Developer forum

Forum » Templates » human verifier in forms

human verifier in forms

E-mail notifications

Reply
Posted on 28/06/2010 15:15:34
Hi
I have a form in DW which receives A LOT of spam. I want to insert a script to determine that it is a human that replies on my form. http://www.captcha.net/ is the script. But i cannot insert the code inside <form> </form>. Please help

Replies

 
Nicolai Høeg Pedersen
Posted on 30/06/2010 17:08:37
Reply

Here is a solution which accomplish that using reCaptcha:

First insert a div tag in the form and add the captcha interface using jQuery:

<script type="text/javascript" src="http://www.google.com/recaptcha/api/js/recaptcha_ajax.js"></script>
<script type="text/javascript">
 try {
  var sendBtn = document.postform18.send;
  if (sendBtn) {
   $(sendBtn).before('<div id="recaptcha_div"></div>');
 
   Recaptcha.create("6Le_KLsSAAAAAMi....", "recaptcha_div", {
    theme: "red"
   });
  }
 }
 catch (err) { }
</script>


Then create a notification subscriber that handles the post and verifies that the captcha is ok:

Imports Dynamicweb.Frontend
Imports Dynamicweb.Extensibility
Imports System.Net
Imports System.IO

<Subscribe(Notifications.Standard.Application.BeginRequest)> _
Public Class reCaptcha
 Inherits NotificationSubscriber

 Public Overrides Sub OnNotify(ByVal notification As String, ByVal args As NotificationArgs)
  'TODO: Add code here
  Dim BeginRequestArgs As Notifications.Standard.Application.BeginRequestArgs = DirectCast(args, Notifications.Standard.Application.BeginRequestArgs)
  Dim app As HttpApplication = CType(BeginRequestArgs.sender, HttpApplication)

  If app.Request.Path.ToLower = "/admin/public/formmail.aspx" AndAlso Base.ChkInteger(Base.Request("FormID")) = 18 Then
   Dim isValid As Boolean = GetCaptchaRespone()
   If Not isValid Then
    'Base.we(HttpContext.Current.Request.UrlReferrer.ToString())
    HttpContext.Current.Response.Redirect(HttpContext.Current.Request.UrlReferrer.ToString())
   End If
  End If
 End Sub

 Private Function GetCaptchaRespone() As Boolean
  Dim postData As String = "privatekey=6Le_KLsSAAAAANNhC1K-..."
  postData += "&remoteip=" & HttpContext.Current.Server.UrlEncode(HttpContext.Current.Request.UserHostAddress)
  postData += "&challenge=" & HttpContext.Current.Server.UrlEncode(Base.Request("recaptcha_challenge_field"))
  postData += "&response=" & HttpContext.Current.Server.UrlEncode(Base.Request("recaptcha_response_field"))
  Return GetResponse(postData).StartsWith("true", StringComparison.InvariantCultureIgnoreCase)
 End Function

 Private Function GetResponse(ByVal postData As String) As String

  Dim useURL As String = "http://www.google.com/recaptcha/api/verify"

  Dim objRequest As WebRequest = WebRequest.Create(useURL)
  objRequest.Timeout = 6000 'In milliseconds - in this case 6 seconds
  objRequest.Method = "POST"
  objRequest.ContentLength = postData.Length
  objRequest.ContentType = "application/x-www-form-urlencoded"

  'Create an instance of the StreamWriter class and attach the WebRequest object to it
  Dim postWriter As StreamWriter = New StreamWriter(objRequest.GetRequestStream())
  postWriter.Write(postData)
  postWriter.Close()

  'Create an instance of the WebResponse class and get the output to the rawOutput string
  Dim objResponse As WebResponse = objRequest.GetResponse()
  Dim sr As StreamReader = New StreamReader(objResponse.GetResponseStream())
  Dim rawOutput As String = sr.ReadToEnd()
  sr.Close()
  Return rawOutput
 End Function
End Class

 
Posted on 16/11/2010 10:33:35
Reply
Is there any chance that this "notification subscriber" could become a standard feature?

The form module, really lacks "out-of-the-box" spam protection...
 
Nicolai Høeg Pedersen
Posted on 16/11/2010 10:39:07
Reply
The old forms module has one which can be enabled in Management Center, Web and HTTP, Security.

With 7.2 this is also enabled for forms in the new forms module.

It is not a "Captcha" implementation since EVERY usability study suggests not using it. And it is not needed anyways - its relatively simple to do spam protection without it. Maybe not 100% but 99% is also close - and you do not loose your potential form posts because people can read the captcha etc.
 
Casper Stendal
Posted on 10/11/2011 14:51:08
Reply

Hi Nicolai

How would you "in best practise" implement spam protection on af DW formular, without using captcha?

Best regards
Casper
 

 
Casper Stendal
Posted on 10/11/2011 15:13:35
Reply

Fond this very nice solution, that we'll test:
http://stackoverflow.com/questions/2230453/spam-prevention-reduction-contact-form


Summarry:
Provide a text field that is hidden from human users with style="display: none", but with an enticing name like email. Most bots will fill in something in this field, but humans can't see it so they wont. At the server, just make sure the field is empty, else treat the submission as spam.

This could eventually be enhanced futher, by removing the display:none from the HTML and instead setting the display:none by a simple line of javascript.

 

You must be logged in to post in the forum