In this tutorial i will show you have to create and implement a CAPTCHA script into a form to validate that a person is using you site rather than a bot. This is a good script that can be used on forums and contact forms to eliminate SPAM on your site
Firstly we need to set the for parameters, the first part of the script will be enclosed in the cfsilent tag.
<cfsilent>
<cfparam
name="FORM.captcha"
type="string"
default=""
/>
<cfparam
name="FORM.captcha_check"
type="string"
default=""
/>
<cftry>
<cfparam
name="FORM.submitted"
type="numeric"
default="0"
/>
<cfcatch>
<cfset FORM.submitted = 0 />
</cfcatch>
</cftry>
<cfparam
name="FORM.captcha"
type="string"
default=""
/>
<cfparam
name="FORM.captcha_check"
type="string"
default=""
/>
<cftry>
<cfparam
name="FORM.submitted"
type="numeric"
default="0"
/>
<cfcatch>
<cfset FORM.submitted = 0 />
</cfcatch>
</cftry>
In this section i have also used the cftry tag to check if the form has been submitted. Next we need so set a flag to see if the user is a bot.
<!--- Set a flag to see if this user is a bot or not. --->
<cfset blnIsBot = true />
<cfset blnIsBot = true />
If the form has been submitted we will need to decrypt the captcha check value using this code. We will then check this against what the user has submitted, then set some flags.
<cfif FORM.submitted>
<!---
Decrypt the captcha check value. Since this was
submitted via a FORM, we have to be careful about
attempts to hack it. Always put a Decrypt() call
inside of a CFTry / CFCatch block.
--->
<cftry>
<!--- Decrypt the check value. --->
<cfset strCaptcha = Decrypt(
FORM.captcha_check,
"bots-aint-sexy",
"CFMX_COMPAT",
"HEX"
) />
<!---
Check to see if the user-submitted value is
the same as the decrypted CAPTCHA value.
Remember, ColdFusion is case INsensitive with
the EQ opreator.
--->
<cfif (strCaptcha EQ FORM.captcha)>
<!---
The user entered the correct text. Set the
flag for future use.
--->
<cfset blnIsBot = false />
</cfif>
<!--- Catch any errors. --->
<cfcatch>
<!--- Make sure the bot flag is set. --->
<cfset blnIsBot = true />
</cfcatch>
</cftry>
</cfif>
<!---
Decrypt the captcha check value. Since this was
submitted via a FORM, we have to be careful about
attempts to hack it. Always put a Decrypt() call
inside of a CFTry / CFCatch block.
--->
<cftry>
<!--- Decrypt the check value. --->
<cfset strCaptcha = Decrypt(
FORM.captcha_check,
"bots-aint-sexy",
"CFMX_COMPAT",
"HEX"
) />
<!---
Check to see if the user-submitted value is
the same as the decrypted CAPTCHA value.
Remember, ColdFusion is case INsensitive with
the EQ opreator.
--->
<cfif (strCaptcha EQ FORM.captcha)>
<!---
The user entered the correct text. Set the
flag for future use.
--->
<cfset blnIsBot = false />
</cfif>
<!--- Catch any errors. --->
<cfcatch>
<!--- Make sure the bot flag is set. --->
<cfset blnIsBot = true />
</cfcatch>
</cftry>
</cfif>
Now we have finished the script to check the users input we now need to generate the string and render the page for the user to input the value. So we need to generate a random combination of numbers and letters. We will use an array to hold the valid numbers and letters and will randomly choose valid numbers and letters from this array. We will then shuffle the array, and grab the first 8 characters.
<cfset arrValidChars = ListToArray(
"A,B,C,D,E,F,G,H,I,J,K,L,M,N,O,P,Q,R,S,T,U,V,W,X,Y,Z," &
"2,3,4,5,6,7,8,9"
) />
<!--- Now, shuffle the array. --->
<cfset CreateObject(
"java",
"java.util.Collections"
).Shuffle(
arrValidChars
)
/>
<!---
Now that we have a shuffled array, let's grab the
first 8 characters as our CAPTCHA text string.
