ASP Classic CAPTCHA Customization VBScript Code Sample (BotDetect v3.0; deprecated)

The ASP Classic Captcha customization code sample shows how to customize BotDetect CAPTCHA behavior and appearance.

First Time Here?

Check the BotDetect Developer Crash Course for key integration steps.

BotDetect 3.0 allows user-defined customization of many Captcha options through a special BotDetect\CaptchaConfig.asp configuration file; some customizations also require page source changes.

Shown customizations include: CAPTCHA image color scheme, sound & reload icons and their tooltips, custom client-side handlers for BotDetect actions such as sound playing and Captcha reloading (resulting in simple debug messages on icon clicks in this sample), ...

The BotDetect\CaptchaConfig.asp file used in this sample project contains detailed descriptions and explanations of the many customizable options.

You can then use chosen customization options to configure BotDetect to precisely match your application requirements.

Installed Location

By default, the Classic ASP Captcha customization code sample is installed at:
C:\Program Files\Lanapsoft\BotDetect 3 CAPTCHA Component\Asp\WebApp\CaptchaCustomizationSample

You can also run it from the BotDetect Start Menu:
Programs > Lanapsoft > BotDetect 3 CAPTCHA Component > ASP > Web Applications > Run

Default.asp

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" 
  "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >
<head>
  <title>BotDetect ASP CAPTCHA Customization Sample</title>
  <link type="text/css" rel="Stylesheet" href="StyleSheet.css" />
  <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
  <!-- #include file ="BotDetect.asp" -->
</head>
<body>
  <form method="post" action="" id="form1">

    <h1>BotDetect ASP CAPTCHA Customization Sample</h1>
    
    <fieldset>
        <legend>ASP CAPTCHA validation</legend>
        <label for="CaptchaCode">Retype the characters from the 
        picture:</label>
        
        <% ' Adding BotDetect CAPTCHA to the page 
        Dim SampleCaptcha : Set SampleCaptcha = (New Captcha)("SampleCaptcha")
        SampleCaptcha.UserInputID = "CaptchaCode"
        Response.Write SampleCaptcha.Html %>
        
        <div class="validationDiv">
            <input name="CaptchaCode" type="text" id="CaptchaCode" />
            <input type="submit" name="ValidateCaptchaButton" 
            value="Validate" id="ValidateCaptchaButton" />
            
            <% ' CAPTCHA user input validation (only if the form was 
            submitted)
              If Request.ServerVariables("REQUEST_METHOD") = "POST" 
              Then
                Dim isHuman : isHuman = SampleCaptcha.Validate()
                If Not isHuman Then 
                  ' CAPTCHA validation failed, show error message 
                  Response.Write "<span class=""incorrect"">Incorrect 
                  code</span>"
                Else 
                  ' CAPTCHA validation passed, perform protected 
                  action
                  Response.Write "<span class=""correct"">Correct code
                  </span>"
                End If 
              End If
            %>
        </div>
    </fieldset>
    
    <h4>Custom BotDetect Client-Side Events Debug Log</h4>
    <div id="output"></div>
    
    <script type="text/javascript">
      function log(text) {
        var output = document.getElementById('output');
        var line = document.createElement('pre');
        line.innerHTML = timestamp() + ' ' + text;
        output.insertBefore(line, output.firstChild);
      }
      
      function timestamp() {
        return new Date().toTimeString().replace(/.*(\d{2}:\d{2}:\d{2}).*/, "$1");
      }
      
      function format(url) {
        return url.replace(/^.*?\?/g, '').replace(/&/g, '\n  &');
      }

      // custom javascript handler executed before Captcha sounds are played
      BotDetect.RegisterCustomHandler('PrePlaySound', function() { 
        log('PrePlaySound: ' + this.Id); 
      });  
      
      // custom javascript handler executed before Captcha images are reloaded
      BotDetect.RegisterCustomHandler('PreReloadImage', function() { 
        log('PreReloadImage:\n  ' + format(this.Image.src) + '\n  AutoReload: ' + 
          this.AutoReloading);
      });  
      
      // custom javascript handler executed after Captcha images are reloaded
      BotDetect.RegisterCustomHandler('PostReloadImage', function() { 
        log('PostReloadImage:\n  ' + format(this.Image.src));
      }); 
    </script> 

  </form>
</body>
</html>

The form follows the basic procedure for adding Captcha protection to ASP forms.

A script fragment defines custom code for BotDetect client-side object.

