psuedo code, not screen readable
the trick is handling sessions for non logged in ( anonymous ) users, since my board allows anonymous posting, what you can do is 'poison' a session by banning the cookie OR adding something to the session variable like Session['userType'] = bannedbanning the IP of course works too, both of these are trivial to get around tho, so what i' gonna do is implement a 'hash cash" system, where you go to /post_office and request the minting of a
stamp , we create jpeg and the user gives us the has value, and that counts as a $_SESSION['stamp'] = id_of_stamp and so the user can browse or post as long as the stamp is valid