--->
<cfset strCaptcha = (
arrValidChars[ 1 ] &
arrValidChars[ 2 ] &
arrValidChars[ 3 ] &
arrValidChars[ 4 ] &
arrValidChars[ 5 ] &
arrValidChars[ 6 ] &
arrValidChars[ 7 ] &
arrValidChars[ 8 ]
) />
"A,B,C,D,E,F,G,H,I,J,K,L,M,N,O,P,Q,R,S,T,U,V,W,X,Y,Z," &
"2,3,4,5,6,7,8,9"
) />
<!--- Now, shuffle the array. --->
<cfset CreateObject(
"java",
"java.util.Collections"
).Shuffle(
arrValidChars
)
/>
<!---
Now that we have a shuffled array, let's grab the
first 8 characters as our CAPTCHA text string.
--->
<cfset strCaptcha = (
arrValidChars[ 1 ] &
arrValidChars[ 2 ] &
arrValidChars[ 3 ] &
arrValidChars[ 4 ] &
arrValidChars[ 5 ] &
arrValidChars[ 6 ] &
arrValidChars[ 7 ] &
arrValidChars[ 8 ]
) />
We will now encrypt this string, and close the cfsilent tag, so it cannot be scraped by spiders
<cfset FORM.captcha_check = Encrypt(
strCaptcha,
"bots-aint-sexy",
"CFMX_COMPAT",
"HEX"
) />
</cfsilent>
strCaptcha,
"bots-aint-sexy",
"CFMX_COMPAT",
"HEX"
) />
</cfsilent>
Now you will need to write a script for what to do if the user had entered the string correctly, you can enter that between these tags.
<cfif blnIsBot eq false>
</cfif>
</cfif>
Now we need to write the form this if pretty easy, other than the cfimage tag.
<cfform>
<cfimage
action = "captcha"
height = "25"
text = "#strCaptcha#"
width = "150"
difficulty = "medium"
overwrite = "yes"
fonts = "Arial"
fontSize = "16"><br />
<!---
This is the hidden field that will flag form
submission for data validation.
--->
<cfinput type="hidden" name="submitted" value="1" />
<!---
This is the hidden field that we will check the
user's CAPTCHA text against. This is an encrypted
field so that spiders / bots cannot use it to
their advantage.
--->
<cfinput
type="hidden"
name="captcha_check"
value="#FORM.captcha_check#"
/>
Please enter text in image:<br />
<cfinput type="text" name="captcha" value="" /><br />
<cfif FORM.submitted>
<!--- Check for a bot. --->
<cfif blnIsBot>
<span class="style4">You incorrectly entered text from image</span><br />
</cfif>
</cfif>
<cfinput name="Check" type="submit" value="Check" />
</cfform>
<cfimage
action = "captcha"
height = "25"
text = "#strCaptcha#"
width = "150"
difficulty = "medium"
overwrite = "yes"
fonts = "Arial"
fontSize = "16"><br />
<!---
This is the hidden field that will flag form
submission for data validation.
--->
<cfinput type="hidden" name="submitted" value="1" />
<!---
This is the hidden field that we will check the
user's CAPTCHA text against. This is an encrypted
field so that spiders / bots cannot use it to
their advantage.
--->
<cfinput
type="hidden"
name="captcha_check"
value="#FORM.captcha_check#"
/>
Please enter text in image:<br />
<cfinput type="text" name="captcha" value="" /><br />
<cfif FORM.submitted>
<!--- Check for a bot. --->
<cfif blnIsBot>
<span class="style4">You incorrectly entered text from image</span><br />
</cfif>
</cfif>
<cfinput name="Check" type="submit" value="Check" />
</cfform>
Here is the Full code
<cfsilent>
<!--- Param FORM values. --->
<cfparam
name="FORM.captcha"
type="string"
default=""
/>
<cfparam
name="FORM.captcha_check"
type="string"
default=""
/>
<cftry>
<cfparam
name="FORM.submitted"
type="numeric"
default="0"
/>
<cfcatch>
<cfset FORM.submitted = 0 />
</cfcatch>
</cftry>
<!--- Set a flag to see if this user is a bot or not. --->
<cfset blnIsBot = true />
<!--- Check to see if the form has been submitted. --->
<cfif FORM.submitted>
<!---
Decrypt the captcha check value. Since this was
submitted via a FORM, we have to be careful about
attempts to hack it. Always put a Decrypt() call
inside of a CFTry / CFCatch block.