BotDetect\CaptchaConfig.asp

<%

' Captcha code configuration
' ---------------------------------------------------------------------------

' LBD_Configuration_CodeLength:
' Captcha code length, in characters
LBD_Configuration_CodeLength = 4

' LBD_Configuration_CodeStyle:
' Captcha code style (alphanumeric, alpha, or numeric)
LBD_Configuration_CodeStyle = LBD_CodeStyles("Alpha")

' LBD_Configuration_CodeTimeout:
' Captcha code timeout in seconds - the Captcha can only be successfully
' solved within the specified time after generation. This is an optional
' security improvement that narrows the window of opportunity for attacks
' based on re-using the Captcha image on another site controlled by the
' attacker, or similar human-solver-based attacks on Captcha-protected
' forms.
LBD_Configuration_CodeTimeout = 600

' LBD_Configuration_Locale:
' Captcha locale string, affecting the charset used for Captcha code
' generation, and the pronunciation language used for sound Captchas
LBD_Configuration_Locale = "en-US"

' LBD_Configuration_CustomCharset:
'Defines a custom character set for Captcha code generation, specifying
' the alphanumeric characters which will be used for all Captcha codes
' regardless of the codeStyle value set
LBD_Configuration_CustomCharset = "A,B,C,D,E,1,2,3,4"

' LBD_Configuration_BannedSequences:
' Defines rules about character sequences you want to avoid using in
' randomly generated CAPTCHA codes. Must be a CSV string.
LBD_Configuration_BannedSequences = ""


' Captcha image configuration
' ---------------------------------------------------------------------------

' LBD_Configuration_ImageStyle:
' Captcha image style - can be a fixed or a randomized value selected from
' the 60 BotDetect image drawing algorithms
LBD_Configuration_ImageStyle = LBD_RandomImageStyle()

' LBD_Configuration_ImageWidth:
' Captcha image width, in pixels
LBD_Configuration_ImageWidth = 250

' LBD_Configuration_ImageHeight:
' Captcha image height, in pixels
LBD_Configuration_ImageHeight = 50

' LBD_Configuration_ImageFormat:
' Captcha image output format (JPG, GIF, PNG or BMP)
LBD_Configuration_ImageFormat = LBD_ImageFormats("Gif")

' LBD_Configuration_CustomDarkColor:
' Used to override the default Captcha image color scheme.
' Html named or hex color value of the dark color used in Captcha images.
LBD_Configuration_CustomDarkColor = "#483D8B"

' LBD_Configuration_CustomLightColor:
' Used to override the default Captcha image color scheme.
' Html named or hex color value of the light color used in Captcha images.
LBD_Configuration_CustomLightColor = "#87CEFA"

' LBD_Configuration_ImageTooltip:
' Custom Captcha image alt text / title
LBD_Configuration_ImageTooltip = "CAPTCHA Image Custom English Tooltip"

' LBD_Configuration_HelpLinkEnabled:
' Is the Captcha help link enabled or not
LBD_Configuration_HelpLinkEnabled = True

' LBD_Configuration_HelpLinkMode:
' Controls how the Captcha help link is displayed; supported modes are "Image" and 
' "Text"
LBD_Configuration_HelpLinkMode = LBD_HelpLinkModes("Text")

' LBD_Configuration_HelpLinkUrl:
' Url (absolute or relative) to which the Captcha help link points to
LBD_Configuration_HelpLinkUrl = "captcha.html"

' LBD_Configuration_HelpLinkText:
' Text used in the Captcha help link; leave empty for default image width-dependent 
' text
LBD_Configuration_HelpLinkText = "Custom Help Link Text"


' Captcha sound configuration
' ---------------------------------------------------------------------------
' Captcha sounds in BotDetect 3.0 require locale-dependent pronunciation
' SoundPackage (.bdsp) files. Some default SoundPackages are included
' in all BotDetect installations, and pronunciations for additional
' languages can be downloaded from the Downloads section of the
' BotDetect website.


' LBD_Configuration_SoundEnabled:
' Is Captcha sound enabled
LBD_Configuration_SoundEnabled = True

' LBD_Configuration_SoundStyle:
' Captcha sound style - can be a fixed or a randomized value selected from
' the 10 BotDetect sound generation algorithms
LBD_Configuration_SoundStyle = LBD_RandomSoundStyle()

' LBD_Configuration_SoundFormat:
' Captcha sound output format (WavPcm16bit8KhzMono or WavPcm8bit8KhzMono)
LBD_Configuration_SoundFormat = LBD_SoundFormats("WavPcm8bit8kHzMono")

' LBD_Configuration_SoundTooltip:
' Custom sound Captcha icon alt text / title
LBD_Configuration_SoundTooltip = "Sound Icon Custom English Tooltip"

