Captcha

From Hostek.com Wiki
Revision as of 21:08, 9 February 2013 by Jakeh (Talk | contribs) (What is a CAPTCHA?)

Jump to: navigation, search

What is a CAPTCHA?

This is a technology that requires human interaction before it allows the user to submit a form, and it stands for "Completely Automated Public Turing test to tell Computers and Humans Apart". This helps prevent bots from "hijacking" your email forms, and we recommend using a CAPTCHA on any form on your Web site.

Popular CAPTCHA Software

ReCAPTCHA

There are several CAPTCHA implementations of available, but a great choice is ReCAPTCHA. Not only does it stop spammers from using a form for sending their emails it also takes the energy and time already being spent to translate printed material into digital material.

"About 200 million CAPTCHAs are solved by humans around the world every day. In each case, roughly ten seconds of human time are being spent. Individually, that's not a lot of time, but in aggregate these little puzzles consume more than 150,000 hours of work each day."

"reCAPTCHA improves the process of digitizing books by sending words that cannot be read by computers to the Web in the form of CAPTCHAs for humans to decipher. More specifically, each word that cannot be read correctly by OCR is placed on an image and used as a CAPTCHA. This is possible because most OCR programs alert you when a word cannot be read correctly.

But if a computer can't read such a CAPTCHA, how does the system know the correct answer to the puzzle? Here's how: Each new word that cannot be read correctly by OCR is given to a user in conjunction with another word for which the answer is already known. The user is then asked to read both words. If they solve the one for which the answer is known, the system assumes their answer is correct for the new one. The system then gives the new image to a number of other people to determine, with higher confidence, whether the original answer was correct."

This particular CAPTCHA system has plugins that allow it to be used with technologies such as ASP.Net, PHP, and ColdFusion (see below): http://www.google.com/recaptcha/whyrecaptcha

Securimage

Another good, free option is Secureimage for PHP which is available here: http://www.phpcaptcha.org/

ReCAPTCHA for ColdFusion Forms

This example makes use of the popular ReCAPTCHA, a green alternative to the standard cfcaptcha tag.

Getting Started

  1. Signup for an account at Recaptcha
  2. Provide a domain name where you'll be using reCaptcha.
  3. Create key, for single or all domains.
  4. Click on the "reCAPTCHA plugins and libraries", from there download the ColdFusion reCaptcha plugin. Alternatively, you can obtain the plugin at RIAForge
  5. Create and place the file "recaptcha.cfm" in your custom tag folder or in the directory where the form file exists. If you need a custom tag path created, you can follow these steps. For this example I created the recaptcha.cfm file and placed it in the folder with the form.

NOTE: We recommend creating a custom error page - this prevents errors from revealing your public and private key if there are any errors with the form. Our ColdFusion Error Handling wiki shows how to do this.

Implementation

  1. Create the form for capturing user data such as a contact form submission. If you have not already done this, you can follow this cfform tutorial from Adobe.
  2. Upload the form (I used the name "contact.cfm").
    Example form:
	<cf_recaptcha
		privateKey="...your private key..."
		publicKey="...your public key..."
		action=check>

<!--- Heres where the email information is sent, set the TO and FROM below --->
	<cfif IsDefined("Form.oncethrough") AND #form.recaptcha# EQ "true">
		<cfmail
		to = "name@domain.com"
		from = "form@domain.com"
		subject = "Form submission!" >
	
		Name: #form.firstname# #form.lastname#
		Email: #form.email#
		DOB: #form.dob#
		Address: #form.address#
		City: #form.city#
		State: #form.state#
		Zip: #form.zip#
		Phone: #form.phone#
		Note: #form.note#
		IP: #cgi.remote_addr#
		</cfmail>
<!--- This information is returned to the user upon submission of the form. --->
		<cfoutput>#form.firstname#, your information was submitted successfully. We will be contacting you shortly.
		<br>Here's what we have recorded:
		<br>Name: #form.firstname# #form.lastname# 
    	<br>Email: #form.email# 
    	<br>Date of Birth: #form.dob# 
		<br>Phone: #form.phone#
    	<br>Address: #form.address#
		<br>City: #form.city# 
		<br>State: #form.state# 
		<br>Zip: #form.zip#
		<br>Note: #form.note#
		</cfoutput>
<!--- If the user fails to validate the cfcaptcha they will be prompted to return to the contact form. Change the file name of your contact form here if different than contact.cfm --->
	<cfelseif IsDefined("Form.oncethrough") AND #form.recaptcha# EQ "false">
		<cfoutput>Please try again. Return to the <a href=contact.cfm>Contact Form</a></cfoutput>
	<cfelse>
<!--- Start collecting the contact information in the form. --->
		<cfform>
		<h4>Thank you for visiting our site, please fill out fully so we can contact you.</h4>
		<cfoutput>
		<h4>Your IP Address #cgi.remote_addr#</h4>
		</cfoutput>
    	First Name: <cfinput type = "Text" name = "firstname" 
        	message = "Please enter your first name." 
        	validate = "required" required = "Yes">
		<br>Last Name: <cfinput type = "Text" name = "lastname" 
        	message = "Please enter your last name." 
        	validate = "required" required = "Yes">
		<br>Email: <cfinput type = "text" name = "email" 
        	message = "Please enter your email address." 
        	validate = "email" required = "Yes">
		<br>Date of Birth: <cfinput type = "Text" name = "dob" 
        	message = "Please enter your date of birth." 
        	validate = "date" required = "Yes">
		<br>Phone: <cfinput type = "Text" name = "phone"
        	validate = "telephone" required = "Yes">
		<br><br><b>Your address is optional!</b>
		<br>Address: <cfinput type = "Text" name = "address"
        	required = "No">
			<br>Format: 123 Street ST, Tulsa, OK
		<br>City: <cfinput type = "Text" name = "city"
        	validate = "zipcode" required = "No">
		<br>State: <cfinput type = "Text" name = "state"
        	validate = "zipcode" required = "No">
		<br>Zip: <cfinput type = "Text" name = "zip"
        	validate = "zipcode" required = "No">
		<br><br>Have something to say? <br><cfinput type = "text" style="height: 100px;" size = "50" name = "note"
        	required = "No">
		<br><br>Check to confirm permission to contact you: <cfinput type = "checkbox" name = "contactallowed" 
        	message = "Please confirm you permission to contact you." 
        	validate = "required" required = "Yes">
		<cf_recaptcha
			privateKey="...your private key..."
			publicKey="...your public key..."
			theme="white">
		<p><cfinput type = "submit" name = "submit" value = "Submit">
    	<cfinput type = "hidden" name = "oncethrough" value = "Yes"></p>
		</cfform>
	</cfif>

This example collects the Name, Email, DOB, Address, City, State, Zip, Phone, Note, IP of the submitter. Some fields are optional, so if there's something you DON'T need to collect, just remove it from between the cfform, cfmail, and cfoutput sections.