|
|
Bot Blocker Form Submit Validator
Unfortunately, nowadays there are a lot of bots online that look for forms,
attempt to figure out what form fields are for what and attempt to submit the forms.
So, as you may have noticed a lot of web sites are starting implement a graphic code for a
human user to input into the form. These codes are made to inhibit a bot from automatically
submitting form data, thus validating that the user inputting the form is human and is a human
that genuinely wants to submit the form for what ever reason.
Most of those validation codes are graphics. The code below is not a graphic, but is encoded enough
that only a human could enter the code into the form. What it does is randomly pick six
characters that are either numbers or letters that will be either upper case or lower case.
Each character, through a formula, will be encrypted and reversed to display
a different character than what will be processed. There is a hidden form field that will contain
another validation code as well, but it will be a different value than what the user will be asked to input.
So, instead of messing around with creating a graphic for each number and letter, or creating a
bunch of other graphics, this will generate a completely new and unique string each time.
Plus to top it off, there is a JavaScript function that will keep a person from attempting
to copy and paste the validation string into the validation field.
This should be enough to black bots from spamming an email or guestbook from or posting to a blog.
One other cool thing about this code is that it is easy to modify whenever you feel like changing the algorithm.
For example, the sample code I provide and the running example are two slightly different formulas.
Whatever you do to produce the validation code, just do the opposite to check it.
Here is what it looks like (Go ahead and give it a try):
Here is the ASP code for this script:
<%
ValidChrs = ""
ChkValid = ""
IsErr = False
'Turn on random
Randomize Timer
'Create a six character validation code
'of only letters and numbers
For x = 0 to 5
'Lowest number is 48, Highest number is 122
RndNum = Int(Rnd * 74) + 48
GetNum = True
'Eliminate punctuation and characters
If RndNum >57 AND RndNum < 65 Then
x = x - 1
GetNum = False
End if
'Eliminate more punctuation and characters
If RndNum > 90 AND RndNum < 97 Then
x = x - 1
GetNum = False
End if
If GetNum = True Then
ValidChrs = ValidChrs & chr(RndNum)
' Add 42 to each number just to throw off the viewed numbers.
RndNum = RndNum + 42
'Hex the number
RndNum = Hex(RndNum)
While Len(RndNum) < 2
RndNum = "0" & CStr(RndNum)
Wend
' Reverse the order of the charcters
ChkValid = RndNum & " " & ChkValid
End If
Next
ChkValid = Replace(ChkValid," ","")
If Request("DoStuff") = "Check Code" Then
V = Request("V")
CV = Request("CV")
If Len(Trim(V)) <> 6 Then
IsErr = True
Else
'Unreverse checking string
For x = 6 to 1 step -1
'Get hex number
TheChr = Mid(CV,(x*2)-1,2)
'convert hex number back to integer
TheChr = Cint("&H" & TheChr)
'subtract 42
TheChr = TheChr - 42
'Generate VB escape character
TheChr = Chr(TheChr)
'Get input character
CVChr = Mid(V,Len(V)-(x-1),1)
'Compare
If CVChr <> TheChr Then
IsErr = True
End If
Next
End If
If IsErr = True Then
Response.Write "<b>The validation code you entered is not correct</b><br />"
Else
Response.Write "You entered a correct validation code.<br />"
End If
End If
%>
<form name="Validator" method="post" action="<%=Request.ServerVariables("URL")%>">
<input type="hidden" name="CV" value="<%=ChkValid%>">
Input this value:
<span id="ValidChrs"><i><%=ValidChrs%></i></span>
<input type="text" name="V" class="reg" size="5" value="" maxlength="6">
<input type="submit" name="DoStuff" value="Check Code">
</form>
<script language="JavaScript">
window.onload = function()
{
var element = document.getElementById('ValidChrs');
element.onselectstart = function () { return false; } // ie
element.onmousedown = function () { return false; } // mozilla
}
</script>