Add reCAPTCHA support (Pro) « simpleContact Support Forums

simpleContact Support Forums » Hacks

Add reCAPTCHA support (Pro)

(7 posts) (3 voices)

Started 1 year ago by Alex
Latest reply from Alex

Tags:

Alex
Administrator

A small but vocal amount of users have asked for CAPTCHA support in simpleContact Pro.

I must say, I am not a fan of CAPTCHAs. I consider them to be inadequate from a usability and accessibility point of view and decent server-side validation can stop most spam. I use my own applications on my websites and receive practically no spam. I'm not too inflexible though to deny user's requests if they can be catered for by a straightforward hack, so here is my solution to CAPTCHA support.

Please note: As I indicated in my definition of a hack, this post doesn't indicate my intention to build a CAPTCHA into a general release.

------------------------------------------

reCAPTCHA is one of the better CAPTCHAs out there. It provides an audio alternative and also provides a useful service by helping to digitise books. I will use reCAPTCHA for this hack.

First, you must visit http://recaptcha.net and sign up for a free account. You can choose your own username and password and enter the domain (or domains) that you want to use reCAPTCHA on. You will be provided with a private key and a public key. You will need both of these to implement this hack.

1) Download reCAPTCHA PHP library

Download the reCAPTCHA PHP library and upload it to your sc_admin/include folder.

2) Modify contact form validation

Open sc_admin/include/contact.php

Add the following code from line 9:

include_once($include_directory."/recaptchalib.php");
$publickey = "YOUR-PUBLIC-KEY-HERE";
$privatekey = "YOUR-PRIVATE-KEY-HERE";

Add the following code from line 143 (on one line):

$resp = recaptcha_check_answer($privatekey,$_SERVER["REMOTE_ADDR"],
$_POST["recaptcha_challenge_field"],$_POST["recaptcha_response_field"]);

Add this code onto the next line:

if (!$resp->is_valid) { $errors["recaptcha"] = "reCAPTCHA entered incorrectly"; }

3) Modify contact form

Open contact.php

Find the line that says:

<?php showForm(); ?>

Add this code from the next line:

<?php
print recaptcha_get_html($publickey);
if (array_key_exists("recaptcha",$errors)) {
printf("<p class=\"err\"><em>%s</em></p>",$errors["recaptcha"]);
}
?>

If you view your contact form you should now have a working reCAPTCHA before the submit button.

Posted 1 year ago #
LadyAnna
Member

I have not yet checked the code of lite version, but would this work to put in there as well? Since it is labeled as for the pro version I'm guessing not but wanted to check.

If not, is there any chance of getting it for lite as well? I have recently started to get some spam e-mails through the lite version. And although the pro is reasonable prised I see no real need for the extra features as it is now. I'm only using it as a contact form on my personal site, which over all has a low visitor count.

Posted 1 year ago #
Alex
Administrator

A reCAPTCHA hack can certainly be written for Lite, but it would require different steps to complete (due to differences in code and file structure between Lite and Pro).

I can look into this next week. I will write the hack as a separate forum thread and contact you to let you know when it is ready.

I'd be interested to see a sample of the spam you have received. Please contact me with some. I've noticed that although I get practically no spam from bots, I do get an amount of human spam - that is, real human beings completing my form in order to try selling me link exchanges, SEO services etc.

I don't know of any way to prevent a human being completing a form for unscrupulous reasons.

Posted 12 months ago #
LadyAnna
Member

That is true, and I guess it is possible that the sender is actually human.

I'll send you an example of what I've received, though I don't have much saved atm.

Posted 12 months ago #
Alex
Administrator

I have posted a reCAPTCHA hack for simpleContact Lite.

Posted 12 months ago #
capellt
Member

doesn't the server side validation you provided in the base install of SC prevent the need for CAPTCHA? I've used SC for a long time now and haven't seen any spam issues.

Posted 3 months ago #
Alex
Administrator

I would say yes, it does prevent that need. I've installed simpleContact Pro on my own websites and those of several clients. I don't use CAPTCHAs anywhere.

I think it's vital to be honest and try to manage user expectation about spam. I don't believe it's possible to build a system that prevents 100% of spam, both automated and human, with no false positives. Not even Google have achieved that.

Having said that, I receive practically no spam through any of my SCP installs.

I received several requests for CAPTCHA support, so I wrote this hack to help. Some people see it as an extra level of defense, some need to add it because their clients want it.

I'm not going to add CAPTCHA support to the base install so this is my solution for those cases. Everyone's happy that way :)

Posted 3 months ago #

RSS feed for this topic

Reply

You must log in to post.