Solved

trying to incorporate captcha into an existing asp form and email routine

Posted on 2006-11-27
6
518 Views
Last Modified: 2008-01-09
Hello,

I am trying to incorporate a captcha into an existing form due to the huge amount of spam we are getting from this form on our website. I have placed the security field above my submit button on the asp form. Just need a way to keep someone from getting past entering the correct value before the email is sent. I basically want an email to be generated if the code is correct, if not return to the form from the page that generates the email with the fields still having their original values and the user returned to the security code field asking them to press the load new code link and enter the correct code this time.

The variable is named (blnCAPTCHAcodeCorrect).

Here is the code for the asp form named contact-us.asp:

The form page is named contact-us.asp and here the code.

<FORM ACTION="sendeform.asp" METHOD="POST" onsubmit="return validateForm(this)" name="Form1">
  <p><font face="Arial" size="2">Name </font>  
  <font face="Arial" size="2" color="#000080">(required)</font><br>
  <input type="text" name="Name" size="40" maxlength="70">&nbsp;<br>
  <font face="Arial" size="2">  E-mail Address </font>
  <font face="Arial" size="2" color="#000080">(required)</font><font face="Arial" size="2"> </font>
   <font face="Arial" size="2">  <br>
    <input type="text" name="EmailAddress" size="35" maxlength="35"><BR>
  </font>
   <font face="Arial" size="2">Subject</font><font face="Arial" size="2"><BR>
   </font>
   <select name="Subject" size="1">
   <option selected value="Other">Please Select</option>
   <option value="Acceptable Use Violation">Acceptable Use Violation</option>
   <option value="Billing Question">Billing Question</option>
   <option value="Custom Quote">Custom Quote</option>
   <option value="Service Request">Service Request</option>
   <option value="Technical Support">Technical Support</option>
   <option value="Web Site Access">Web Site Access</option>
   </select><BR>

   <font face="Arial" size="2">Daytime Phone </font>
   <font face="Arial" size="2" color="#000080">(required)</font><font face="Arial" size="2"><BR>
   <INPUT maxLength="12" name="DaytimePhone" size="12" onfocus="doSubmit=false;"
    onblur="checkPhone(this);" onkeyup="phoneMask(this);" onkeydown="phoneMask(this);"
    value=""/><br>
  </font>
 
  <font face="Arial" size="2">Street Address</font><font face="Arial" size="2"><BR>  
   <INPUT TYPE="text" NAME="StreetAddress" SIZE="45" /><BR>  
  </font>
 
  <font face="Arial" size="2">City</font><font face="Arial" size="2"><BR><INPUT TYPE="text" NAME="City" SIZE="45" /><BR>  
  </font>
 
  <font face="Arial" size="2">State</font><font face="Arial" size="2"><BR>  
  </font>
 
   <select name="State" size="1">
   <option selected value="FL">Please Select</option>
   <option value="FL">FLORIDA</option>
   <option value="GA">GEORGIA</option>
   <option value="TN">TENNESSEE</option>
   <option value="SC">SOUTH CAROLINA</option>
   <option value="NC">NORTH CAROLINA</option>
   </select><font face="Arial" size="2"><BR>  
  </font>
 
  <font face="Arial" size="2">Zip Code</font><font face="Arial" size="2"><BR><INPUT TYPE="text" NAME="ZipCode" SIZE="15"><BR>  
  </font>
 
  <font face="Arial" size="2">Enter Question Here</font>
  <font face="Arial" size="2"><BR>
  <TEXTAREA COLS=50 ROWS=12 NAME="message"></TEXTAREA>
 
<!-- include the Web Wiz CAPTCHA form -->
<!--#include file="CAPTCHA/CAPTCHA_form_inc.asp" -->

  <INPUT TYPE="submit" VALUE="Only press once to send" />
  <INPUT TYPE="reset" VALUE="Clear" />  
  </font>
  </FORM>


Here are the instructions that came with the captcha:

1. Place the folder, and it's contents, named 'CAPTCHA' into the same directory that your
web form you wish to integrate Web Wiz CAPTCHA into is within.