' LBD_Configuration_SoundIconUrl:
' Custom sound Captcha icon. You can use standard BotDetect icons
' ("BotDetect/SoundIcon.gif" and "BotDetect/SmallSoundIcon.gif") or an icon
' of your own.
LBD_Configuration_SoundIconUrl = "CustomSoundIcon.gif"

' LBD_Configuration_SoundPackageFolder:
' Custom sound packages folder. You can reuse a single location for all ASP
' applications using BotDetect Captcha on the same server, as long as the IIS
' worker process running them had Read permissions to the location
LBD_Configuration_SoundPackageFolder = "C:\Program Files (x86)\Lanapsoft\BotDetect 3 
CAPTCHA Component\Asp\Redistribute\BotDetectSounds"

' LBD_Configuration_WarnAboutMissingSoundPackages:
' If the required SoundPackage in not deployed, the sound icon is not
' clickable and displays a warning tooltip by default. If you want to disable
' this warning and simply not display the sound Captcha icon at all for
' locales whose pronunciations are not deployed with the application,
' set this property to "False".
LBD_Configuration_WarnAboutMissingSoundPackages = True

' LBD_Configuration_SoundStartDelay:
' Starting delay of sound JavaScript playback, in milliseconds.
' Useful for improving usability of the Captcha sound for blind people using
' JAWS or similar readers, which will read the label associated with the Captcha
' code textbox and start sound playback simultaneously when the sound icon
' is activated. Setting this delay to e.g. 2000 (2 seconds) will give the user time
' to hear both the pronounced label and the Captcha sound clearly.
LBD_Configuration_SoundStartDelay = 1000

' LBD_Configuration_SoundRegenerationMode:
' How will multiple consecutive requests for audio Captcha with the same 
' Captcha code ("sound regeneration") be handled by BotDetect - a trade-off 
' of security, usability, and storage requirements:
'   -> LBD_SoundRegenerationModes("None") - generate only one sound response 
'     per  Captcha code, cache it on the server, and serve it for all consecutive 
'     sound requests.
'       * Highest security: comparative analysis of multiple sounds is impossible
'          since only one sound response exists per Captcha code.
'       * High usability: works consistently across all browsers, regardless of 
'          their Html5 audio support and without depending on JavaScript 
'          functionality.
'       * High storage requirements: the generated sound bytes must be stored 
'          in Session state, consuming server memory or other storage medium 
'          for each Captcha code requested as Captcha audio.
'   -> LBD_SoundRegenerationModes("Limited") - allow generation of a limited  
'     number  of different sound responses (the minimum required to make 
'     Captcha audio work in all supported client browsers and devices), and 
'     automatically change the Captcha code on the client for consecutive sound 
'     requests if needed and possible. 
'       * Decent security: comparative analysis of multiple sounds is severely 
'          hampered, since the small number of sound responses available does
'          not provide enough information to seriously undermine Captcha 
'          security. 
'       * Decent usability: Since Captcha sound will only be served a small 
'          number of times for the same Captcha code (returning an error after
'          the limit has been hit), observed behavior depends on client browser 
'          capabilities: 
'            - Modern Html5 Wav audio compatible browsers will always replay 
'              the same sound on consecutive sound icon clicks, without 
'              requesting a regenerated sound from the server.
'            - Older browsers without support for client-side audio replay must
'              detect consecutive sound icon clicks that might trigger the sound 
'              regeneration limit on the server and automatically change the 
'              Captcha code (by reloading the Captcha image) to ensure sound 
'              will play properly. For each sound icon click after the first one, the
'              Captcha image will be changed before audio is played.
'            - Browsers without JavaScript capability (and bots) will have to 
'              reload the form to get a new Captcha code to make the sound work 
'              again after the regeneration limit had been hit.
'       * Low storage requirements: generated sound responses don't need to
'          be stored on the server. 
'   -> LBD_SoundRegenerationModes("Unimited") - each audio request will 
'     generate a new Captcha sound response (previous BotDetect version 
'     behavior).
'       * Low security: comparative analysis of multiple sounds for the same
'          Captcha code allows for higher accuracy of automated recognition.
'       * High usability: works consistently across all browsers, regardless of 
'          their Html5 audio support and without depending on JavaScript 
'          functionality.
'       * Low storage requirements: generated sound responses don't need to 
'          be  stored on the server. 
' BotDetect defaults to limited sound regeneration as the most reasonable 
' overall trade-off. At user discretion, higher security and usability can be 
' achieved at the cost of significant amounts of server-side storage space. 
' Unlimited sound regeneration is not recommended due to low security, but is 
' left as an option for backwards-compatibility.
LBD_Configuration_SoundRegenerationMode = LBD_SoundRegenerationModes("Limited")


' Captcha reload configuration
' ---------------------------------------------------------------------------

