I use Opera web browser (the browser I use is noteworthy for its distinctive approach to cache) and I sometimes leave the login page open and put my computer in sleep mode. Sometimes I leave the game page open and the first page that loads is the old login page (from cache), with the old validCheck value.
Code: Select all
<input type="hidden" name="validCheck" value="21280172"/>
A few times, I've turned on my computer and attempted to log in using this page and I always get a scary threat that my account could be deleted because the system has detected that I am using an auto-login script.
I wanted to let the game administration know that these threats have left a psychological scar on me.
On a serious note, the current script detection mechanism is flawed. It is trivial to write a script that bypasses it and equally trivial to trigger the mechanism without writing a script.
The entire point of a CAPTCHA is to prevent scripts. This would be a more appropriate script detection mechanism.
A script that detects that validCheck variable would simply look for the value of the hidden field using JavaScript.
Code: Select all
document.getElementsByName('validCheck')[0].value
OR
One could create an AJAX call from a different page and use a regular expression to locate the data that he is looking for. I did this for the ingame chat I created.
kthxbai
Agapooka wrote:The argument that because a premise cannot be proven false, it must be true, is known as a Negative Proof Fallacy in logic.
Mister Sandman wrote:Nothing at all near the negative proof fallacy in logic. If it cannot be proven false, it has to be true.
Pooka's UU Market Loyalty Card:
Rudy Pena: 1 stamp!
A Spider: 1 stamp!