Solved

trying to incorporate captcha into an existing asp form and email routine

Posted on 2006-11-27
6
514 Views
Last Modified: 2008-01-09
Hello,

I am trying to incorporate a captcha into an existing form due to the huge amount of spam we are getting from this form on our website. I have placed the security field above my submit button on the asp form. Just need a way to keep someone from getting past entering the correct value before the email is sent. I basically want an email to be generated if the code is correct, if not return to the form from the page that generates the email with the fields still having their original values and the user returned to the security code field asking them to press the load new code link and enter the correct code this time.

The variable is named (blnCAPTCHAcodeCorrect).

Here is the code for the asp form named contact-us.asp:

The form page is named contact-us.asp and here the code.

<FORM ACTION="sendeform.asp" METHOD="POST" onsubmit="return validateForm(this)" name="Form1">
  <p><font face="Arial" size="2">Name </font>  
  <font face="Arial" size="2" color="#000080">(required)</font><br>
  <input type="text" name="Name" size="40" maxlength="70">&nbsp;<br>
  <font face="Arial" size="2">  E-mail Address </font>
  <font face="Arial" size="2" color="#000080">(required)</font><font face="Arial" size="2"> </font>
   <font face="Arial" size="2">  <br>
    <input type="text" name="EmailAddress" size="35" maxlength="35"><BR>
  </font>
   <font face="Arial" size="2">Subject</font><font face="Arial" size="2"><BR>
   </font>
   <select name="Subject" size="1">
   <option selected value="Other">Please Select</option>
   <option value="Acceptable Use Violation">Acceptable Use Violation</option>
   <option value="Billing Question">Billing Question</option>
   <option value="Custom Quote">Custom Quote</option>
   <option value="Service Request">Service Request</option>
   <option value="Technical Support">Technical Support</option>
   <option value="Web Site Access">Web Site Access</option>
   </select><BR>

   <font face="Arial" size="2">Daytime Phone </font>
   <font face="Arial" size="2" color="#000080">(required)</font><font face="Arial" size="2"><BR>
   <INPUT maxLength="12" name="DaytimePhone" size="12" onfocus="doSubmit=false;"
    onblur="checkPhone(this);" onkeyup="phoneMask(this);" onkeydown="phoneMask(this);"
    value=""/><br>
  </font>
 
  <font face="Arial" size="2">Street Address</font><font face="Arial" size="2"><BR>  
   <INPUT TYPE="text" NAME="StreetAddress" SIZE="45" /><BR>  
  </font>
 
  <font face="Arial" size="2">City</font><font face="Arial" size="2"><BR><INPUT TYPE="text" NAME="City" SIZE="45" /><BR>  
  </font>
 
  <font face="Arial" size="2">State</font><font face="Arial" size="2"><BR>  
  </font>
 
   <select name="State" size="1">
   <option selected value="FL">Please Select</option>
   <option value="FL">FLORIDA</option>
   <option value="GA">GEORGIA</option>
   <option value="TN">TENNESSEE</option>
   <option value="SC">SOUTH CAROLINA</option>
   <option value="NC">NORTH CAROLINA</option>
   </select><font face="Arial" size="2"><BR>  
  </font>
 
  <font face="Arial" size="2">Zip Code</font><font face="Arial" size="2"><BR><INPUT TYPE="text" NAME="ZipCode" SIZE="15"><BR>  
  </font>
 
  <font face="Arial" size="2">Enter Question Here</font>
  <font face="Arial" size="2"><BR>
  <TEXTAREA COLS=50 ROWS=12 NAME="message"></TEXTAREA>
 
<!-- include the Web Wiz CAPTCHA form -->
<!--#include file="CAPTCHA/CAPTCHA_form_inc.asp" -->

  <INPUT TYPE="submit" VALUE="Only press once to send" />
  <INPUT TYPE="reset" VALUE="Clear" />  
  </font>
  </FORM>


Here are the instructions that came with the captcha:

1. Place the folder, and it's contents, named 'CAPTCHA' into the same directory that your
web form you wish to integrate Web Wiz CAPTCHA into is within.


