« Flash e AS3: un contatore | Main | Poste Italiane ancora sotto Phishing »
Easy captcha without javascript images and math
By Merlinox | September 12, 2007
An easy captcha without javascript, without images, without math. Only a few of CSS and a few of server side (coldfusion) programming: a walkover!
Let’s go!
We can begin with a simple standard FORM.
<form name="frm_xxx" action="reg.cfm" method="post">
Nome <input type="text" name="name"><br />
Sito <input type="text" name="site"><br />
Mail <input type="text" name="email"><br />
Commento<br>
<textarea name="comment"></textarea>
</form>
What a spam spider do?
It reads page, reads input fields, sends form act http.referrer and inserts some value (spam) into every fields. Perfect!
Let the spider plays its game!
We insert an hidden input with CSS. Human users don’t see it, spider sees it.
<!— SYSTEM WITH "NON TRADITIONAL" CAPTHA —>
<div style="visibility:hidden">
Please don’t insert text in the input below. If you do it you can’t comment. <br />
<input type="text" name="hiddenCaptcha" value="" style="width:1px;height:1px;font-size:1px;" />
</div>
To hidden it we use a few of CSS code, inline on HTML or we can use a simply class and apply it on DIV or on INPUT…
Pay attention: don’t use
display:none
With "display:none" input isn’t sent to destination page!!! (reg.cfm).
Another few seconds. We create a check (server-side) on destination page (reg.cmf): form is OK only when hiddenCaptcha exists and is empty ("").
<cfif not(isDefined("form.hiddenCaptcha") and form.hiddenCaptcha is "")>
Attention! Form wrong!
<cfabort>
</cfif>
Php version (by DvD):
if ( (array_key_exists("campoNascosto",$_POST)))
{
if ($_POST["campoNascosto"]<>"")
{
die ("Attenzione. Modulo non registrabile!");
}
Asp (old asp) version:
<%
function existsFormParam(name)
existsFormParam = (Request.Form(name).Count = 1)
end function
if (existsFormParam("captcha") and Request.Form("captcha") = "") then
Response.write("ok")
else
Response.write("no")
end if
%>
Et voilà, le jeux sont fait: I tested it from 2 months without a spam comment. Only some comment from really spam users 
This kind of captcha works on system without javascript too!!!
Thanks to Thisistoboring for his comment on Digg 
Tags: captcha, coldfusion, javascript
Post simili
April 26th, 2007 at 3:36 pm
it works even with black berry original browser!
great thing merlinox
April 26th, 2007 at 3:42 pm
Thanks baby!
April 27th, 2007 at 11:13 am
Good work MrX! I hope some other implement this idea in its software!
In my blog on blogspot (some of) my friends don’t send me their comment because they don’t understand captcha
[and they don't are various skillful (handicapped - I hope it's saying so...)!]
P.S. In Digg I write 2 time to match captcha - Here nothing!!!
April 27th, 2007 at 11:21 am
@dvd: I’m very happy. I’m not the only one who wrongs inserting captcha…
I hate them.
February 28th, 2008 at 9:42 am
[...] you don’t use wordpress read how create an hiddy system on your [...]