2. The web page that contains the HTML web form you wish to integrate Web Wiz CAPTCHA into must
have an .asp extension (eg. my_own_form_file.asp (this is an example file name and not a real
file))


3. Open your web form in a text editor and place the following code into the part of your
form where you wish the CAPTCHA image and textarea to be:-

     <!-- include the Web Wiz CAPTCHA form -->
     <!--#include file="CAPTCHA/CAPTCHA_form_inc.asp" -->

     
4. Open the file in a text editor that is to process your web form input, and place the
following code at the top of the file (not within ASP blocks):-

     <!-- Include file for CAPTCHA form processing -->            
     <!-- #include file="CAPTCHA/CAPTCHA_process_form.asp" -->

     
5. Now within the file you entered the code from the last step into you can call the following
variable to check that the CAPTCHA code entered is correct.

     blnCAPTCHAcodeCorrect
     
If the CAPTCHA code entered is correct the above variable with be set to true, if the CAPTCHA code
has not been entered correctly the variable will be set to false.


     5.1 Below is some sample code to check the CAPTCHA code is correct:-
     
          <%

          If blnCAPTCHAcodeCorrect = True Then
               Response.Write(" CAPTCHA code is correct")
          ElseIf  blnCAPTCHAcodeCorrect = False Then
               Response.Write(" CAPTCHA code is NOT correct")
          End If

          %>


Here is the page (eform.asp) that is called by pressing the submit button (the one that actually generates the email and the one that is supposed to check the value of thevariable blnCAPTCHAcodeCorrect is true or false.
I do not want an email sent if the variable is false. I would like the person just returned to the form with an error saying you incorrectly entered the captcha, hopefully the form would still have the other values they already entered.
So I need help incorporating this into this asp code.

<% If "" & Request("EmailAddress") <> "" Then
    Set Mail = Server.CreateObject("Persits.MailSender")
    Mail.Host = "mail.example.net" 'specify valid SMTP host
    Mail.From = Request("EmailAddress") 'specify senders address
    Mail.FromName = Request("Name") 'specify senders name
    Mail.AddAddress "sales@example.net"                      
    'Mail.AddCC "admin@example.net"
    'Mail.AddCustomHeader "Return-Receipt-To: <sales@example.net>"
    'Mail.AddCustomHeader "Disposition-Notification-To: <sales@example.net>"  
    Mail.Subject = Request("Subject")
    'Build message body
    Body = "IP Address: " & Request.ServerVariables("REMOTE_HOST") & chr(13) & chr(10)
    Body = Body & "Daytime Phone No: " & Request("DaytimePhone") & chr(13) & chr(10)
    Body = Body & "Address: " & Request("StreetAddress") & chr(13) & chr(10)
    Body = Body & "City: " & Request("City") & chr(13) & chr(10)
    Body = Body & "State: " & Request("State") & chr(13) & chr(10)
    Body = Body & "Zip Code: " & Request("ZipCode") & chr(13) & chr(10)
    Body = Body & "Message: " & Request("Message") & chr(13) & chr(10)
 
    Mail.Body = Body ' assign string to Mail.Body
 
    On Error Resume Next
    Mail.Send()
    Set Mail = Nothing
    Response.Redirect("thankyou.htm")
    If Err <> 0 Then
      Response.Write "Error encountered: " & Err.Description
    End If
     Else %>
<script language="JavaScript" type="text/javascript">javascript: window.history.back(-1)</script>
<% End IF %>

Thank you in advance.
 
0
Comment
Question by:TrueBlue
  • 4
  • 2
6 Comments
 
LVL 54

Expert Comment

by:b0lsc0tt
ID: 18020836
TrueBlue,

The code modified code for sendeform.asp is below.  It will check to see if the CAPTCHA variable is true and if so then it will continue to process.  Otherwise it will set the values from the form as session variables and redirect to the form.  I will include the modified form code next.

<% If "" & Request("EmailAddress") <> "" Then
    If blnCAPTCHAcodeCorrect <> True then
       Session("email") = Request("EmailAddress")
       Session("name") = Request("Name")
       Session("subject") = Request("Subject")
       Session("DaytimePhone") = Request("DaytimePhone")
       Session("Address") = Request("StreetAddress")
       Session("City") = Request("City")
       Session("State") = Request("State")
       Session("Zip") = Request("ZipCode")
       Session("Message") = Request("Message")
       Response.Redirect "formpage.asp?err=captcha"
    Else
    Set Mail = Server.CreateObject("Persits.MailSender")
    Mail.Host = "mail.example.net" 'specify valid SMTP host
    Mail.From = Request("EmailAddress") 'specify senders address
    Mail.FromName = Request("Name") 'specify senders name
    Mail.AddAddress "sales@example.net"                      
    'Mail.AddCC "admin@example.net"
    'Mail.AddCustomHeader "Return-Receipt-To: <sales@example.net>"
    'Mail.AddCustomHeader "Disposition-Notification-To: <sales@example.net>"  
    Mail.Subject = Request("Subject")
    'Build message body
    Body = "IP Address: " & Request.ServerVariables("REMOTE_HOST") & chr(13) & chr(10)
    Body = Body & "Daytime Phone No: " & Request("DaytimePhone") & chr(13) & chr(10)
    Body = Body & "Address: " & Request("StreetAddress") & chr(13) & chr(10)
    Body = Body & "City: " & Request("City") & chr(13) & chr(10)
    Body = Body & "State: " & Request("State") & chr(13) & chr(10)
    Body = Body & "Zip Code: " & Request("ZipCode") & chr(13) & chr(10)
    Body = Body & "Message: " & Request("Message") & chr(13) & chr(10)
 
