captcha

[Brad Rice]

Has anybody been able to get captcha to work on forms? I have this in my form:

 <div id="captcha_div">

<input type="hidden" id="useCaptcha" name=" useCaptcha" value="true" />

<input type="hidden" id="invalidCaptchaReturnUrl" name="invalidCaptchaReturnUrl" value="$VTLSERVLET_URI" />

<img src="/Captcha.jpg?${math.getRandom()}" style="margin:0px 15px 15px 0px;">

<label for="captcha">*Validate Image:</label>

<input id="captcha" name="captcha" class="form-control" type="text" data-parsley-required >

</div>

Regardless of what I enter, it puts the form through.

--

Brad Rice
brad...@gmail.com
--

“Be curious. Read widely. Try new things. What people call intelligence just boils down to curiosity.”

- Aaron Swartz

[Scudder]

Hi Brad,

Not certain this will help but what I did was use the Dotcms Form Builder/Structure with a custom field - added custom fields that contained this code for example:

Image Validation

<input type="hidden" id="useCaptcha" name=" useCaptcha" value="true" />

<input type="hidden" id="invalidCaptchaReturnUrl" name="invalidCaptchaReturnUrl"value="<< URL TO THE YOUR FORM >>" />

To Show the Captcha Image

<img src="/Captcha.jpg?${math.getRandom()}" style="margin:0px 15px 15px 0px;">

<label for="captcha">*Validate Image:</label> 

This example above is found in documentation here http://dotcms.com/docs/latest/CaptchaFormValidation   (docs are not completely clear is that you can use it in a custom field). 

In any case this worked for us.

Best,

js

[Falzone, Chris]

name=" useCaptcha" 

There is a space in there.  Perhaps a typo on the docs?

--
You received this message because you are subscribed to the Google Groups "Dotcms User Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to dotcms+un...@googlegroups.com.
To post to this group, send email to dot...@googlegroups.com.
Visit this group at http://groups.google.com/group/dotcms.
For more options, visit https://groups.google.com/d/optout.

--

Christopher Falzone

Interactive Developer

A Q U E N T

Digital, Creative, and Marketing Talent

aquent.com

cfal...@aquent.com

[Brad Rice]

That was it Chris. Now I notice another problem. It appears that when the captcha is wrong it deletes all the other form entries, so that is sort of not too user friendly.

[Falzone, Chris]

WHA!?  That doesn't sound right.  If you can construct a reproducible case, Report that in github.

[Kivi Shapiro]

Hi Brad,

We've stopped using CAPTCHA altogether in favour of honeypots (http://haacked.com/archive/2007/09/11/honeypot-captcha.aspx/).  Easy and accessible for users and highly effective.  Easy to implement in Dotcms too:

1. Add a field to your structure with an enticing name like "URL" or "Website".
2. Make it required.
3. Give it a regex that can only be satisfied with one particular value, e.g. "blue".  For added userfriendliness you can make it case-insensitive e.g. "[Bb][Ll][Uu][Ee]".
4. In the label, ask users a question that they will answer with the value given, e.g. "Sorry, just checking that you're a person.  What colour is the sky?"

One enhancement we've played with is to use JavaScript to fill in the field and hide it, so the user doesn't see or have to do anything at all.  This is susceptible to spambots that can run JavaScript, but to us the usability tradeoff is worth it and we haven't been visited by any of those spambots anyway.

Kivi Shapiro
Qualicom Innovations

[Falzone, Chris]

we use something similar, though we check for anything in the field and consider it spam .. uses my own handler though to check for a value in the field and reject the lead if it is filled in.

[Kivi Shapiro]

We started that way too.  You can do this without a custom handler:  just set the regex to an impossibility such as "\B\b" and Dotcms will automatically discard the submissions.

The caveat with this approach is that if a spambot happens not to fall in the honeypot, and fills in other fields but not that one, then you still get the spam.  In our case this reduced the spam somewhat but not completely--we've had better results with the other approach.  Of course this could be for other reasons--some spambots are sophisticated enough to tell when a field is invisible to humans and they leave those ones blank.

Kivi

[Falzone, Chris]

Yeah, but just a text field in a hidden div has eliminated like 95% or moew of our spam.  

[Brad Rice]

Thanks both of you. I found Kivi's method is pretty nice and I like the idea of a hidden field that if it is filled will reject the submission. I found that if you put a hidden field in with a regex of ^$ works. If there is any text at all in that field, the form will not submit, so it is a honeypot without a custom handler. Of course there is no such thing as a regex for a hidden field, so I create a text field and then add the regex and hide it in my custom form.

[Alex M]

Brad -

How did you make it work with the javascript of the legacy form?

Thanks,

Alex

[Brad Rice]

I was working with a custom Submit Content form. If you are going to use legacy form that isn't submitting. you would have to do some other form of validation on the honeypot field.