?
Solved

Captcha within formmail contact form

Posted on 2007-08-11
19
Medium Priority
?
2,730 Views
Last Modified: 2013-12-25
I have a simple contact form that like many others is receiveing spam through the form.  It is a standard html page on a linux server using sourceforge's secure version of formmail.pl (renamed reachme.pl because our servers ban formmail.pl name even if secure version).

How can I implement a captcha WITHIN the form so it appears as just another required field that must be completed before form submission?

Form htmlprogramming below:
**************************************
<form action="cgi-bin/reachme.pl" method="POST">
  <input type="hidden" name="recipient" value="bill@bestsdomain.com"><input type="hidden"
  name="return_link_url" value="http://www.bestsdomain.com"><input type="hidden"
  name="return_link_title" value="Back to Home Page"><input type="hidden" name="required"
  value="realname,email"><input type="hidden" name="subject"
  value="Best Information Form Submission"><div align="center"><center><table border="0">
    <tr>
      <td align="right"><em><strong><font color="#F4DC00">*</font><font color="#1AB0C6">Name:</font></strong></em></td>
      <td><input type="text" size="35" name="realname"> </td>
    </tr>
    <tr>
      <td align="right"><em><strong><font color="#1AB0C6">Company Name:</font></strong></em></td>
      <td><input type="text" size="45" name="Company_Name"> </td>
    </tr>
    <tr>
      <td align="right"><font color="#1AB0C6"><em><strong>Street address:</strong></em></font></td>
      <td><input type="text" size="50" name="Address"> </td>
    </tr>
    <tr>
      <td align="right"><font color="#1AB0C6"><em><strong>Suite:</strong></em></font></td>
      <td><input type="text" size="15" name="Suite"> </td>
    </tr>
    <tr>
      <td align="right"><font color="#1AB0C6"><em><strong>City:</strong></em></font></td>
      <td><input type="text" size="35" name="City"> </td>
    </tr>
    <tr>
      <td align="right"><font color="#1AB0C6"><em><strong>State/Province:</strong></em></font></td>
      <td><input type="text" size="2" name="State"> </td>
    </tr>
    <tr>
      <td align="right"><font color="#1AB0C6"><em><strong>Zip/Postal code:</strong></em></font></td>
      <td><input type="text" size="12" maxlength="12" name="Zip"> </td>
    </tr>
    <tr>
      <td align="right"><font color="#1AB0C6"><em><strong>Work Phone:</strong></em></font></td>
      <td><input type="text" size="20" maxlength="25" name="Phone_Work"> </td>
    </tr>
    <tr>
      <td align="right"><font color="#1AB0C6"><em><strong>Home Phone:</strong></em></font></td>
      <td><input type="text" size="20" maxlength="25" name="Phone_Home"> </td>
    </tr>
    <tr>
      <td align="right"><font color="#1AB0C6"><em><strong>FAX:</strong></em></font></td>
      <td><input type="text" size="20" maxlength="25" name="Fax"> </td>
    </tr>
    <tr>
      <td align="right"><em><strong><font color="#F4DC00">*</font><font color="#1AB0C6">E-mail:</font></strong></em></td>
      <td><input type="text" size="25" name="email"> </td>
    </tr>
    <tr>
      <td align="right"><font color="#1AB0C6"><em><strong>Comments &amp; Questions:</strong></em></font></td>
      <td><textarea name="Comments" rows="5" cols="50"></textarea></td>
    </tr>
  </table>
  </center></div><div align="center"><center><p><input type="submit" value="Submit"> <input
  type="reset" value="Clear"> </p>
  </center></div>
</form>

*************************************

Thanks, HB
0
Comment
Question by:hbogie
  • 6
  • 5
  • 4
  • +3
18 Comments
 
LVL 17

Expert Comment

by:mjcoyne
ID: 19678005
0
 
LVL 28

Expert Comment

by:FishMonger
ID: 19678378
A major factor why you're receiving the spam are your hidden fields.  It's really bad practice to have your recipient, subject, and return url to be hidden fields.  That's a perfect doorway for spammers to hijack your form.  You really should remove those from the form and code them into the script.
0
 

Author Comment

by:hbogie
ID: 19679407
I am sorry, but I have seen this site, and after reading all the discussion about including the verification in the actual form, it then throws that idea out and ends up building a simple separate verification page BEFORE ever getting to the form, causing the form user to have to go through 2 pages.  This is exaclty what I DO NOT WANT.

I am looking for help embedding the script or code lines and whatever other files may be needed to add to the server so that I can include the captcha WITHIN the existing html form as it exists using the nms formmail.pl script.

Can anyone help?

Thanks, HB
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 
LVL 28

Expert Comment

by:FishMonger
ID: 19679699
I haven't done any work using captcha, but have you looked at some of the related cpan modules?
http://search.cpan.org/search?m=all&q=captcha&s=1

This one looks promising and is what I'd try first.
http://search.cpan.org/~burak/GD-SecurityImage-1.64/lib/GD/SecurityImage.pm
0
 

Author Comment

by:hbogie
ID: 19679721
I have looked at CPAN.  Pardon me, but the information is so disjointed that I cannot figure out what to use within the form and what I have to download.  I was looking for a direct answer rather than some self-help...since I have not been able to figure it out.  The perl answer may not exist, that is what I am asking.

I will increase the points...can you take my above code and alter it to include the captcha so I can cut-paste, and tell me whatever other files I may need to upload to the server along with this revised code to make it work.

