Velocity Reviews

Velocity Reviews (http://www.velocityreviews.com/forums/index.php)
-   ASP General (http://www.velocityreviews.com/forums/f65-asp-general.html)
-   -   Newbie: simple asp security form with CAPTCHA (http://www.velocityreviews.com/forums/t800662-newbie-simple-asp-security-form-with-captcha.html)

blubberpuss@gmail.com 02-13-2006 09:02 PM

Newbie: simple asp security form with CAPTCHA
 
I've created a simple form that creates a .csv and will generate an
email (intro.asp).
For some security, I've been asked to include CAPTCHA. I found Web Wiz
CAPTCHA and it works fine -- I have a name text field and the CAPTCHA.
A correct response redirects to the full form's page, with more text
fields (survey.asp).
There's no login/password, but I'm concerned that bots will circumvent
the intro.asp page and go directly to the survey.asp page.
I'm pretty sure that what I need is a session variable somewhere in
survey.asp and following pages to prevent pages from being viewed out
of sequence.
Unfortunately, I don't know how that session variable is constructed.
Help much appreciated.

Scott


Bob Barrows [MVP] 02-13-2006 09:09 PM

Re: Newbie: simple asp security form with CAPTCHA
 
blubberpuss@gmail.com wrote:
> I've created a simple form that creates a .csv and will generate an
> email (intro.asp).
> For some security, I've been asked to include CAPTCHA. I found Web Wiz
> CAPTCHA and it works fine -- I have a name text field and the CAPTCHA.
> A correct response redirects to the full form's page, with more text
> fields (survey.asp).
> There's no login/password, but I'm concerned that bots will circumvent
> the intro.asp page and go directly to the survey.asp page.
> I'm pretty sure that what I need is a session variable somewhere in
> survey.asp and following pages to prevent pages from being viewed out
> of sequence.
> Unfortunately, I don't know how that session variable is constructed.
> Help much appreciated.
>

It's as simple as:
<%
Session("your_variable_name") = some_value
%>

Bob barrows
--
Microsoft MVP -- ASP/ASP.NET
Please reply to the newsgroup. The email account listed in my From
header is my spam trap, so I don't check it very often. You will get a
quicker response by posting to the newsgroup.



blubberpuss@gmail.com 02-13-2006 09:24 PM

Re: Newbie: simple asp security form with CAPTCHA
 

Bob Barrows [MVP] wrote:
> blubberpuss@gmail.com wrote:
> > I've created a simple form that creates a .csv and will generate an
> > email (intro.asp).
> > For some security, I've been asked to include CAPTCHA. I found Web Wiz
> > CAPTCHA and it works fine -- I have a name text field and the CAPTCHA.
> > A correct response redirects to the full form's page, with more text
> > fields (survey.asp).
> > There's no login/password, but I'm concerned that bots will circumvent
> > the intro.asp page and go directly to the survey.asp page.
> > I'm pretty sure that what I need is a session variable somewhere in
> > survey.asp and following pages to prevent pages from being viewed out
> > of sequence.
> > Unfortunately, I don't know how that session variable is constructed.
> > Help much appreciated.
> >

> It's as simple as:
> <%
> Session("your_variable_name") = some_value
> %>
>
> Bob barrows
> --
> Microsoft MVP -- ASP/ASP.NET
> Please reply to the newsgroup. The email account listed in my From
> header is my spam trap, so I don't check it very often. You will get a
> quicker response by posting to the newsgroup.


Sorry, should have asked the question better.
What code needs to go on survey.asp to prevent bots from using it
directly, avoiding intro.asp?
Thanks again.

Scott


Dave Anderson 02-13-2006 09:39 PM

Re: Newbie: simple asp security form with CAPTCHA
 
blubberpuss@gmail.com wrote:
> Sorry, should have asked the question better.
> What code needs to go on survey.asp to prevent bots from
> using it directly, avoiding intro.asp?


Upon successful negotiation of CAPTCHA challenge, set a session variable:

Session("UserType") = "Human"

Then check for that value in survey.asp:

If Session("UserType") <> "Human" Then
Response.Redirect("intro.asp")
End If



--
Dave Anderson

Unsolicited commercial email will be read at a cost of $500 per message. Use
of this email address implies consent to these terms. Please do not contact
me directly or ask me to contact you directly for assistance. If your
question is worth asking, it's worth posting.



blubberpuss@gmail.com 02-13-2006 10:32 PM

Re: Newbie: simple asp security form with CAPTCHA
 

Dave Anderson wrote:
> blubberpuss@gmail.com wrote:
> > Sorry, should have asked the question better.
> > What code needs to go on survey.asp to prevent bots from
> > using it directly, avoiding intro.asp?

>
> Upon successful negotiation of CAPTCHA challenge, set a session variable:
>
> Session("UserType") = "Human"
>
> Then check for that value in survey.asp:
>
> If Session("UserType") <> "Human" Then
> Response.Redirect("intro.asp")
> End If
>
>
>
> --
> Dave Anderson
>
> Unsolicited commercial email will be read at a cost of $500 per message. Use
> of this email address implies consent to these terms. Please do not contact
> me directly or ask me to contact you directly for assistance. If your
> question is worth asking, it's worth posting.


Thanks very much. It works like a champ in IE, it slips through in
Firefox. That is, in IE the http://yadayada.com/survey.asp instantly
redirects to http://yadayada.com/intro.asp, but pasting
http://yadayada.com/survey.asp lets me right into the survey.asp page.
Would modifications be necessary, or is it a caching thing?

Again, much thanks.

Scott


Dave Anderson 02-14-2006 02:57 PM

Re: Newbie: simple asp security form with CAPTCHA
 
blubberpuss@gmail.com wrote:
> Thanks very much. It works like a champ in IE, it slips through in
> Firefox. That is, in IE the http://yadayada.com/survey.asp instantly
> redirects to http://yadayada.com/intro.asp, but pasting
> http://yadayada.com/survey.asp lets me right into the survey.asp page.
> Would modifications be necessary, or is it a caching thing?


Could be a caching thing. If you add this to survey.asp, does Firefox
behavior change (you may have to clear cache in Firefox before testing)?

Response.Expires = -1
Response.AddHeader("pragma","no-cache")
Response.AddHeader("cache-control","private")
Response.CacheControl = "no-cache"


--
Dave Anderson

Unsolicited commercial email will be read at a cost of $500 per message. Use
of this email address implies consent to these terms. Please do not contact
me directly or ask me to contact you directly for assistance. If your
question is worth asking, it's worth posting.




All times are GMT. The time now is 04:39 PM.

Powered by vBulletin®. Copyright ©2000 - 2014, vBulletin Solutions, Inc.
SEO by vBSEO ©2010, Crawlability, Inc.