Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > ASP General > Newbie: simple asp security form with CAPTCHA

Reply
Thread Tools

Newbie: simple asp security form with CAPTCHA

 
 
blubberpuss@gmail.com
Guest
Posts: n/a
 
      02-13-2006
I've created a simple form that creates a .csv and will generate an
email (intro.asp).
For some security, I've been asked to include CAPTCHA. I found Web Wiz
CAPTCHA and it works fine -- I have a name text field and the CAPTCHA.
A correct response redirects to the full form's page, with more text
fields (survey.asp).
There's no login/password, but I'm concerned that bots will circumvent
the intro.asp page and go directly to the survey.asp page.
I'm pretty sure that what I need is a session variable somewhere in
survey.asp and following pages to prevent pages from being viewed out
of sequence.
Unfortunately, I don't know how that session variable is constructed.
Help much appreciated.

Scott

 
Reply With Quote
 
 
 
 
Bob Barrows [MVP]
Guest
Posts: n/a
 
      02-13-2006
http://www.velocityreviews.com/forums/(E-Mail Removed) wrote:
> I've created a simple form that creates a .csv and will generate an
> email (intro.asp).
> For some security, I've been asked to include CAPTCHA. I found Web Wiz
> CAPTCHA and it works fine -- I have a name text field and the CAPTCHA.
> A correct response redirects to the full form's page, with more text
> fields (survey.asp).
> There's no login/password, but I'm concerned that bots will circumvent
> the intro.asp page and go directly to the survey.asp page.
> I'm pretty sure that what I need is a session variable somewhere in
> survey.asp and following pages to prevent pages from being viewed out
> of sequence.
> Unfortunately, I don't know how that session variable is constructed.
> Help much appreciated.
>

It's as simple as:
<%
Session("your_variable_name") = some_value
%>

Bob barrows
--
Microsoft MVP -- ASP/ASP.NET
Please reply to the newsgroup. The email account listed in my From
header is my spam trap, so I don't check it very often. You will get a
quicker response by posting to the newsgroup.


 
Reply With Quote
 
 
 
 
blubberpuss@gmail.com
Guest
Posts: n/a
 
      02-13-2006

Bob Barrows [MVP] wrote:
> (E-Mail Removed) wrote:
> > I've created a simple form that creates a .csv and will generate an
> > email (intro.asp).
> > For some security, I've been asked to include CAPTCHA. I found Web Wiz
> > CAPTCHA and it works fine -- I have a name text field and the CAPTCHA.
> > A correct response redirects to the full form's page, with more text
> > fields (survey.asp).
> > There's no login/password, but I'm concerned that bots will circumvent
> > the intro.asp page and go directly to the survey.asp page.
> > I'm pretty sure that what I need is a session variable somewhere in
> > survey.asp and following pages to prevent pages from being viewed out
> > of sequence.
> > Unfortunately, I don't know how that session variable is constructed.
> > Help much appreciated.
> >

> It's as simple as:
> <%
> Session("your_variable_name") = some_value
> %>
>
> Bob barrows
> --
> Microsoft MVP -- ASP/ASP.NET
> Please reply to the newsgroup. The email account listed in my From
> header is my spam trap, so I don't check it very often. You will get a
> quicker response by posting to the newsgroup.


Sorry, should have asked the question better.
What code needs to go on survey.asp to prevent bots from using it
directly, avoiding intro.asp?
Thanks again.

Scott

 
Reply With Quote
 
Dave Anderson
Guest
Posts: n/a
 
      02-13-2006
(E-Mail Removed) wrote:
> Sorry, should have asked the question better.
> What code needs to go on survey.asp to prevent bots from
> using it directly, avoiding intro.asp?


Upon successful negotiation of CAPTCHA challenge, set a session variable:

Session("UserType") = "Human"

Then check for that value in survey.asp:

If Session("UserType") <> "Human" Then
Response.Redirect("intro.asp")
End If



--
Dave Anderson

Unsolicited commercial email will be read at a cost of $500 per message. Use
of this email address implies consent to these terms. Please do not contact
me directly or ask me to contact you directly for assistance. If your
question is worth asking, it's worth posting.


 
Reply With Quote
 
blubberpuss@gmail.com
Guest
Posts: n/a
 
      02-13-2006

Dave Anderson wrote:
> (E-Mail Removed) wrote:
> > Sorry, should have asked the question better.
> > What code needs to go on survey.asp to prevent bots from
> > using it directly, avoiding intro.asp?

>
> Upon successful negotiation of CAPTCHA challenge, set a session variable:
>
> Session("UserType") = "Human"
>
> Then check for that value in survey.asp:
>
> If Session("UserType") <> "Human" Then
> Response.Redirect("intro.asp")
> End If
>
>
>
> --
> Dave Anderson
>
> Unsolicited commercial email will be read at a cost of $500 per message. Use
> of this email address implies consent to these terms. Please do not contact
> me directly or ask me to contact you directly for assistance. If your
> question is worth asking, it's worth posting.


Thanks very much. It works like a champ in IE, it slips through in
Firefox. That is, in IE the http://yadayada.com/survey.asp instantly
redirects to http://yadayada.com/intro.asp, but pasting
http://yadayada.com/survey.asp lets me right into the survey.asp page.
Would modifications be necessary, or is it a caching thing?

Again, much thanks.

Scott

 
Reply With Quote
 
Dave Anderson
Guest
Posts: n/a
 
      02-14-2006
(E-Mail Removed) wrote:
> Thanks very much. It works like a champ in IE, it slips through in
> Firefox. That is, in IE the http://yadayada.com/survey.asp instantly
> redirects to http://yadayada.com/intro.asp, but pasting
> http://yadayada.com/survey.asp lets me right into the survey.asp page.
> Would modifications be necessary, or is it a caching thing?


Could be a caching thing. If you add this to survey.asp, does Firefox
behavior change (you may have to clear cache in Firefox before testing)?

Response.Expires = -1
Response.AddHeader("pragma","no-cache")
Response.AddHeader("cache-control","private")
Response.CacheControl = "no-cache"


--
Dave Anderson

Unsolicited commercial email will be read at a cost of $500 per message. Use
of this email address implies consent to these terms. Please do not contact
me directly or ask me to contact you directly for assistance. If your
question is worth asking, it's worth posting.


 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Simple Captcha : Zero Dependecy Captcha for Rails sur Ruby 0 12-23-2007 03:05 AM
captcha to defeat form spammers let@it.snow HTML 35 05-08-2007 11:00 PM
Simple Captcha 1.0 sur Ruby 0 03-24-2007 11:29 AM
captcha to defeat form spammers let@it.snow HTML 25 02-27-2007 05:29 AM
ASP w/Captcha form field drops last value in field upon submission? Scott Gordo ASP General 1 03-23-2006 06:20 AM



Advertisments