    Mail.Body = Body ' assign string to Mail.Body
 
    On Error Resume Next
    Mail.Send()
    Set Mail = Nothing
    Response.Redirect("thankyou.htm")
    If Err <> 0 Then
      Response.Write "Error encountered: " & Err.Description
    End If
    End if
     Else %>
<script language="JavaScript" type="text/javascript">javascript: window.history.back(-1)</script>
<% End IF %>

Let me know if you have any questions or need more information.

b0lsc0tt
0
 
LVL 54

Expert Comment

by:b0lsc0tt
ID: 18020914
The form code for contact-us.asp could be the following:

<%
If Request.Querystring("err") = "captcha" then
%>
<div align="center">There was an error with the letters you entered.  Please look at the image in the form and type the letters you see.</div>
<%
End if
%>
<FORM ACTION="sendeform.asp" METHOD="POST" onsubmit="return validateForm(this)" name="Form1">
  <p><font face="Arial" size="2">Name </font>  
  <font face="Arial" size="2" color="#000080">(required)</font><br>
  <input type="text" name="Name" size="40" maxlength="70" value="<%= Session("name") %>">&nbsp;<br>
  <font face="Arial" size="2">  E-mail Address </font>
  <font face="Arial" size="2" color="#000080">(required)</font><font face="Arial" size="2"> </font>
   <font face="Arial" size="2">  <br>
    <input type="text" name="EmailAddress" size="35" maxlength="35" value="<%= Session("email") %>"><BR>
  </font>
   <font face="Arial" size="2">Subject</font><font face="Arial" size="2"><BR>
   </font>
   <select name="Subject" size="1">
   <option value="Other" <% If Session("subject") = "" then Response.Write "selected" %>>Please Select</option>
   <option value="Acceptable Use Violation" <% If Session("subject") = "Acceptable Use Violation" then Response.Write "selected" %>>Acceptable Use Violation</option>
   <option value="Billing Question" <% If Session("subject") = "Billing Question" then Response.Write "selected" %>>Billing Question</option>
   <option value="Custom Quote" <% If Session("subject") = "Custom Quote" then Response.Write "selected" %>>Custom Quote</option>
   <option value="Service Request" <% If Session("subject") = "Service Request" then Response.Write "selected" %>>Service Request</option>
   <option value="Technical Support" <% If Session("subject") = "Technical Support" then Response.Write "selected" %>>Technical Support</option>
   <option value="Web Site Access" <% If Session("subject") = "Web Site Access" then Response.Write "selected" %>>Web Site Access</option>
   </select><BR>

   <font face="Arial" size="2">Daytime Phone </font>
   <font face="Arial" size="2" color="#000080">(required)</font><font face="Arial" size="2"><BR>
   <INPUT maxLength="12" name="DaytimePhone" size="12" onfocus="doSubmit=false;"
    onblur="checkPhone(this);" onkeyup="phoneMask(this);" onkeydown="phoneMask(this);"
    value="<%= Session("DaytimePhone") %>"/><br>
  </font>
 
  <font face="Arial" size="2">Street Address</font><font face="Arial" size="2"><BR>  
   <INPUT TYPE="text" NAME="StreetAddress" SIZE="45" value="<%= Session("Address") %>" /><BR>  
  </font>
 
  <font face="Arial" size="2">City</font><font face="Arial" size="2"><BR><INPUT TYPE="text" NAME="City" SIZE="45" value="<%= Session("City") %>" /><BR>  
  </font>
 
  <font face="Arial" size="2">State</font><font face="Arial" size="2"><BR>  
  </font>
 
