http://captchas.net http://captchas.net

Sample ASP Implementation

ASP Module

Have you read our HowTo?

We are providing a ASP module to simplify the task of writing a web application using captchas.net. It is named CaptchasDotNet.asp. To use it, simply copy it into the directory with the ASP-scripts using it. Also you have to download the JavaScript MD5 implementation file md5.js from Paul Johnston and place it in the same directory.

Stages

Quering

In general the process of using CAPTCHA can be divided into two stages. First you have to query the user for the CAPTCHA, on that page you also usually let the user input the data, which has to be protected, e.g. blog entries.

The following script query.asp implements this querying phase.

<!--#include file="CaptchasDotNet.asp" -->

<%
  ' Construct the captchas object.
  ' Required Parameters
  ' You receive this values upon registration at http://captchas.net.
  ' client: 
"demo"
  ' secret: 
"secret"
  ' Optional Parameters and defaults
  ' repository_prefix: 
"captchas_net_random/" (path to repository)
  ' cleanup_time: 
"3600" (max 1 hour between query and check)
  ' alphabet: 
"abcdefghijklmnopqrstuvwxyz" (Used characters in captcha)
  ' letters: 
"6" (Number of characters in captcha)
  ' width: 
"240" (image width)
  ' height: 
"80" (image height)

  Dim captchas
  Set captchas = CaptchasDotNet (
"demo","secret","","","abcdefghkmnopqrstuvwxyz","6","240","80")

  ' We recommend small letters without mistakable ijl:
  ' Set captchas = CaptchasDotNet (
"demo","secret","","","abcdefghkmnopqrstuvwxyz","","","")
  ' Don't forget same settings in check.asp
%>


<html>
  <head>
    <title>Sample ASP CAPTCHA Query</title>
  </head>
  <h1>Sample ASP CAPTCHA Query</h1>

  <form method="get" action="check.asp">
    <table>
      <tr>
        <td>
         <!-- Insert the random string as a hidden entry -->
         <input type="hidden" name="random"
            value=
"<% = captchas.random () %>" />
            Your message:</td><td><input name="message" size="60" />
        </td>
      </tr>
      <tr>
        <td>
          The CAPTCHA password:
        </td>
        <td>
          <input name="password" size="6" />
        </td>
      </tr>
      <tr>
        <td>
        </td>
        <td>
          <!-- Insert the CAPTCHA image and audio link-->
          <%= captchas.image () %>
          <br> <a href="<%= captchas.audio_url () %>">Phonetic spelling (mp3)</a>
        </td>
      </tr>
      <tr>
        <td>
        </td>
        <td>
           <input type="submit" value="Submit" />
        </td>
      </tr>
    </table>
  </form>
</html>

<%
  ' Delete the captchas object.
  Set captchas = Nothing
%>

Checking

The second part is to check, whether the user has input the correct letter sequence (as given by the CAPTCHA image or audio). If that is the case the protected operation can be performed. Otherwise the corresponding error message is to be output.

There are two ways, in which a CAPTCHA check can fail. The user can have simply input the wrong letters. But also the random string can have been used more than once. If you would allow a random string to be used multiple times, a human could find out the correct CAPTCHA letter sequence for one random string once and use that information to make a robot post non-human entries to your web application, which still would seem made by a human.

The following script check.asp implements this checking phase.

<!--#include file="CaptchasDotNet.asp" -->

<%
  ' Construct the captchas object. Replace 'demo' and 'secret' with
  ' the values you receive upon registration at http://captchas.net.
  Dim captchas
  ' Next line has to be the same as in query.asp
  Set captchas = CaptchasDotNet (
"demo","secret","","","abcdefghkmnopqrstuvwxyz","6","240","80")
%>


<html>
  <head>
    <title>Sample ASP CAPTCHA Check</title>
  </head>
  <h1>Sample ASP CAPTCHA Check</h1>

  <p>
    <!-- Check the random string to be valid and print an error
         message otherwise. If you use POST instead of GET, you have
         to replace Request.QueryString by Request.Form -->

    <% If Not captchas.validate (Request.QueryString("random")) Then %>
      Every CAPTCHA can only be used once. The current CAPTCHA has already
      been used. Try again.
    <!-- Check that the right CAPTCHA password has been entered and print
         an error message otherwise -->

    <% ElseIf Not captchas.verify (Request.QueryString("password"), Request.QueryString("random")) Then %>
      You entered the wrong password. Please use back button and reload.
    <!-- Otherwise print success message -->
    <% Else %>
      Your message was verified to be entered by a human and is
      "<%= Request.QueryString("message") %>".
    <% End If %>
  </p>

</html>

<%
  ' Delete the captchas object.
  Set captchas = Nothing
%>

Try it

You can also try the above scripts out yourself. Thanks to www.centurian.net.

XHTML 1.1 compliant A service of Felix Holderied and Sebastian Wilhelmi (Contact) mail@captchas.net