walterdavis/gist:896803

## gistfile1.html
<script type="text/javascript" charset="utf-8">
//in the HTML page, first include Prototype, then do this
document.observe('dom:loaded',function(){
  new Ajax.Updater(document.forms[0],'your-form-go.php',{parameters:{getKey:true},insertion:'top'});
});
</script>

<?php
//back in form-handler-land
function isAjax(){
  return (isset($_SERVER['HTTP_X_REQUESTED_WITH']) &&
    ($_SERVER['HTTP_X_REQUESTED_WITH'] == 'XMLHttpRequest'));
}
$keys = array('keyOne','keyFortyTwo');
$salt = 'some ferociously complex salt';
if(isAjax() && isset($_POST['getKey'])){
  $key = $keys[rand(count($keys) - 1)];
  header('Content-type: text/html; charset="utf-8"');
  print '<input type="hidden" name="' . $key . '" value="' . md5($key . $salt) . '"/>';
  exit;
}
$not_a_bot = false;
foreach($keys as $key){
  if(isset($_POST[$key]) && $_POST[$key] = md5($key . $salt)){
    //yay!
    $not_a_bot = true;
  }
}
if($not_a_bot){
  //proceed accordingly
}
?>
	<script type="text/javascript" charset="utf-8">
	//in the HTML page, first include Prototype, then do this
	document.observe('dom:loaded',function(){
	new Ajax.Updater(document.forms[0],'your-form-go.php',{parameters:{getKey:true},insertion:'top'});
	});
	</script>

	<?php
	//back in form-handler-land
	function isAjax(){
	return (isset($_SERVER['HTTP_X_REQUESTED_WITH']) &&
	($_SERVER['HTTP_X_REQUESTED_WITH'] == 'XMLHttpRequest'));
	}
	$keys = array('keyOne','keyFortyTwo');
	$salt = 'some ferociously complex salt';
	if(isAjax() && isset($_POST['getKey'])){
	$key = $keys[rand(count($keys) - 1)];
	header('Content-type: text/html; charset="utf-8"');
	print '<input type="hidden" name="' . $key . '" value="' . md5($key . $salt) . '"/>';
	exit;
	}
	$not_a_bot = false;
	foreach($keys as $key){
	if(isset($_POST[$key]) && $_POST[$key] = md5($key . $salt)){
	//yay!
	$not_a_bot = true;
	}
	}
	if($not_a_bot){
	//proceed accordingly
	}
	?>