   <select name="State" size="1">
   <option value="FL" <% If Session("State") = "FL" then Response.Write "selected" %>>Please Select</option>
   <option value="FL" <% If Session("State") = "FL" then Response.Write "selected" %>>FLORIDA</option>
   <option value="GA" <% If Session("State") = "GA" then Response.Write "selected" %>>GEORGIA</option>
   <option value="TN" <% If Session("State") = "TN" then Response.Write "selected" %>>TENNESSEE</option>
   <option value="SC" <% If Session("State") = "SC" then Response.Write "selected" %>>SOUTH CAROLINA</option>
   <option value="NC" <% If Session("State") = "NC" then Response.Write "selected" %>>NORTH CAROLINA</option>
   </select><font face="Arial" size="2"><BR>  
  </font>
 
  <font face="Arial" size="2">Zip Code</font><font face="Arial" size="2"><BR><INPUT TYPE="text" NAME="ZipCode" SIZE="15" value="<%= Session("Zip") %>"><BR>  
  </font>
 
  <font face="Arial" size="2">Enter Question Here</font>
  <font face="Arial" size="2"><BR>
  <TEXTAREA COLS=50 ROWS=12 NAME="message"><%= Session("Message") %></TEXTAREA>
 
<!-- include the Web Wiz CAPTCHA form -->
<!--#include file="CAPTCHA/CAPTCHA_form_inc.asp" -->

  <INPUT TYPE="submit" VALUE="Only press once to send" />
  <INPUT TYPE="reset" VALUE="Clear" />  
  </font>
  </FORM>

This code will display an error message if CAPTCHA fails and will fill in the form fields using the session variables.

Let me know if you have any questions about any of this.

bol
0
 

Author Comment

by:TrueBlue
ID: 18021600
bol,

Well I am impressed!

Only one other question, is there a way to take this error and make it so that a popup message appears on top of the contact-us.asp page that the user just presses ok and then continues entering the correct code?

<%
If Request.Querystring("err") = "captcha" then
%>
<div align="center">There was an error with the letters you entered.  Please look at the image in the form and type the letters you see.</div>
<%
End if
%>

I just think the user may miss this message.

Thank you for your help.

Chuck
0
Three Reasons Why Backup is Strategic

Backup is strategic to your business because your data is strategic to your business. Without backup, your business will fail. This white paper explains why it is vital for you to design and immediately execute a backup strategy to protect 100 percent of your data.

 
LVL 54

Accepted Solution

by:
b0lsc0tt earned 500 total points
ID: 18021721
You can do that using javascript.  You could replace the part that is written if the If is true with script tags.  However if javascript isn't supported by the browser or disabled by the user then no message would appear.  I modified the code below with an example ...

<%
If Request.Querystring("err") = "captcha" then
%>
<script type="text/javascript">alert("There was an error with the letter you entered.  Please look at the image in the form and type the letters you see.");</script>
<%
End if
%>

I usually make this message more visible by changing the font color.  In most cases I will use red since it isn't used in other fonts on the page.  Since it is right above the form, red, and has room (i.e. padding or margin) it stands out.  This works even if javascript is not working.  A sample is below but you may need to adjust it depending on how the form fits in your page.

<%
If Request.Querystring("err") = "captcha" then
%>
<div align="center" style="color: red;">There was an error with the letters you entered.  Please look at the image in the form and type the letters you see.</div>
<%
End if
%>

bol
0
 
LVL 54

Expert Comment

by:b0lsc0tt
ID: 18023510
I'm glad that I could help you.  Thank you for the grade, the points and the fun question.  Hopefully this will cut down on the spam.

bol
0
 

Author Comment

by:TrueBlue
ID: 18026939
Bol,

I have one more question for you, please see the following link:

http://www.experts-exchange.com/Web/Web_Languages/ASP/Q_22074514.html

0

Featured Post

Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

I have helped a lot of people on EE with their coding sources and have enjoyed near about every minute of it. Sometimes it can get a little tedious but it is always a challenge and the one thing that I always say is:  The Exchange of information …
Hello, all! I just recently started using Microsoft's IIS 7.5 within Windows 7, as I just downloaded and installed the 90 day trial of Windows 7. (Got to love Microsoft for allowing 90 days) The main reason for downloading and testing Windows 7 is t…
This Micro Tutorial will give you a basic overview how to record your screen with Microsoft Expression Encoder. This program is still free and open for the public to download. This will be demonstrated using Microsoft Expression Encoder 4.
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…

825 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question