2. The web page that contains the HTML web form you wish to integrate Web Wiz CAPTCHA into must
have an .asp extension (eg. my_own_form_file.asp (this is an example file name and not a real
file))


3. Open your web form in a text editor and place the following code into the part of your
form where you wish the CAPTCHA image and textarea to be:-

     <!-- include the Web Wiz CAPTCHA form -->
     <!--#include file="CAPTCHA/CAPTCHA_form_inc.asp" -->

     
4. Open the file in a text editor that is to process your web form input, and place the
following code at the top of the file (not within ASP blocks):-

     <!-- Include file for CAPTCHA form processing -->            
     <!-- #include file="CAPTCHA/CAPTCHA_process_form.asp" -->

     
5. Now within the file you entered the code from the last step into you can call the following
variable to check that the CAPTCHA code entered is correct.

     blnCAPTCHAcodeCorrect
     
If the CAPTCHA code entered is correct the above variable with be set to true, if the CAPTCHA code
has not been entered correctly the variable will be set to false.


     5.1 Below is some sample code to check the CAPTCHA code is correct:-
     
          <%

          If blnCAPTCHAcodeCorrect = True Then
               Response.Write(" CAPTCHA code is correct")
          ElseIf  blnCAPTCHAcodeCorrect = False Then
               Response.Write(" CAPTCHA code is NOT correct")
          End If

          %>


Here is the page (eform.asp) that is called by pressing the submit button (the one that actually generates the email and the one that is supposed to check the value of thevariable blnCAPTCHAcodeCorrect is true or false.
I do not want an email sent if the variable is false. I would like the person just returned to the form with an error saying you incorrectly entered the captcha, hopefully the form would still have the other values they already entered.
So I need help incorporating this into this asp code.

<% If "" & Request("EmailAddress") <> "" Then
    Set Mail = Server.CreateObject("Persits.MailSender")
    Mail.Host = "mail.example.net" 'specify valid SMTP host
    Mail.From = Request("EmailAddress") 'specify senders address
    Mail.FromName = Request("Name") 'specify senders name
    Mail.AddAddress "sales@example.net"                      
    'Mail.AddCC "admin@example.net"
    'Mail.AddCustomHeader "Return-Receipt-To: <sales@example.net>"
    'Mail.AddCustomHeader "Disposition-Notification-To: <sales@example.net>"  
    Mail.Subject = Request("Subject")
    'Build message body
    Body = "IP Address: " & Request.ServerVariables("REMOTE_HOST") & chr(13) & chr(10)
    Body = Body & "Daytime Phone No: " & Request("DaytimePhone") & chr(13) & chr(10)
    Body = Body & "Address: " & Request("StreetAddress") & chr(13) & chr(10)
    Body = Body & "City: " & Request("City") & chr(13) & chr(10)
    Body = Body & "State: " & Request("State") & chr(13) & chr(10)
    Body = Body & "Zip Code: " & Request("ZipCode") & chr(13) & chr(10)
    Body = Body & "Message: " & Request("Message") & chr(13) & chr(10)
 
    Mail.Body = Body ' assign string to Mail.Body
 
    On Error Resume Next
    Mail.Send()
    Set Mail = Nothing
    Response.Redirect("thankyou.htm")
    If Err <> 0 Then
      Response.Write "Error encountered: " & Err.Description
    End If
     Else %>
<script language="JavaScript" type="text/javascript">javascript: window.history.back(-1)</script>
<% End IF %>

Thank you in advance.
 
0
Comment
Question by:TrueBlue
  • 4
  • 2
6 Comments
 
LVL 54

Expert Comment

by:b0lsc0tt
ID: 18020836
TrueBlue,

The code modified code for sendeform.asp is below.  It will check to see if the CAPTCHA variable is true and if so then it will continue to process.  Otherwise it will set the values from the form as session variables and redirect to the form.  I will include the modified form code next.

<% If "" & Request("EmailAddress") <> "" Then
    If blnCAPTCHAcodeCorrect <> True then
       Session("email") = Request("EmailAddress")
       Session("name") = Request("Name")
       Session("subject") = Request("Subject")
       Session("DaytimePhone") = Request("DaytimePhone")
       Session("Address") = Request("StreetAddress")
       Session("City") = Request("City")
       Session("State") = Request("State")
       Session("Zip") = Request("ZipCode")
       Session("Message") = Request("Message")
       Response.Redirect "formpage.asp?err=captcha"
    Else
    Set Mail = Server.CreateObject("Persits.MailSender")
    Mail.Host = "mail.example.net" 'specify valid SMTP host
    Mail.From = Request("EmailAddress") 'specify senders address
    Mail.FromName = Request("Name") 'specify senders name
    Mail.AddAddress "sales@example.net"                      
    'Mail.AddCC "admin@example.net"
    'Mail.AddCustomHeader "Return-Receipt-To: <sales@example.net>"
    'Mail.AddCustomHeader "Disposition-Notification-To: <sales@example.net>"  
    Mail.Subject = Request("Subject")
    'Build message body
    Body = "IP Address: " & Request.ServerVariables("REMOTE_HOST") & chr(13) & chr(10)
    Body = Body & "Daytime Phone No: " & Request("DaytimePhone") & chr(13) & chr(10)
    Body = Body & "Address: " & Request("StreetAddress") & chr(13) & chr(10)
    Body = Body & "City: " & Request("City") & chr(13) & chr(10)
    Body = Body & "State: " & Request("State") & chr(13) & chr(10)
    Body = Body & "Zip Code: " & Request("ZipCode") & chr(13) & chr(10)
    Body = Body & "Message: " & Request("Message") & chr(13) & chr(10)
 