--->
<cftry>
<!--- Decrypt the check value. --->
<cfset strCaptcha = Decrypt(
FORM.captcha_check,
"bots-aint-sexy",
"CFMX_COMPAT",
"HEX"
) />
<!---
Check to see if the user-submitted value is
the same as the decrypted CAPTCHA value.
Remember, ColdFusion is case INsensitive with
the EQ opreator.
--->
<cfif (strCaptcha EQ FORM.captcha)>
<!---
The user entered the correct text. Set the
flag for future use.
--->
<cfset blnIsBot = false />
</cfif>
<!--- Catch any errors. --->
<cfcatch>
<!--- Make sure the bot flag is set. --->
<cfset blnIsBot = true />
</cfcatch>
</cftry>
</cfif>
<!---
Before we render the form, we have to figure out
which CAPTCHA text we are going to display. For
this, we have to come up with a random combination
of letters/numbers. For this, we are going to use an
easy solution which is shuffling an array of valid
characters.
--->
<!---
Create the array of valid characters. Leave out the
numbers 0 (zero) and 1 (one) as they can be easily
confused with the characters o and l (respectively).
--->
<cfset arrValidChars = ListToArray(
"A,B,C,D,E,F,G,H,I,J,K,L,M,N,O,P,Q,R,S,T,U,V,W,X,Y,Z," &
"2,3,4,5,6,7,8,9"
) />
<!--- Now, shuffle the array. --->
<cfset CreateObject(
"java",
"java.util.Collections"
).Shuffle(
arrValidChars
)
/>
<!---
Now that we have a shuffled array, let's grab the
first 8 characters as our CAPTCHA text string.
--->
<cfset strCaptcha = (
arrValidChars[ 1 ] &
arrValidChars[ 2 ] &
arrValidChars[ 3 ] &
arrValidChars[ 4 ] &
arrValidChars[ 5 ] &
arrValidChars[ 6 ] &
arrValidChars[ 7 ] &
arrValidChars[ 8 ]
) />
<!---
At this point, we have picked out the CAPTCHA string
that we want the users to ender. However, we don't
want to pass that text anywhere in the form otherwise
a spider might be able to scrape it. Thefefore, we now
want to encrypt this value into our check field.
--->
<cfset FORM.captcha_check = Encrypt(
strCaptcha,
"bots-aint-sexy",
"CFMX_COMPAT",
"HEX"
) />
</cfsilent>
<cfif blnIsBot eq false>
</cfif>
<cfform>
<cfimage
action = "captcha"
height = "25"
text = "#strCaptcha#"
width = "150"
difficulty = "medium"
overwrite = "yes"
fonts = "Arial"
fontSize = "16"><br />
<!---
This is the hidden field that will flag form
submission for data validation.
--->
<cfinput type="hidden" name="submitted" value="1" />
<!---
This is the hidden field that we will check the
user's CAPTCHA text against. This is an encrypted
field so that spiders / bots cannot use it to
their advantage.
--->
<cfinput
type="hidden"
name="captcha_check"
value="#FORM.captcha_check#"
/>
Please enter text in image:<br />
<cfinput type="text" name="captcha" value="" /><br />
<cfif FORM.submitted>
<!--- Check for a bot. --->
<cfif blnIsBot>
<span class="style4">You incorrectly entered text from image</span><br />
</cfif>
</cfif>
<cfinput name="Check" type="submit" value="Check" />
</cfform>
<!--- Param FORM values. --->
<cfparam
name="FORM.captcha"
type="string"
default=""
/>
<cfparam
name="FORM.captcha_check"
type="string"
default=""
/>
<cftry>
<cfparam
name="FORM.submitted"
type="numeric"
default="0"
/>
<cfcatch>
<cfset FORM.submitted = 0 />
</cfcatch>
</cftry>
<!--- Set a flag to see if this user is a bot or not. --->
<cfset blnIsBot = true />
<!--- Check to see if the form has been submitted. --->
<cfif FORM.submitted>
<!---
Decrypt the captcha check value. Since this was
submitted via a FORM, we have to be careful about
attempts to hack it. Always put a Decrypt() call
inside of a CFTry / CFCatch block.
