try again"? I suppose I could do the Ajax idea... I'll have to think about that.

Anyone else have an opinion (passionate or not) either way?

Thanks.

-Anders
--
-Anders
-----------------------------------------------------------
Anders Brownworth
http://www.anders.com/
ande...@gmail.com

Captain Nordic

unread,
Feb 20, 2009, 10:35:08 AM2/20/09
to JustHumans
The simpler, the better. It's needed, whatever method you choose. I
personally am not worried about attackers getting to my script. Most
of my problems come with automated form filling bots, I doubt anyone
is going to go to great lengths to solve the puzzle.

Thanks very much for your work on it!

Mark

On Feb 19, 6:39 pm, Anders Brownworth <ander...@gmail.com> wrote:
> Well, I like it. Interface-wise, this would be a great experience. But if I
> showed the logic to test the selection on the page without actually
> submitting it first, an attacker could easily reverse engineer that to
> figure out what to press. (because the answer would be hidden in the
> JavaScript I delivered to your browser. I suppose I could do that in an Ajax
> call but then we might have to ever-so-slightly reduce our "works
> everywhere" mantra. Is it really a big deal if a bad choice were to result
> in an intermediary JustHumans-delivered page that said "Please try again"? I
> suppose I could do the Ajax idea... I'll have to think about that.
>
> Anyone else have an opinion (passionate or not) either way?
>
> Thanks.
>
> -Anders
>
> On Thu, Feb 19, 2009 at 6:15 PM, EyeMagination-Brian <00davi...@gmail.com>wrote:
>
>
>
>
>
> > Anders posted:
> > When a user tries to submit a form but picks the wrong image, redirect
> > the user to a JustHumans page that re-challanges them with a new
> > puzzle. If they still pick the wrong image, tell them their form was
> > not submitted. If they pick the correct image in either case, redirect
> > to the redirect URL as it does now. (I'm still looking for feedback on
> > this. If you want this functionality, let us know.)
>
> > I love this idea if it's kept simple.  I see it like this:  If someone
> > picks the wrong shape, "Please Pick the Correct Image" (in red, 12pt
> > Bold font would) would show below.  If they pick the wrong image
> > again, it goes to the error page we created.
>
> > For me, having duplicate requests is our #1 issue.  I say "go for it"
> > Anders.
>
> > Agree? Disagree?  Your Thoughts?
>
> --
> -Anders
> -----------------------------------------------------------
> Anders Brownworthhttp://www.anders.com/
> ander...@gmail.com

Anders Brownworth

unread,
Feb 20, 2009, 10:44:41 AM2/20/09
to justh...@googlegroups.com
I like simple as well. I've been thinking about how to do this for some time and am very close to a good solution. If nobody else has any input, I'll move forward implementing the "sorry, that wasn't the correct image" served from JustHumans. So there will be 2 chances to get it right.

Thanks for the input.

-Anders

LBS

unread,
Apr 5, 2009, 2:30:01 PM4/5/09
to JustHumans
I like this idea! I don't have an opinion on how you implement but
simple is better. I really love this site - ever since I implemented
your code my form spam has gone to zero. Unfortunately I don't know
how many inquiries have gotten lost because they clicked the wrong
image. :)

Anders Brownworth

unread,
Apr 6, 2009, 12:26:01 PM4/6/09
to justh...@googlegroups.com
I'll be implementing this feature now, thanks for everyone's input. I'll do a post when the functionality is ready to roll out.

-Anders

Anders

unread,
Apr 13, 2009, 7:22:32 PM4/13/09
to JustHumans
I've finished coding this and (if all goes well) will be rolling it
into production tonight. This will cause a momentary disruption in the
JustHumans service so I'll be doing this when traffic is lowest.

Thanks for all the feedback.

-Anders
> ander...@gmail.com

Anders

unread,
Apr 14, 2009, 11:44:49 AM4/14/09
to JustHumans
All,

Re-challenge support is live now. Give your forms a try and let me
know if you see any issues.

-Anders

Kathy Smith

unread,
Apr 14, 2009, 9:02:10 PM4/14/09
to justh...@googlegroups.com
I found the "Click the ?? to try again" confusing. What about just
"Click the ?? to submit your message" since it does say that it didn't
go through.

Kathy
--
Creating Harmony LLC
www.CreateMoreHarmony.com

www.TheHungerSite.com - Click to Give - It's Free!
www.TheAnimalRescueSite.com - Click to Give - It's Free

Anders Brownworth

unread,
Apr 14, 2009, 9:04:26 PM4/14/09
to justh...@googlegroups.com
Thanks Kathy,

I changed it to:

Click the X to submit.

as sometimes it isn't a message you are submitting. Does that work better?

-Anders

Kathy Smith

unread,
Apr 14, 2009, 9:07:31 PM4/14/09
to justh...@googlegroups.com
I like it better. See what others think. Thanks!
Kathy

LBS

unread,
Apr 18, 2009, 7:55:45 PM4/18/09
to JustHumans
Tested it. Love it. THANK YOU!
Reply all
Reply to author
Forward
0 new messages