    Mail.Body = Body ' assign string to Mail.Body
 
    On Error Resume Next
    Mail.Send()
    Set Mail = Nothing
    Response.Redirect("thankyou.htm")
    If Err <> 0 Then
      Response.Write "Error encountered: " & Err.Description
    End If
    End if
     Else %>
<script language="JavaScript" type="text/javascript">javascript: window.history.back(-1)</script>
<% End IF %>

Let me know if you have any questions or need more information.

b0lsc0tt
0
 
LVL 54

Expert Comment

by:b0lsc0tt
ID: 18020914
The form code for contact-us.asp could be the following:

<%
If Request.Querystring("err") = "captcha" then
%>
<div align="center">There was an error with the letters you entered.  Please look at the image in the form and type the letters you see.</div>
<%
End if
%>
<FORM ACTION="sendeform.asp" METHOD="POST" onsubmit="return validateForm(this)" name="Form1">
  <p><font face="Arial" size="2">Name </font>  
  <font face="Arial" size="2" color="#000080">(required)</font><br>
  <input type="text" name="Name" size="40" maxlength="70" value="<%= Session("name") %>">&nbsp;<br>
  <font face="Arial" size="2">  E-mail Address </font>
  <font face="Arial" size="2" color="#000080">(required)</font><font face="Arial" size="2"> </font>
   <font face="Arial" size="2">  <br>
    <input type="text" name="EmailAddress" size="35" maxlength="35" value="<%= Session("email") %>"><BR>
  </font>
   <font face="Arial" size="2">Subject</font><font face="Arial" size="2"><BR>
   </font>
   <select name="Subject" size="1">
   <option value="Other" <% If Session("subject") = "" then Response.Write "selected" %>>Please Select</option>
   <option value="Acceptable Use Violation" <% If Session("subject") = "Acceptable Use Violation" then Response.Write "selected" %>>Acceptable Use Violation</option>
   <option value="Billing Question" <% If Session("subject") = "Billing Question" then Response.Write "selected" %>>Billing Question</option>
   <option value="Custom Quote" <% If Session("subject") = "Custom Quote" then Response.Write "selected" %>>Custom Quote</option>
   <option value="Service Request" <% If Session("subject") = "Service Request" then Response.Write "selected" %>>Service Request</option>
   <option value="Technical Support" <% If Session("subject") = "Technical Support" then Response.Write "selected" %>>Technical Support</option>
   <option value="Web Site Access" <% If Session("subject") = "Web Site Access" then Response.Write "selected" %>>Web Site Access</option>
   </select><BR>

   <font face="Arial" size="2">Daytime Phone </font>
   <font face="Arial" size="2" color="#000080">(required)</font><font face="Arial" size="2"><BR>
   <INPUT maxLength="12" name="DaytimePhone" size="12" onfocus="doSubmit=false;"
    onblur="checkPhone(this);" onkeyup="phoneMask(this);" onkeydown="phoneMask(this);"
    value="<%= Session("DaytimePhone") %>"/><br>
  </font>
 
  <font face="Arial" size="2">Street Address</font><font face="Arial" size="2"><BR>  
   <INPUT TYPE="text" NAME="StreetAddress" SIZE="45" value="<%= Session("Address") %>" /><BR>  
  </font>
 
  <font face="Arial" size="2">City</font><font face="Arial" size="2"><BR><INPUT TYPE="text" NAME="City" SIZE="45" value="<%= Session("City") %>" /><BR>  
  </font>
 
  <font face="Arial" size="2">State</font><font face="Arial" size="2"><BR>  
  </font>
 
