So, try as you might, the 'net is sated with bots crawling about trying to inspect and infect nearly anything and everything. Feedback pages can be a torturous for companies. It’s not that odd to see the signal-to-noise ratio waaaay too noisy for any value.
Enter CAPTCHA…yep, it’s an acronym (Completely Automated Public Turing test to tell Computers and Humans Apart.) Here’s some good background http://en.wikipedia.org/wiki/CAPTCHA if you’re really interested.
reCAPTCHA (http://recaptcha.net/) is a “free” system & service developed by Carnegie Mellon University to help them digitize textbooks while providing you with a challenge/response mechanism that most bots have trouble with. It works like this; reCAPTCHA gives a challenge to you that includes a known, control word along with the CAPTCHA (a questionable word that the OCR is having trouble with). The idea is that if a human response matches up the control word, then the CAPTCHA must be correct too.
The net effect is…you get a decent human vs. bot confirmation process and reCAPTCHA gets some of their OCR’ed text cleaned up.
There are a variety of ways (they call them plugins) to use the reCAPTCHA system listed on their site but using it with Classic ASP is a bit of a chore. Here’s a quick and easy fix that uses the reCAPTCHA API directly.
Include these two VBScript functions in your ASP code:
01 <%
02 'builds & returns reCAPTCHA challenge web part (JavaScript)
03 'needs the reCAPTCHA Public Key
04 'uses the reCAPTCHA Client API Challenge web service
05 Function RecaptchaChallengeWriter(recaptchaPublicKey)
06
07 'build challenge
08 Dim webPart
09 webPart = "<script type=""text/javascript"">" & _
10 "var RecaptchaOptions = {" & _
11 " theme : 'white'," & _
12 " lang : 'en'," & _
13 " tabindex : 0" & _
14 "};" & _
15 "</script>" & _
16 "<script type=""text/javascript"" src=""http://api.recaptcha.net/challenge?k=" & recaptchaPublicKey & """></script>" & _
17 "<noscript>" & _
18 "<iframe src=""http://api.recaptcha.net/noscript?k=" & recaptchaPublicKey & """ frameborder=""1""></iframe><br>" & _
19 "<textarea name=""recaptchaChallenge"" rows=""3"" cols=""40""></textarea>" & _
20 "<input type=""hidden"" name=""recaptchaResponse"" value=""manual_challenge"">" & _
21 "</noscript>"
22
23 'return the challenge
24 RecaptchaChallengeWriter = webPart
25
26 End Function
27
28 'validate the reCAPTCHA info entered by the user
29 'needs the ReCAPTCHA Private key along with the challenge and response form fields
30 'uses the reCAPTCHA Client API Verify web service
31 Function RecaptchaValidate(privateKey, challenge, response)
32
33 'our function result holder
34 Dim validateMessage
35
36 'build the request string
37 Dim httpRequestString
38 httpRequestString = "privatekey=" & privateKey & _
39 "&remoteip=" & Request.ServerVariables("REMOTE_ADDR") & _
40 "&challenge=" & challenge & _
41 "&response=" & response
42
43 'using ServerXMLHTTP to post the request
44 Dim xmlHttp
45 Set xmlHttp = Server.CreateObject("MSXML2.ServerXMLHTTP")
46
47 'for the request
48 xmlHttp.open "POST", "http://api-verify.recaptcha.net/verify", False
49 xmlHttp.setRequestHeader "Content-Type", "application/x-www-form-urlencoded"
50 xmlHttp.send httpRequestString
51
52 'save the response
53 Dim verifyResponse
54 verifyResponse = split(xmlHttp.responseText, vblf)
55
56 'release th ServerXMLHTTP object
57 Set xmlHttp = Nothing
58
59 'user response validated?
60 If verifyResponse(0) = "true" Then
61
62 'good response...we'll pass back goodness
63 validateMessage = ""
64
65 Else
66
67 'something's not correct...send back the message
68 validateMessage = verifyResponse(1)
69
70 End If
71
72 'set return code
73 RecaptchaValidate = validateMessage
74
75 End Function
76 %>
And whereever you'd like to see the CAPTCHA box on your form, use this:
1 <%=RecaptchaChallengeWriter("your reCAPTCHA public key goes here")%>
Then when you're ready to see if a post is validated, use this:
1 'let's make sure it ain't no robot
2 Dim isRecaptchaValid
3 isRecaptchaValid = RecaptchaValidate("your reCAPTCHA private key goes here", Form.Item("recaptchaChallenge"), Form.Item("recaptchaResponse"))
4
5 'anything other than a blank coming back is badness
6 if (isRecaptchaValid = "") Then
Simple as that. I've used it a few times now on different sites both with Classic ASP and beyond...never a problem.
