Home

Projects
Password Generator
Virtual Brain Online
ION Fire Mode Switch
Work Order TS
EvE Prod Calc
CAPTCHAv2
User-Agnet/IP
md5/sha1
Mirko's Admin Kit

Virtual Brain Online Logo

Bookmark: Root \ CAPTCHAv2 \ How can CAPTCHAv2 be used to protect a comment form

How can CAPTCHAv2 be used to protect a comment form


Last Updated: 2009-07-06

Once you have installed CAPTCHAv2 and added a few questions you are ready to use it.
Like the last guide, this one will assume that you installed everything into /captchav2/

All forms which allow users to submit information work the same way. First the form is presented where the user needs to enter his/her information. Then the form is transmitted to the server via GET or POST. After validating the user's input the form is added to the database or emailed out.

CAPTCHAv2 needs to be integrated into the form generation part and in between input validation and further processing.

I will use the code below for this example. This should be simple enough for anybody to understand and work with.

<?PHP
if( isset($_POST['message']) == false )
{
	echo '<form method="post" action="">
		Please enter your message below, then click submit

		<input type="text" name="message" value="" />

		<input type="submit" name="submit" value="Submit" />
		</form>';
	
} else {
	echo "Your message is {$_POST['message']}";
} ?>

As you can see there is no protection here and any bot can submit SPAM/garbage to this form.
Time to fight back against spammers and implement CAPTCHAv2 and here is how.
The above code is saved to your document root so it can be reached via http://www.youserver.local/message.php and the CAPTCHAv2 files are in http://www.youserver.local/captchav2/

So all you need to do now is include the classes and create the object like this:
<?PHP
$inc_dir = 'captchav2/'; //How to find the captcha files relative to the current file
require_once $inc_dir.'class_sql.php'; //Include required file
require_once $inc_dir.'class_captcha.php'; //Include required file
$captcha = new captcha( $inc_dir, 'eng' ); //Create captcha object
$captcha->block_abuse(); //Add to .htaccess after too many invalid submits.

if( isset($_POST['message']) == false )
{
	echo '<form method="post" action="">
		Please enter your message below, then click submit

		<input type="text" name="message" value="" />

		
		Please answer the question below to verify that you are not a computer program, thank you.

		Question: <strong>'.$captcha->select_captcha().'</strong>

		Answer: <input type="text" size="30" maxlength="100" name="cap_solution" value="" />

		
		<input type="submit" name="submit" value="Submit" />
		</form>';
} else {
	//Now check that the correct human test answer was given
	if( isset($_REQUEST['cap_solution']) == true ) $solution = $_REQUEST['cap_solution']; else $solution = Null;
	if( $captcha->is_answer_valid($solution) === false )
	{
		die('You supplied an incorrect answer, please try again');
	}

	echo "Your message is {$_POST['message']}";
} ?>

And that is it, this form is now protected. Let's take a look what each block does...
  • The first line of this block specifies where the CAPTCHAv2 files are located in relation to message.php
    If the file is located in http://www.localhost.local/dir123/dir456/message.php then $inc_dir should be
    $inc_dir = '../../captchav2';
  • The next two lines tell PHP to include the contents and don't need to be changes.
  • The next line creates the $captcha object and gives you access to questions, answers and IP blocking capability. The captcha object requires the $inc_dir variable as its first argument and the language. The current release, v0.8, does not come with the language tables yet but later releases will. Check the CAPTCHAv2 multi language guide for details.
  • $captcha->block_abuse() will check the database for too many invalid CAPTCHA answers and add the user's IP to the .htaccess file if the limit is reached. You can move this line to a different location if you like BUT it has to be somewhere below the line creating the object.
$inc_dir = 'captchav2/'; //How to find the captcha files relative to the current file
require_once $inc_dir.'class_sql.php'; //Include required file
require_once $inc_dir.'class_captcha.php'; //Include required file
$captcha = new captcha( $inc_dir, 'eng' ); //Create captcha object
$captcha->block_abuse(); //Add to .htaccess after too many invalid submits.

  • This block generates the question and can be placed anywhere inside the <form></form>tags.
	Please answer the question below to verify that you are not a computer program, thank you.

	Question: <strong>'.$captcha->select_captcha().'</strong>

	Answer: <input type="text" size="30" maxlength="100" name="cap_solution" value="" />

  • The last block will check the user's answer. It will automatically increment the counter keeping track of invalid answers and issue an error message if the answer is invalid. Note: is_answer_valid() will return boolean true if the answer given is valid or blooean false if the answer is invalid.
  • You may want to customize the message presented to the user inside the die().
	//Now check that the correct human test answer was given
	if( isset($_REQUEST['cap_solution']) == true ) $solution = $_REQUEST['cap_solution']; else $solution = Null;
	if( $captcha->is_answer_valid($solution) === false )
	{
		die('You supplied an incorrect answer, please try again');
	}

I hope that the above explains howto implement CAPTCHAv2. Please use the Contact form or ask in the forum if you have any questions.

 

User Comments:

No Comments yet .....

 

Add Your Comment:

Note: All posts require administrator approval. Please allow 24 hours for message approval.

Name:
E-Mail:
Title
Plain text only, less then 65 000 characters.

Please write the following string into the box below: QWERTY

Please answer the question above and type the answer into the text box below.