My version of Captcha
Rob Brooks Bilson has an interesting post on how CFX_captcha is (or was at the time of his post) is proving to be tough to beat.
For those (are there any) that don’t know, captcha systems are those annoying little things that ask us to type in some random string of letters and numbers.
As Rob points out, for those of us that are color blind these systems are really hard to deal with. Hell I’m not color blind and I often have to refresh until I get a legible string.
So this brings us to my version. I could have used cfx_captcha, but I’m cheap and it woulda cost like $10/month for CrystalTech to host the CFX for me. Pass!
I launched my blog with no spammer protection initially. That, as you can imagine didn’t go well. My comments were flooded with Spam almost immediately. Short of disabling comments I needed a solution, so I came up with something pretty elegant IMO.
On the surface it’s a Checkbox with a label of “I am human”
under the covers, I create a random number and save it to session scope. That number becomes the name of the form field for the checkbox. On the processing end of the comment processor, I look for a form field that matches my random number. If I have it, the comment passes. If not, I quietly disregard the comment.
<CFSET SESSION.RandPart = RandRange(1,999999999)>
<CFOUTPUT><BR><input type=”checkbox” name=”FORM_#SESSION.RandPart#” value=”1″> I am Human (no check, no post).<BR></CFOUTPUT>
On the processing page it’s pretty simple.
<CFIF (Find(“www.johnwilker”, CGI.HTTP_REFERER) OR Find(“localhost”, CGI.HTTP_REFERER)) AND IsDefined(“#VARIABLES.LocalName#”)>
If it passes then the post is put into the database, if not the form says thanks and moves on.
I’m not sure how foolproof it is, but since I launched it. it’s never failed me. And it doesn’t offend the color blind.