Captcha

From Hostek.com Wiki
Jump to: navigation, search

What is a CAPTCHA?

This is a technology that requires human interaction before it allows the user to submit a form, and it stands for "Completely Automated Public Turing test to tell Computers and Humans Apart". This helps prevent bots from "hijacking" your email forms, and we recommend using a CAPTCHA on any form on your Web site.

Popular CAPTCHA Software

ReCAPTCHA

ReCaptcha provided by Google is a great choice.

https://www.google.com/recaptcha/intro/index.html

Securimage

Another good, free option is Secureimage for PHP which is available here: http://www.phpcaptcha.org/

ReCAPTCHA for ColdFusion Forms

This example makes use of the popular ReCAPTCHA, a green alternative to the standard cfcaptcha tag.

Getting Started

  1. Signup for an account at Recaptcha
  2. Provide a domain name where you'll be using reCaptcha.
  3. Create key, for single or all domains.
  4. Click on the "reCAPTCHA plugins and libraries", from there download the ColdFusion reCaptcha plugin. Alternatively, you can obtain the plugin at RIAForge
  5. Create and place the file "recaptcha.cfm" in your custom tag folder or in the directory where the form file exists. If you need a custom tag path created, you can follow these steps. For this example I created the recaptcha.cfm file and placed it in the folder with the form.

NOTE: We recommend creating a custom error page - this prevents errors from revealing your public and private key if there are any errors with the form. Our ColdFusion Error Handling wiki shows how to do this.

Implementation

  1. Create the form for capturing user data such as a contact form submission. If you have not already done this, you can follow this cfform tutorial from Adobe.
  2. Upload the form (I used the name "contact.cfm").
    Example form:
	<cf_recaptcha
		privateKey="...your private key..."
		publicKey="...your public key..."
		action=check>

<!--- Heres where the email information is sent, set the TO and FROM below --->
	<cfif IsDefined("Form.oncethrough") AND #form.recaptcha# EQ "true">
		<cfmail
		to = "name@domain.com"
		from = "form@domain.com"
		subject = "Form submission!" >
	
		Name: #form.firstname# #form.lastname#
		Email: #form.email#
		DOB: #form.dob#
		Address: #form.address#
		City: #form.city#
		State: #form.state#
		Zip: #form.zip#
		Phone: #form.phone#
		Note: #form.note#
		IP: #cgi.remote_addr#
		</cfmail>
<!--- This information is returned to the user upon submission of the form. --->
		<cfoutput>#form.firstname#, your information was submitted successfully. We will be contacting you shortly.
		<br>Here's what we have recorded:
		<br>Name: #form.firstname# #form.lastname# 
    	<br>Email: #form.email# 
    	<br>Date of Birth: #form.dob# 
		<br>Phone: #form.phone#
    	<br>Address: #form.address#
		<br>City: #form.city# 
		<br>State: #form.state# 
		<br>Zip: #form.zip#
		<br>Note: #form.note#
		</cfoutput>
<!--- If the user fails to validate the cfcaptcha they will be prompted to return to the contact form. Change the file name of your contact form here if different than contact.cfm --->
	<cfelseif IsDefined("Form.oncethrough") AND #form.recaptcha# EQ "false">
		<cfoutput>Please try again. Return to the <a href=contact.cfm>Contact Form</a></cfoutput>
	<cfelse>
<!--- Start collecting the contact information in the form. --->
		<cfform>
		<h4>Thank you for visiting our site, please fill out fully so we can contact you.</h4>
		<cfoutput>
		<h4>Your IP Address #cgi.remote_addr#</h4>
		</cfoutput>
    	First Name: <cfinput type = "Text" name = "firstname" 
        	message = "Please enter your first name." 
        	validate = "required" required = "Yes">
		<br>Last Name: <cfinput type = "Text" name = "lastname" 
        	message = "Please enter your last name." 
        	validate = "required" required = "Yes">
		<br>Email: <cfinput type = "text" name = "email" 
        	message = "Please enter your email address." 
        	validate = "email" required = "Yes">
		<br>Date of Birth: <cfinput type = "Text" name = "dob" 
        	message = "Please enter your date of birth." 
        	validate = "date" required = "Yes">
		<br>Phone: <cfinput type = "Text" name = "phone"
        	validate = "telephone" required = "Yes">
		<br><br><b>Your address is optional!</b>
		<br>Address: <cfinput type = "Text" name = "address"
        	required = "No">
			<br>Format: 123 Street ST, Tulsa, OK
		<br>City: <cfinput type = "Text" name = "city"
        	validate = "zipcode" required = "No">
		<br>State: <cfinput type = "Text" name = "state"
        	validate = "zipcode" required = "No">
		<br>Zip: <cfinput type = "Text" name = "zip"
        	validate = "zipcode" required = "No">
		<br><br>Have something to say? <br><cfinput type = "text" style="height: 100px;" size = "50" name = "note"
        	required = "No">
		<br><br>Check to confirm permission to contact you: <cfinput type = "checkbox" name = "contactallowed" 
        	message = "Please confirm you permission to contact you." 
        	validate = "required" required = "Yes">
		<cf_recaptcha
			privateKey="...your private key..."
			publicKey="...your public key..."
			theme="white">
		<p><cfinput type = "submit" name = "submit" value = "Submit">
    	<cfinput type = "hidden" name = "oncethrough" value = "Yes"></p>
		</cfform>
	</cfif>

This example collects the Name, Email, DOB, Address, City, State, Zip, Phone, Note, IP of the submitter. Some fields are optional, so if there's something you DON'T need to collect, just remove it from between the cfform, cfmail, and cfoutput sections.

CAPTCHA Alternatives

CFFormProtect

CFFormProtect provides spam protection for forms that is invisible to the end user. More information on the project and its implementation is available at RIAForge.

PHPFormProtect

PHPFormProtect implements the same form security as CFFormProtect, but is intended for PHP applications. It is available from the project's [GitHub repository https://github.com/mccarthy/phpFormProtect]