ASP Classic Form CAPTCHA VBScript Code Example (BotDetect ASP v4.x; discontinued)

The ASP Classic Form Captcha code example shows how to add BotDetect CAPTCHA protection to a typical ASP form.

Captcha validation is integrated with other form fields validation, and only submissions that meet all validation criteria are accepted.

If the Captcha is successfully solved but other field validation fails, the Captcha is hidden since the users have already proven they are human.

This kind of validation could be used on various types of public forms which accept messages, and are at risk of unwanted automated submissions.

For example, it could be used to ensure bots can't submit anything to a contact form, add guestbook entries, blog post comments or anonymous message board / forum replies.

Download the BotDetect Classic ASP CAPTCHA Component and run this example

Installed Location

By default, the Classic ASP form Captcha code example is installed at:
C:\Program Files\Captcha Inc\BotDetect 4 CAPTCHA Component\Asp\WebApp\AspFormCaptchaExample

You can also run it from the BotDetect Start Menu:
Programs > Captcha Inc > BotDetect 4 CAPTCHA Component > ASP > Web Applications > Run

Default.asp

<!-- #include file ="BotDetect.asp" --> 
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> 

<html xmlns="http://www.w3.org/1999/xhtml" > 
<head> 
  <title>BotDetect ASP Classic CAPTCHA Validation: ASP Form CAPTCHA Code Example< 
  /title> 
  <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> 
  <link type="text/css" rel="Stylesheet" href="<%= CaptchaUrls.LayoutStylesheetUrl() %>" /> 
  <link type="text/css" rel="Stylesheet" href="StyleSheet.css" /> 
</head> 
<body> 
  <form method="post" action="ProcessForm.asp" class="column" id="form1"> 
    <h1>BotDetect ASP Classic CAPTCHA Validation: 
    <br /> ASP Form CAPTCHA Code Example</h1> 
    
    <h2>Add Message</h2> 
    
    <fieldset> 
      <legend>CAPTCHA included in ASP form validation</legend> 
      
      <div class="input"> 
        <label for="Name">Name:</label> 
        <input type="text" name="Name" id="Name" class="textbox" value="<%=Request("Name") %>" /> 
        <% ' name validation failed, show error message 
        If Request("nameValid") = "False" Then %> 
          <span class="incorrect">*</span><% 
        End If 
      %> 
      </div> 
      
      <div class="input"> 
        <label for="Email">Email:</label> 
        <input type="text" name="Email" id="Email" class="textbox" value="<%=Request("Email") %>" /> 
        <% ' email validation failed, show error message 
        If Request("emailValid") = "False" Then %> 
          <span class="incorrect">*</span><% 
        End If 
      %> 
      </div> 
      
      <div class="input"> 
        <label for="Message">Short message:</label> 
        <textarea class="inputbox" id="Message" name="Message" rows="5" 
        cols="40"><%=Request("Message") %></textarea> 
        <% ' message validation failed, show error message 
        If Request("messageValid") = "False" Then %> 
          <span class="incorrect">*</span><% 
        End If 
      %> 
      </div> 
        
      <div class="input"> 
        <% ' Adding BotDetect CAPTCHA to the page  
          Dim FormCaptcha : Set FormCaptcha = (New Captcha)("FormCaptcha") 
          FormCaptcha.UserInputID = "CaptchaCode" 
          
          If Not FormCaptcha.IsSolved Then %> 
            <label for="CaptchaCode">Retype the characters from the picture:</label> 
            <%=FormCaptcha.Html %> 
            <input type="text" name="CaptchaCode" id="CaptchaCode" 
            class="textbox" /><% 
            ' CAPTCHA validation failed, show error message 
            If Request("captchaValid") = "False" Then %> 
              <span class="incorrect">*</span><% 
            End If 
          End If 
        %> 
      </div> 
      <input type="submit" name="SubmitButton" id="SubmitButton" value="Submit" /> 
    </fieldset> 
    
    <br /> 
    
    <p class="navigation"><a href="Messages.asp">View Messages</a></p> 

  </form> 
</body> 
</html> 

As explained in the ASP Classic form Captcha howto guide, the Captcha object generates the Html markup required to show the Captcha image and the Captcha sound / reload buttons.

To hide the Captcha challenge after the user solves it, the Captcha object's Html value is only added to the page if not already solved (If Not LoginCaptcha.IsSolved Then ...)

