My version of Captcha

Rob Brooks Bilson has an interesting post on how CFX_captcha is (or was at the time of his post) is proving to be tough to beat.

For those (are there any) that don’t know, captcha systems are those annoying little things that ask us to type in some random string of letters and numbers.

As Rob points out, for those of us that are color blind these systems are really hard to deal with. Hell I’m not color blind and I often have to refresh until I get a legible string.

So this brings us to my version. I could have used cfx_captcha, but I’m cheap and it woulda cost like $10/month for CrystalTech to host the CFX for me. Pass!

I launched my blog with no spammer protection initially. That, as you can imagine didn’t go well. My comments were flooded with Spam almost immediately. Short of disabling comments I needed a solution, so I came up with something pretty elegant IMO.

On the surface it’s a Checkbox with a label of “I am human”

under the covers, I create a random number and save it to session scope. That number becomes the name of the form field for the checkbox. On the processing end of  the comment processor, I look for a form field that matches my random number. If I have it, the comment passes. If not, I quietly disregard the comment.

<!— Random GUID Maker to fool spammer assholes —>

<CFSET SESSION.RandPart = RandRange(1,999999999)>

<CFOUTPUT><BR><input type=”checkbox” name=”FORM_#SESSION.RandPart#” value=”1″> I am Human (no check, no post).<BR></CFOUTPUT>

On the processing page it’s pretty simple.

<CFSET VARIABLES.LocalName = “FORM_#SESSION.RandPart#”>
<CFIF (Find(“www.johnwilker”, CGI.HTTP_REFERER) OR Find(“localhost”, CGI.HTTP_REFERER)) AND IsDefined(“#VARIABLES.LocalName#”)>

If it passes then the post is put into the database, if not the form says thanks and moves on.

I’m not sure how foolproof it is, but since I launched it. it’s never failed me. And it doesn’t offend the color blind.

4 thoughts on “My version of Captcha

  1. steve Post author

    isn’t variables.localname always going to be defined? as you are assigning it “FORM_” at a minimum (even if checkbox is not checked)?

  2. John Post author

    Actually the IsDefined() is checking for the form var since I use IsDefined(“#var#”)
    normally you don’t use pounds in isdefined, since you want to look for the var. by setting localname to the form var name, the ## allow me to see if the form var is defined. not checking the checkbox, that form var isn’t defined.

  3. steve

    isn't variables.localname always going to be defined? as you are assigning it "FORM_" at a minimum (even if checkbox is not checked)?

  4. John

    Actually the IsDefined() is checking for the form var since I use IsDefined("#var#")
    normally you don't use pounds in isdefined, since you want to look for the var. by setting localname to the form var name, the ## allow me to see if the form var is defined. not checking the checkbox, that form var isn't defined.

Comments are closed.