   <select name="State" size="1">
   <option value="FL" <% If Session("State") = "FL" then Response.Write "selected" %>>Please Select</option>
   <option value="FL" <% If Session("State") = "FL" then Response.Write "selected" %>>FLORIDA</option>
   <option value="GA" <% If Session("State") = "GA" then Response.Write "selected" %>>GEORGIA</option>
   <option value="TN" <% If Session("State") = "TN" then Response.Write "selected" %>>TENNESSEE</option>
   <option value="SC" <% If Session("State") = "SC" then Response.Write "selected" %>>SOUTH CAROLINA</option>
   <option value="NC" <% If Session("State") = "NC" then Response.Write "selected" %>>NORTH CAROLINA</option>
   </select><font face="Arial" size="2"><BR>  
  </font>
 
  <font face="Arial" size="2">Zip Code</font><font face="Arial" size="2"><BR><INPUT TYPE="text" NAME="ZipCode" SIZE="15" value="<%= Session("Zip") %>"><BR>  
  </font>
 
  <font face="Arial" size="2">Enter Question Here</font>
  <font face="Arial" size="2"><BR>
  <TEXTAREA COLS=50 ROWS=12 NAME="message"><%= Session("Message") %></TEXTAREA>
 
<!-- include the Web Wiz CAPTCHA form -->
<!--#include file="CAPTCHA/CAPTCHA_form_inc.asp" -->

  <INPUT TYPE="submit" VALUE="Only press once to send" />
  <INPUT TYPE="reset" VALUE="Clear" />  
  </font>
  </FORM>

This code will display an error message if CAPTCHA fails and will fill in the form fields using the session variables.

Let me know if you have any questions about any of this.

bol
0
 

Author Comment

by:TrueBlue
ID: 18021600
bol,

Well I am impressed!

Only one other question, is there a way to take this error and make it so that a popup message appears on top of the contact-us.asp page that the user just presses ok and then continues entering the correct code?

<%
If Request.Querystring("err") = "captcha" then
%>
<div align="center">There was an error with the letters you entered.  Please look at the image in the form and type the letters you see.</div>
<%
End if
%>

I just think the user may miss this message.

Thank you for your help.

Chuck
0
Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

 
LVL 54

Accepted Solution

by:
b0lsc0tt earned 500 total points
ID: 18021721
You can do that using javascript.  You could replace the part that is written if the If is true with script tags.  However if javascript isn't supported by the browser or disabled by the user then no message would appear.  I modified the code below with an example ...

<%
If Request.Querystring("err") = "captcha" then
%>
<script type="text/javascript">alert("There was an error with the letter you entered.  Please look at the image in the form and type the letters you see.");</script>
<%
End if
%>

I usually make this message more visible by changing the font color.  In most cases I will use red since it isn't used in other fonts on the page.  Since it is right above the form, red, and has room (i.e. padding or margin) it stands out.  This works even if javascript is not working.  A sample is below but you may need to adjust it depending on how the form fits in your page.

<%
If Request.Querystring("err") = "captcha" then
%>
<div align="center" style="color: red;">There was an error with the letters you entered.  Please look at the image in the form and type the letters you see.</div>
<%
End if
%>

bol
0
 
LVL 54

Expert Comment

by:b0lsc0tt
ID: 18023510
I'm glad that I could help you.  Thank you for the grade, the points and the fun question.  Hopefully this will cut down on the spam.

bol
0
 

Author Comment

by:TrueBlue
ID: 18026939
Bol,

I have one more question for you, please see the following link:

http://www.experts-exchange.com/Web/Web_Languages/ASP/Q_22074514.html

0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
Reading Date Settings from Server 6 49
Random function on ASP page not working 6 47
Syntax Help on SP 4 52
Summernote required 3 59
Hello, all! I just recently started using Microsoft's IIS 7.5 within Windows 7, as I just downloaded and installed the 90 day trial of Windows 7. (Got to love Microsoft for allowing 90 days) The main reason for downloading and testing Windows 7 is t…
Have you ever needed to get an ASP script to wait for a while? I have, just to let something else happen. Or in my case, to allow other stuff to happen while I was murdering my MySQL database with an update. The Original Issue This was written…
When you create an app prototype with Adobe XD, you can insert system screens -- sharing or Control Center, for example -- with just a few clicks. This video shows you how. You can take the full course on Experts Exchange at http://bit.ly/XDcourse.
This video demonstrates how to create an example email signature rule for a department in a company using CodeTwo Exchange Rules. The signature will be inserted beneath users' latest emails in conversations and will be displayed in users' Sent Items…

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now