http://captchas.net http://captchas.net

Sample JSP Implementation

JSP Module

Do you read our HowTo?

The following example code shows the usage of CaptchasDotNet.java to use the service captchas.net. Note: The sample uses a session, which is handed over by cookies or, if the user has disabled cookies, attached to the url: check.jsp;jsessionid=xyz Please test your implementation also with cookies disabled in your Browser.

Stages

Quering

In general the process of using a CAPTCHA can be divided into two stages. First you have to query the user for the CAPTCHA, on that page you also usually let the user input the data, which has to be protected.

The following code query.jsp implements this querying phase.

<%--
 % Example for using the Webservice http://captchas.net 
 % Replace the required parameters 'demo' and 'secret' with the
 % values you receive upon http://captchas.net/registration/ .
 % 
 % Optional Parameters and Defaults:
 % 
 % alphabet: abcdefghkmnopqrstuvwxyz (Used characters in captcha)
 % We recommend alphabet without mistakable ijl
 % 
 % letters: 6 (Number of characters in captcha)
 % 
 % width: 240 (image width)
 % height: 80 (image height)
 % 
 % Don't forget the same settings in check.jsp
 --%>

<%@ page language="java" import="captchas.CaptchasDotNet" %>

<html>
  <head>
    <title>Sample JSP CAPTCHA Query</title>
  </head>
  <h1>Sample JSP CAPTCHA Query</h1>
<%
// Construct the captchas object (Default Values)
CaptchasDotNet captchas = new captchas.CaptchasDotNet(
  request.getSession(true),     // Ensure session
  "demo",                       // client
  "secret"                      // secret
  );
// Construct the captchas object (Extended example)
// CaptchasDotNet captchas = new captchas.CaptchasDotNet(
//  request.getSession(true),     // Ensure session
//  "demo",                       // client
//  "secret",                     // secret
//  "01",                         // alphabet
//  16,                           // letters
//  500,                          // width
//  80                            // height
//  );
%>
  <%-- 
   % encodeUrl produces jsessionid=xyz in case of disabled cookies
   % Please test your implementation also with disabled cookies
   --%>
  <form method="get" action="<%=response.encodeUrl("check.jsp")%>">
    <table>
      <tr>
        <td>
          Your message:</td><td><input name="message" size="60" />
        </td>
      </tr>
      <tr>
        <td>
          The CAPTCHA password:
        </td>
        <td>
          <input name="password" size="16" />
        </td>
      </tr>
      <tr>
        <td>
        </td>
        <td>
          <%-- 
           % it's possible to set a random in captchas.image("xyz"),
           % captchas.imageUrl("xyz") and captchas.audioUrl("xyz").
           % This is only needed at the first request
           --%>
          <%= captchas.image() %><br>
          <a href="<%= captchas.audioUrl() %>">Phonetic spelling (mp3)</a>
        </td>
      </tr>
      <tr>
        <td>
        </td>
        <td>
          <input type="submit" value="Submit" />
        </td>
      </tr>
    </table>
  </form>
</html>

Checking

The second part is to check, whether the user has input the correct letter sequence (as given by the CAPTCHA image or audio). If that is the case the protected operation can be performed. Otherwise the corresponding error message is to be output.

There are three different ways, in which a CAPTCHA check can fail:

The following script check.jsp implements this checking phase.

<%--
 % Example for using the free http://captchas.net Webservice
 % Documentation see http://captchas.net/sample/jsp/
 --%>

<%@ page language="java" import="captchas.CaptchasDotNet" %>

<html>
  <head>
    <title>Sample JSP CAPTCHA Query</title>
  </head>
  <h1>Sample JSP CAPTCHA Query</h1>
<%
// Construct the captchas object
// Use same settings as in query.jsp
CaptchasDotNet captchas = new captchas.CaptchasDotNet(
  request.getSession(true),     // Ensure session
  "demo",                       // client
  "secret"                      // secret
  );
// Read the form values
String message  = request.getParameter("message");
String password = request.getParameter("password");

// Check captcha
String body;
switch (captchas.check(password)) {
  case 's':
    body = "Session seems to be timed out or broken. ";
    body += "Please try again or report error to administrator.";
    break;
  case 'm':
    body = "Every CAPTCHA can only be used once. ";
    body += "The current CAPTCHA has already been used. ";
    body += "Please use back button and reload";
    break;
  case 'w':
    body = "You entered the wrong password. ";
    body += "Please use back button and try again. ";
    break;
  default:
    body = "Your message was verified to be entered by a human and is \"" + message + "\"";
    break;
}
%>
<%=body%>
</html>

XHTML 1.1 compliant A service of Felix Holderied and Sebastian Wilhelmi (Contact) mail@captchas.net