Thanks, HB
0
 
LVL 17

Accepted Solution

by:
mjcoyne earned 672 total points
ID: 19680016
Sorry -- I was pretty sure that the tutorial I linked to had what you wanted -- a fill in form requiring a captcha verification, all on one page and part of the same form -- right here: http://www.captcha.biz/captcha-form-example/form-and-captcha.html
0
 

Author Comment

by:hbogie
ID: 19680203
I am really not trying to be difficult.  Yes it has it there, but it involves a php page that I also need to get set up.  The site does not do that...unless I am missing something easy here.
0
 
LVL 28

Assisted Solution

by:FishMonger
FishMonger earned 664 total points
ID: 19680448
The part that's missing is your understanding of the overall process and/or the parts needed.

You need a script that generates the captcha, which could be written in Perl, or PHP, or ASP, etc.
You need a form that displays that captcha.
You need a script that process the form submission, part of which is validating the captcha.

The first 2 can and IMO should be combined into 1 script instead of a static html and a script called via an img tag.

The script that processes the form submission needs 2 things to validate the captcha, 1) the original value used in the captcha that it generated to compare with the submitted one, 2) a method to confirm that the person submitting the form is the same person that requested the form.  The most common method used to accomplish that is the use of server side session variables.
0
 

Author Comment

by:hbogie
ID: 19680665
I think I understand my problem now, and I am not well versed in either PERL or PHP.

I have increased the points....  Can anyone supply me with the altered/combined scripts and changes to my form listed above to accomplish my goal?

Thanks, HB
0
 
LVL 28

Expert Comment

by:FishMonger
ID: 19680999
Unfortunately, due to you're current experience level and your requirements, I think the best we can do is to suggest that you subcontract this project out to a person that has the proper knowledge and experience.  We are happy to assist in areas that you need, but what you're asking is beyond the scope of what EE was designed to provide.  You could try "Rent A Coder".  http://www.rentacoder.com/RentACoder/default.asp

If that isn't the direction you want, then possibly someone here has enough free time that they are willing to donate to develop a complete solution for you.
0
 

Author Comment

by:hbogie
ID: 19681033
Thanks for your help anyway.  I will give them a try.  Looking at the reCaptcha Forum, it looks like there is NOT an easy solution as of yet.  I may just need to switch form mail handler to php to solve the problem.

Probably a better overall solution anyway.
0
 
LVL 28

Expert Comment

by:FishMonger
ID: 19681119
You can use Perl or PHP or any other scripting language you wish.  As long as the person knows what they are doing, the solution from any of the languages can be equally as good, it would only boil down to differences in syntax.  If the person isn't very experienced, you could be left in worse shape than you are now, no matter which language is used.
0
 
LVL 17

Expert Comment

by:mjcoyne
ID: 19682236
You might also consider the reCAPTCHA project offered by Carnegie Mellon University (the guys who invented CAPTCHA in the first place).  It's free, and once you sign up, you'll have a piece of JavaScript code that you can insert in your page that'll add a captcha form to your existing form.  All the difficult parts (creating the challenge, processing the response, generating the images, etc.) are already dealt with by Carnegie Mellon University's servers.

I just created an account with this project to look around.  It appears they offer a quite workable and easily implemented solution...

See http://recaptcha.net/whyrecaptcha.html.
0
 
LVL 17

Expert Comment

by:mjcoyne
ID: 19682248
I see from your prior post that you've looked a bit at the reCAPTCHA project, and apparently found it lacking.  Why is that?  It seemed a quite workable solution to me; no harder than adding a hit counter to an HTML page...
0
 

Author Comment

by:hbogie
ID: 19683309
I did get it all set up from reCaptcha, but it allows the email to be sent even if the user entry is wrong or blank.  It does not seem to do the verification part. Maybe I missed that piece.  Here is the test page that shows the captcha, but allows wrong entry.  Did I miss a small piece?

http://www.bestrestaurant.com/contact-captcha.htm
0
 
LVL 8

Assisted Solution

by:radnor
radnor earned 664 total points
ID: 19683644
Hbogie,

Fish is correct in the 2nd or 3rd reply.  You should get all of the hidden fields out you can.  

Here is what I did when someone clicks my contact form:
1. create a session. generate a random code.  generate the graphic of the code
2. display my form
3. The "ACTION" verify the code to the session var.  If they are not the same, display an OOPS page and redirect them to the form (and fill it with what they typed in).  If the codes are the same now I process ALL input fields.  I look for any header info someone could have inserted and remove it.  PHP will then send me the info...  

With info like this:
 [name="recipient" value="bill@bestsdomain.com"]
view source and I have a good email addy to spam you with.
0
 
LVL 1

Expert Comment

by:Computer101
ID: 20246319
Forced accept.

Computer101
EE Admin
0
 
LVL 2

Expert Comment

by:Michael
ID: 20962948
CAPTCHA email form
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Find out what you should include to make the best professional email signature for your organization.
Originally, this post was published on Monitis Blog, you can check it here . Websites are getting bigger and more complicated by the day. Video, images and custom fonts are all great for showcasing your product or service. But the price to pay in…
The viewer will learn the benefit of using external CSS files and the relationship between class and ID selectors. Create your external css file by saving it as style.css then set up your style tags: (CODE) Reference the nav tag and set your prop…
In this fourth video of the Xpdf series, we discuss and demonstrate the PDFinfo utility, which retrieves the contents of a PDF's Info Dictionary, as well as some other information, including the page count. We show how to isolate the page count in a…
Suggested Courses
Course of the Month16 days, 18 hours left to enroll

862 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question