--->
<cftry>
<!--- Decrypt the check value. --->
<cfset strCaptcha = Decrypt(
FORM.captcha_check,
"bots-aint-sexy",
"CFMX_COMPAT",
"HEX"
) />
<!---
Check to see if the user-submitted value is
the same as the decrypted CAPTCHA value.
Remember, ColdFusion is case INsensitive with
the EQ opreator.
--->
<cfif (strCaptcha EQ FORM.captcha)>
<!---
The user entered the correct text. Set the
flag for future use.
--->
<cfset blnIsBot = false />
</cfif>
<!--- Catch any errors. --->
<cfcatch>
<!--- Make sure the bot flag is set. --->
<cfset blnIsBot = true />
</cfcatch>
</cftry>
</cfif>
<!---
Before we render the form, we have to figure out
which CAPTCHA text we are going to display. For
this, we have to come up with a random combination
of letters/numbers. For this, we are going to use an
easy solution which is shuffling an array of valid
characters.
--->
<!---
Create the array of valid characters. Leave out the
numbers 0 (zero) and 1 (one) as they can be easily
confused with the characters o and l (respectively).
--->
<cfset arrValidChars = ListToArray(
"A,B,C,D,E,F,G,H,I,J,K,L,M,N,O,P,Q,R,S,T,U,V,W,X,Y,Z," &
"2,3,4,5,6,7,8,9"
) />
<!--- Now, shuffle the array. --->
<cfset CreateObject(
"java",
"java.util.Collections"
).Shuffle(
arrValidChars
)
/>
<!---
Now that we have a shuffled array, let's grab the
first 8 characters as our CAPTCHA text string.
--->
<cfset strCaptcha = (
arrValidChars[ 1 ] &
arrValidChars[ 2 ] &
arrValidChars[ 3 ] &
arrValidChars[ 4 ] &
arrValidChars[ 5 ] &
arrValidChars[ 6 ] &
arrValidChars[ 7 ] &
arrValidChars[ 8 ]
) />
<!---
At this point, we have picked out the CAPTCHA string
that we want the users to ender. However, we don't
want to pass that text anywhere in the form otherwise
a spider might be able to scrape it. Thefefore, we now
want to encrypt this value into our check field.
--->
<cfset FORM.captcha_check = Encrypt(
strCaptcha,
"bots-aint-sexy",
"CFMX_COMPAT",
"HEX"
) />
</cfsilent>
<cfif blnIsBot eq false>
</cfif>
<cfform>
<cfimage
action = "captcha"
height = "25"
text = "#strCaptcha#"
width = "150"
difficulty = "medium"
overwrite = "yes"
fonts = "Arial"
fontSize = "16"><br />
<!---
This is the hidden field that will flag form
submission for data validation.
--->
<cfinput type="hidden" name="submitted" value="1" />
<!---
This is the hidden field that we will check the
user's CAPTCHA text against. This is an encrypted
field so that spiders / bots cannot use it to
their advantage.
--->
<cfinput
type="hidden"
name="captcha_check"
value="#FORM.captcha_check#"
/>
Please enter text in image:<br />
<cfinput type="text" name="captcha" value="" /><br />
<cfif FORM.submitted>
<!--- Check for a bot. --->
<cfif blnIsBot>
<span class="style4">You incorrectly entered text from image</span><br />
</cfif>
</cfif>
<cfinput name="Check" type="submit" value="Check" />
</cfform>
discuss this topic to forum
