reCAPTCHA and nms FormMail - part I
Another site I manage uses nms FormMail to provide visitors with a way to get in contact.
To help reduce spam encountered by this site a reCAPTCHA challenge has been added to the form used by FormMail.
This post, together with the second in the series, discuss the changes required to add reCAPTCHA to nmsFormMail.
To achieve this the following changes were made to the nms FormMail script...
At the beginning of the script reference the light weight user agent LWP::UserAgent...
...
use strict;
use vars qw(
$DEBUGGING $emulate_matts_code $secure %more_config
$allow_empty_ref $max_recipients $mailprog @referers
@allow_mail_to @recipients %recipient_alias
@valid_ENV $date_fmt $style $send_confirmation_mail
$confirmation_text $locale $charset $no_content
$double_spacing $wrap_text $wrap_style $postmaster
$address_style
);
use LWP::UserAgent;
...
In the handle_request() method add a call to check_captcha after checking for missing fields.
...
my @missing = $self->get_missing_fields;
if (scalar @missing) {
$self->missing_fields_output(@missing);
return;
}
$self->check_captcha or return;
my $date = $self->date_string;
...
After check_method_is_post() insert the sub routine check_captcha()... Not forgetting to replace 'your_private_key' with your private key.
...
=item check_captcha ()
Check the CAPTCHA response via the reCAPTCHA service.
=cut
sub check_captcha {
my ($self) = @_;
my ($ua) = LWP::UserAgent->new();
my ($result) = ($ua)->post(
'http://api-verify.recaptcha.net/verify',
{
privatekey => 'your_private_key',
remoteip => $ENV{'REMOTE_ADDR'},
challenge => $self->{Form}{'recaptcha_challenge_field'},
response => $self->{Form}{'recaptcha_response_field'}
});
if ( $result->is_success && $result->content =~ /^true/) {
return 1;
} else {
if ($self->{FormConfig}{'captcha_fail_redirect'}) {
print $self->cgi_object->redirect( $self->{FormConfig}{'captcha_fail_redirect'} );
return 0;
}
else {
my ($self) = @_;
$self->error_page( 'Error: Captcha Check Failed', <<END );
<p>
The Captcha response of the form you submitted did not match the challenge.
Please check the form and make sure that your response matches the challenge in the captcha image.
You can use the browser back button to return to the form.
</p>
END
return 0;
}
}
}
...
Add an additional form field captcha_fail_redirect to configuration_form_fields
...
return_link_url
print_blank_fields
missing_fields_redirect
captcha_fail_redirect
);
}
...
And finally add captcha_fail_redirect to the list of valid names in parse_config_form_input
...
my $val = $self->strip_nonprint($self->cgi_object->param($name));
if ($name =~ /return_link_url|redirect|captcha_fail_redirect$/) {
$val = $self->validate_url($val);
}
$self->{FormConfig}{$name} = $val;
...
A modified nms FormMail script is available for download.
Comments
-
Thanks for this information, I was not sure I was going to be able to get this to work for me but your instructions worked like a charm.
-
Thank you so much!! I have been fighting with adding a captcha to our contact form for a week now. Nothing worked until I found yours. Thanks again!!
-Steve
A Touch of Ozark -
Thank you for this. However, I get an error message "Internal Server Error. Could not execute script '/var/sites/w/xxx/public_html/post/web3.cgi'. suPHP 0.7.2" (where "xxx" is the full website address). This happens whether I use my own nms Formmail script modified in accordance with your instructions or the sample script that you have provided.
-
Hi Peter,
To get much further with this you will need to gather more details on the internal server error. Instructions on how to get these logs can be found by searching for "turn on php error logging".
Even with these log files I suspect you will have difficulties with the code as it is based around version 1 of ReCaptcha. Ten years later and Google have moved on to version 3. As this site no longer uses ReCaptcha for its anti-spam protection I can't say what changes will be required to the script to support the latest version of the API.
Sorry I can't help more. -
Hello Ross
Thank you for taking the trouble to reply, much appreciated.
I realise that your script and nms Formmail are both now long in the tooth. I have decided to abandon Formmail and go for a PHP solution. But as I know no more about PHP than I know about Perl, it's an uphill battle.
Still, onwards and upwards.
Best wishes
Peter