|
Return to CGI Library
Return to Form Handling
This page discusses the CAPTCHA logic we have added to our form
handling gadgets to reduce spam.
The captchas will work without changing your forms, but you have
the option of disabling them, or integrating them into your
forms to make the pages flow more smoothly.
Introduction:
If you've been using e-mail for more than a day or two, you have
probably learned about "SPAM". Recently spammers have begun
using the input forms on websites to spam the webmasters :(. Fortunately,
computer folks have a solution: use an image that people can easily
recognize, but which computers can not.
(This is called a captcha, see wikipedia for details.)
We have modified our form handling scripts to include captcha functionality.
If a form is submited without a correct captcha guess, then a new/extra page
is displayed which has a form containing the captcha and the contents of
the previous form (which are stored as hidden fields).
Here are two simple examples:
captcha_ex.html, and
captcha_ex2.html.
The default captcha page uses the ERRORFTR and ERRORHDR
fields described here, so it may already
have some of the look and feel of your site.
Disabling the captcha:
To turn off the captchas, simply add a <!NOCAPTCHA>
tag to your page. (Hhmm, that may not be standards compliant, we may add
another tag.)
Integrating the captcha to avoid the extra page:
Modifying your HTML forms to include the captcha logic will improve the
flow of your site (by avoiding the extra captcha page), and allow you to
introduce the captcha to your visitors using your own description.
The simplest way to include the captcha on your form page requires three
things: including the captcha image, adding a prompt, and adding an
input field. The example below just uses the mail2 gadget to do a
redirect, but a more usefull example would send an e-mail t
<form action="/cgi-bin/mail2" method="post">
<input type="hidden" name="To" value="someone@example.com" />
Where do you want to say? <input type="text" name="Message" />
<IMG SRC="/cgi-bin/captcha">
Enter the three letters from the image above:
<input name="BM_captcha" size=5>
<input type="submit" value="Send your message">
</form>
If you need to, you can tweak the height and width of the captcha:
<IMG SRC="/cgi-bin/captcha?BM_height=150&BM_width=250">
Technical Notes
Disabling the captcha functionality requires that the browser pass
in the correct Referer: header. This doesn't always happen and some visitors
may still see the captcha even if the page with the form contains the
NOCAPTCHA tag.
Our captchas are time based. The answer for any given "seed" changes
fairly quickly. (Every 5 minutes as of Oct 2006). The sytem is smart
enough to check the last two valid answers, but this can still be an
issue if you have a big form that takes a long time (e.g. 5-10 minutes) to
answer. Our suggestion is to leave out the captcha image, but tell the
visitor they have one more short page to handle.
The most sophisticated setup will include setting a "salt" so the captcha
changes more quickly.
<!--#config timefmt="%s"-->
<!--#set var="salt" value="${REMOTE_ADDR}_${DATE_LOCAL}"-->
<form action="/cgi-bin/mail2" method="post">
<input type="hidden" name="To" value="someone@example.com" />
Where do you want to say? <input type="text" name="Message" />
<IMG SRC="/cgi-bin/captcha?BM_salt=<!--#echo var="salt"-->">
Enter the three letters from the image above:
<input name="BM_captcha" size=5>
<input type="submit" value="Send your message">
<input type=hidden name=BM_salt value="<!--#echo var="salt"-->">
</form>
| 