ProcessForm.asp

<!-- #include file ="BotDetect.asp" --> 
<% 
  Dim form_page : form_page = "Default.asp" 
  Dim view_page : view_page = "Messages.asp" 
  
  'directly accessing this script is an error 
  If Not Request.ServerVariables("REQUEST_METHOD") = "POST" Then 
    Response.Redirect form_page 
  End If 

  ' sumbitted data 
  Dim name : name = Request("name") 
  Dim email : email = Request("email") 
  Dim message : message = Request("message") 
  form_page = form_page & "?name=" & Server.URLEncode(name) 
  & "&email=" & Server.URLEncode(email) & "&message=" & Server.URLEncode(message) 

  ' total form validation result 
  Dim isPageValid : isPageValid = True 
  
  ' Captcha validation  
  Dim FormCaptcha : Set FormCaptcha = (New Captcha)("FormCaptcha") 
  FormCaptcha.UserInputID = "CaptchaCode" 
  If Not FormCaptcha.IsSolved Then 
    Dim isHuman : isHuman = FormCaptcha.Validate() 
    isPageValid = isPageValid And isHuman 
    form_page = form_page & "&captchaValid=" & isHuman 
  End If 
  
  ' name validation 
  Dim isNameValid : isNameValid = ValidateName(name) 
  isPageValid = isPageValid And isNameValid 
  form_page = form_page & "&nameValid=" & isNameValid 
  
  ' email validation 
  Dim isEmailValid : isEmailValid = ValidateEmail(email) 
  isPageValid = isPageValid And isEmailValid 
  form_page = form_page & "&emailValid=" & isEmailValid 
  
  ' message validation 
  Dim isMessageValid : isMessageValid = ValidateMessage(Message) 
  isPageValid = isPageValid And isMessageValid 
  form_page = form_page & "&messageValid=" & isMessageValid 
  
  If Not isPageValid Then 
    ' form validation failed, show error message 
    Response.Redirect form_page 
  End If 
  
  ' keep a collection of submitted valid messages in Application state 
  Call SaveMessage(name, email, message) 
  Call FormCaptcha.Reset 
  Response.Redirect view_page 
  
  ' name validation 
  Function ValidateName(name) 
    Dim result : result = False 
    If (Len(name) > 2 And Len(name) < 30) Then 
      result = True 
    End If 
    ValidateName = result 
  End Function 
  
  ' email validaton 
  Function ValidateEmail(email) 
    Dim result : result = False 
    If (Len(email) < 5 Or Len(email) > 100) Then 
      result = False 
    Else 
      Dim regEx : Set regEx = New RegExp 
      regEx.Pattern = "^(.+)@(.+)\.(.+)$" 
      result = regEx.Test(email) 
    End If 
    ValidateEmail = result 
  End Function 
  
  ' message 
  Function ValidateMessage(message) 
    Dim result : result = False 
    If (Len(message) > 2 And Len(message) < 255) Then 
      result = True 
    End If 
    ValidateMessage = result 
  End Function 
  
  ' data storage 
  Sub SaveMessage(name, email, message) 
    ' we want to keep the example code simple, so we'll store the messages in  
    ' Application state despite it being unfit for real-world use in such  
    ' scenarios; 
    ' using a database or another appropriate persistence medium would  
    ' complicate the example code 
    Application.Lock 
    Application("Message_" & FormCaptcha.InstanceID) = Server.HTMLEncode(name) & 
    " (" & Server.HTMLEncode(email) & ") says: " & Server.HTMLEncode(message) 
    Application.UnLock 
  End Sub 
  
%> 

Form submission validation is performed in this file, which checks all required fields and redirects the user back to the form if validation fails. Captcha validation is treated no different than other field validation.

Once form validation succeeds, the submitted values are saved and the Captcha challenge is reset (Call FormCaptcha.Reset). This means each individual message requires Captcha validation, which helps prevent attacks where a malicious user could solve the Captcha once and then automate further form posts within the same Session.

Messages.asp

<!-- #include file ="BotDetect.asp" --> 
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> 

<html xmlns="http://www.w3.org/1999/xhtml" > 
<head> 
  <title>BotDetect ASP Classic CAPTCHA Validation: ASP Form CAPTCHA Code Example</title> 
  <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> 
  <link type="text/css" rel="Stylesheet" href="StyleSheet.css" /> 
</head> 
<body> 
  <div class="column"> 
    <h1>BotDetect ASP Classic CAPTCHA Validation: <br /> ASP Form CAPTCHA Code 
    Example</h1> 
    
    <h2>View Messages</h2> 

    <% 
      Dim count : count = 0 
      For Each val In Application.Contents 
        If InStr(val, "Message_") And Application(val) <> "" Then 
          Response.Write "<p class=""message"">" & Application(val) & "</p>" 
          count = count + 1 
        End If 
      Next 
      
      If count = 0 Then 
        Response.Write "<p class=""message"">No messages yet.</p>" 
      End If 
      
      Dim FormCaptcha : Set FormCaptcha = (New Captcha)("FormCaptcha") 
    %> 
    
    <br /> 
    
    <p class="navigation"><a href="Default.asp">Add Message</a></p> 
  </div> 
</body> 
/html> 

This page displays all successfully submitted messages, and the user is automatically redirected here after validation of all form fields (including Captcha) is passed.

CaptchaConfig.asp

<% 

' BotDetect ASP Captcha configuration options 
' --------------------------------------------------------------------------- 
BotDetect.CodeLength = 3 
BotDetect.ImageStyle = BDC_ImageStyles("Graffiti2") 
BotDetect.ImageWidth = 150 
BotDetect.HelpLinkMode = BDC_HelpLinkModes("Image") 

%> 

The ASP Captcha library configuration file defines base Captcha settings for the example.


Please Note

The information on this page applies to a discontinued version of BotDetect™ ASP CAPTCHA (v4.x)