' LBD_Configuration_ReloadEnabled:
' Is Captcha reloading enabled
LBD_Configuration_ReloadEnabled = True

' LBD_Configuration_ReloadTooltip:
' Custom reload Captcha icon alt text / title
LBD_Configuration_ReloadTooltip = "Reload Icon Custom English Tooltip"

' LBD_Configuration_ReloadIconUrl:
' Custom reload Captcha icon. You can use standard BotDetect icons
' ("BotDetect/ReloadIcon.gif" and "BotDetect/SmallReloadIcon.gif") or an icon
' of your own. If you want to display the icons horizontally next to the Captcha
' image instead of one below the other, simply include the
' "BotDetect/HorizontalIconsOverride.css" stylesheet in your page.
'LBD_Configuration_ReloadIconUrl = "https://captcha.com/images/refresh.png"
LBD_Configuration_ReloadIconUrl = "BotDetect/ReloadIcon.gif"

' LBD_Configuration_AutoReloadExpiredCaptchas:
' Captcha images are automatically reloaded when the Captcha code expires
' (as set in the LBD_Configuration_CodeTimeout element, or the ASP
' Session timeout), but only within a certain interval from their first
' generation. This allows you to have a short Captcha code timeout (e.g.
' 2 minutes) to narrow the window of opportunity for Captcha reusing on
' other sites or human-solver-powered bots, and actual visitors can still
' fill out your form at their own pace and without rushing (since the
' Captcha image will be reloaded automatically when it is no longer valid).
LBD_Configuration_AutoReloadExpiredCaptchas = True

' LBD_Configuration_AutoReloadTimeout:
' Since we don't want infinite sessions when the user leaves the form open
' in a background browser tab over the weekend (for example), we set a
' reasonable upper limit on the auto-reload period (e.g. 2 hours = 7200
' seconds).
LBD_Configuration_AutoReloadTimeout = 7200


' Captcha user input configuration
' ---------------------------------------------------------------------------

' LBD_Configuration_AutoFocusInput:
' The input textbox will be assigned focus on all Captcha Sound and
' Captcha Reload icon clicks, allowing the users to more easily type
' in the code as they hear it or as the new image loads. This does not
' apply to auto-reloading of expired Captchas, since the user might
' be filling out another field on the form when the auto-reload
' starts and shouldn't be distracted.
LBD_Configuration_AutoFocusInput = True

' LBD_Configuration_AutoClearInput:
' The input textbox will be cleared on all Reload icon clicks and auto-
' reloads, since any previous input in the textbox will be invalidated
' by Captcha reloading. This is a small usability improvement that
' helps users avoid having to delete the previous input themselves.
LBD_Configuration_AutoClearInput = True

' LBD_Configuration_AutoUppercaseInput:
' Anything the users type in the input textbox will be uppercased
' on the fly, since Captcha validation is not and should not be case-
' sensitive. This is a small usability improvement that helps
' communicate that fact to the users clearly.
LBD_Configuration_AutoUppercaseInput = True


' Captcha remote script configuration
' ---------------------------------------------------------------------------

' LBD_Configuration_RemoteScriptEnabled:
' Should BotDetect also add the remote JavaScript include loaded from the 
' captcha.com server. Currently used only for stats, but planned to develop
' into additional Captcha functionality.
LBD_Configuration_RemoteScriptEnabled = True


' Captcha persistence configuration
' ---------------------------------------------------------------------------

' LBD_Persistence:
' By default, BotDetect stores generated Captcha codes and per-instance
' set values in ASP Session state. If you want to change the persistence
' medium and use your own dictionary-type object, this is the setting to use.
Dim LBD_Persistence : Set LBD_Persistence = Session

' LBD_Configuration_UseApplicationFallback:
' Controls whether data required for sound Captcha playback will also be saved
' in ASP Application state, as a fallback for ASP Session state problems. 
' Several browser/sound player combinations cause sound problems since they
' misplace ASP Session cookies when transferring the sound Url to the sound 
' player (IE 7.0 + WMP 11, Safari 4 + QuickTime, etc.).
' Keeping this option set to 'True' makes sound Captchas play correctly even
' in such clients, at the cost of some server memory and slower execution due 
' to Application state locking/unlocking necessary.
LBD_Configuration_UseApplicationFallback = True

%>

The ASP Captcha library configuration file defines base Captcha settings for the sample.


Please Note

The information on this page is out of date and applies to a deprecated version of BotDetect™ CAPTCHA (v3.0).

An up-to-date equivalent page for the latest BotDetect Captcha release (v4) is BotDetect v4 Captcha documentation index.

General information about the major improvements in the current BotDetect release can be found at the What's New in BotDetect v4.0 page.