How To Add BotDetect CAPTCHA Protection to Classic ASP Forms
First Time Here?
Check the BotDetect Developer Crash Course for key integration steps.
Protecting your ASP forms with BotDetect Classic ASP Captcha requires a few steps, outlined on this page. Displaying the Captcha challenge can be as simple as:
<% ' Adding BotDetect CAPTCHA to the page Dim ExampleCaptcha : Set ExampleCaptcha = (New Captcha)( "ExampleCaptcha") ExampleCaptcha.UserInputID = "CaptchaCode" Response.Write ExampleCaptcha.Html %>and checking user input when the form is submitted:
Dim isHuman : isHuman = ExampleCaptcha.Validate()
You can also see how BotDetect Captcha protection has been added to various kinds of ASP forms and projects by running the BotDetect Captcha ASP integration code examples coming with the BotDetect installation. You can also reuse the example project source code that fits your requirements.
CAPTCHA Integration Steps
To add BotDetect Captcha protection to an ASP Classic website:
- Include BotDetect files in the ASP application
- Display Captcha protection on the ASP form
- Validate Captcha user input during ASP form submission
Include BotDetect Files in the ASP Application
BotDetect Captcha can simply be included in ASP applications by copying the Captcha library files from the BotDetect ASP installation folder.
You will need to copy the following to your ASP application's root folder:
C:\Program Files\Captcha Inc\BotDetect 4 CAPTCHA Component\Asp\ CaptchaLibrary\BotDetect.asp
- the whole
BotDetectfolder (containing 12 files in total) from:
C:\Program Files\Captcha Inc\BotDetect 4 CAPTCHA Component\Asp\ CaptchaLibrary\BotDetect
We'll explain the details of individual Captcha library files later, and focus on the simplest way to use them for now.
Display Captcha Protection on the ASP Form
We'll assume you already have a form which can be posted (
<form method="post" ...), with other fields in place.
First, include the BotDetect Captcha library and stylesheet in the ASP form header, just before the closing
<link type="text/css" rel="Stylesheet" href="<%= CaptchaUrls.LayoutStylesheetUrl() %>" /> <!-- #include file ="BotDetect.asp" --> </head>
Including the library in the page header automatically includes the BotDetect Captcha layout spreadsheet.
To display the Captcha test on your form, you will need the following Html elements:
- A textbox for the Captcha code user input, with a label displaying Captcha instructions
- The Captcha markup including the image, sound and reload icons etc., which will be generated by the Captcha library
<label for="CaptchaCode">Retype the characters from the picture: </label> <% ' Adding BotDetect CAPTCHA to the page Dim ExampleCaptcha : Set ExampleCaptcha = (New Captcha)("ExampleCaptcha") ExampleCaptcha.UserInputID = "CaptchaCode" Response.Write ExampleCaptcha.Html %> <input name="CaptchaCode" id="CaptchaCode" type="text" />
The VbScript code above creates a new instance of the
Captcha class defined by the BotDetect ASP Captcha library, tells it which textbox is used to input Captcha codes, and calls the
Html subroutine to generate all needed BotDetect Html elements.
When you open your form in a browser, the above declarations should render as:
If you are adding Captcha protection to multiple ASP forms in the same application, you should take care to give each one a unique name (e.g. "RegistrationCaptcha", "CommentCaptcha", ...) in the
Captcha object constructor.
Validate Captcha User Input During ASP Form Submission
Since we want to ensure only real human users can perform a certain action (e.g. account registration or comment submission), we also have to add Captcha validation code which will process form submissions, and only allow certain actions if Captcha validation succeeds.
Form Has No ActionIn the simplest case (when the form posts to itself, i.e. the
actionattribute is not set), you will process form submissions on the form itself:
<% If Request.ServerVariables("REQUEST_METHOD") = "POST" Then ' CAPTCHA user input validation Dim isHuman : isHuman = ExampleCaptcha.Validate() If Not isHuman Then ' CAPTCHA validation failed, show error message Response.Write "Incorrect Captcha code" Else ' CAPTCHA validation passed, perform protected action ' TODO End If End If %>
The above code is very simple:
If Request.ServerVariables("REQUEST_METHOD") = "POST"line ensures the code only runs when the form is submitted
Dim isHuman : isHuman = ExampleCaptcha.Validate()line calls the
Validate()function of the
Captchaobject, which returns
Trueif the submitted Captcha code matches the one used for Captcha image generation, or
- Depending on the Captcha validation result, we either show a simple error message, or proceed with form submission
This approach is shown in the BotDetect basic ASP integration code example included in the BotDetect installation.
Separate Form Processing Action
If your form posts to a separate
.asp file, you can use the same Captcha validation code, you just have to create a
Captcha object instance with the same name as the one used on the form first:
' Captcha validation Dim ExampleCaptcha : Set ExampleCaptcha = (New Captcha)("ExampleCaptcha") ExampleCaptcha.UserInputID = "CaptchaCode" Dim isHuman : isHuman = ExampleCaptcha.Validate() If Not isHuman Response.Redirect "Default.asp" & "?captchaValid=False" End If ' TODO: continue with form submission
In this case, if the correct Captcha code wasn't submitted, we redirect the user back to the original form (adding a simple querystring for easier error reporting). You can also integrate the
isHuman result with other form validation code, depending on your overall form validation approach.
This approach is shown in the BotDetect ASP form integration code example included in the BotDetect installation.