Skip to main content
RLS
RLS
Inspiring
February 3, 2011
Answered

How to create CAPTCHA without displaying the image?

  • February 3, 2011
  • 2 replies
  • 1383 views

I have a home-grown content management system that allows users to embed their own source code. One client embedded FORM's, but found themselves the target of spammers, so they wanted me to add a CAPTCHA feature to it.  It's been a little difficult because it all displays inside of a TEXTAREA field, but I'm 99% of the way there.

What's got me stymied is the captcha image.  I can create the image, write it to the server with a dedicated name, and can display it just fine inside of their form. However, the original call to create the captcha image leave a broken image box.  I don't want any box, I just want it to write the image to a file and move on.

Here's how I'm making that initial call:

cfimage action="captcha" fontsize="24" fonts="Times New Roman" width="250" height="50"

      text="#rndString#" difficulty="low" destination="#fileDest#" overwrite="yes"

Any ideas?


RLS

    This topic has been closed for replies.
    Correct answer Adam Cameron.

    I think you've encountered a significant short-coming in the implementation of how CF implements the generation with captcha images.  Here are the problems with the implementation as I see it:

    * There should be three - mutually exclusive - "destinations" for the image:

    - file system (what you want)

    - screen (what it kinda does now, except really leadenly)

    - variable (like - seemingly - every other image operation with CFIMAGE)

    * The CAPTCHA functionality is only exposed via a tag: there is no functional equivalent.

    I don't think there's anything that isn't obvious there, and one wouldn't have expected in a v1.0 implementation of this.  Oh well.

    I had a mess around with your situation, and on a whim, put CFSILENT tags around the CFIMAGE call.  That prevented it from squirting the unsolicited IMG tag down to the browser, whilst still writing the file to the file system.  This is what you want, yes?

    --

    Adam

    2 replies

    A
    Adam Cameron.Correct answer
    Inspiring
    February 4, 2011

    I think you've encountered a significant short-coming in the implementation of how CF implements the generation with captcha images.  Here are the problems with the implementation as I see it:

    * There should be three - mutually exclusive - "destinations" for the image:

    - file system (what you want)

    - screen (what it kinda does now, except really leadenly)

    - variable (like - seemingly - every other image operation with CFIMAGE)

    * The CAPTCHA functionality is only exposed via a tag: there is no functional equivalent.

    I don't think there's anything that isn't obvious there, and one wouldn't have expected in a v1.0 implementation of this.  Oh well.

    I had a mess around with your situation, and on a whim, put CFSILENT tags around the CFIMAGE call.  That prevented it from squirting the unsolicited IMG tag down to the browser, whilst still writing the file to the file system.  This is what you want, yes?

    --

    Adam

    A
    Adam Cameron.
    Inspiring
    February 4, 2011

    * There should be three - mutually exclusive - "destinations" for the image:

    - file system (what you want)

    - screen (what it kinda does now, except really leadenly)

    - variable (like - seemingly - every other image operation with CFIMAGE)

    * The CAPTCHA functionality is only exposed via a tag: there is no functional equivalent.

    I've raised these concerns with Adobe:

    http://cfbugs.adobe.com/cfbugreport/flexbugui/cfbugtracker/main.html#bugId=86192

    --

    Adam

    RLS
    RLSAuthor
    Inspiring
    February 4, 2011

    Thank you, tclaremont and Adam!  Adam, I have not tried the cfsilent yet, but I will shortly. I marked yours as the answer - you tested it and I'll take your word for it. 

    I hope this posting helps someone else with this problem, and I surely hope that Adobe makes that seemingly insignificant change that can help us all combat those jerks - spammers.  I know when I put captcha on a form, the spamming goes away instantly.

    Thank you all for your help!

    RLS

    tclaremont
    tclaremont
    Inspiring
    February 3, 2011

    I gave up on CAPTCHA and just put a form field asking for the answer to "2+2".

    If the user enters 4, process the form. If they enter anything else, stop the process.

    No bot spam since that day. Another case where the simplest solution is best.

    M
    mack_
    Participating Frequently
    February 4, 2011

    "2+2" is indeed a very simple solution that works for smaller sites

    that get hit with automated spam bots but it doesn't work well for

    sites where the spam-master is willing to put money and time into

    creating a customized spam-poster (in other words when "2+2" is broken

    someone is interested in your site ).

    --

    Mack

    D
    Community Expert
    Dave WattsCommunity Expert
    Community Expert
    February 4, 2011

    If the spammer is willing to spend money and time, a CAPTCHA doesn't guarantee against that either. There are plenty of spammers using free porn on their sites and proxying CAPTCHAs to those sites to get people to do the CAPTCHA for them for free.

    I'd strongly recommend an alternative to CAPTCHA - practically anything. A simple math question, as mentioned, works well - especially if you dynamically generate the values you use, and express them as strings instead of numbers! But CAPTCHAs have all kinds of inherent problems - general usability, accessibility - and they're just a bad idea all around.

    For a more formal solution to this problem, checkout CFFORMPROTECT on RIAForge.

    Dave Watts, CTO, Fig Leaf Software

    http://www.figleaf.com/

    http://training.figleaf.com/

    Dave Watts, Eidolon LLC
    Terms & ConditionsAccessibility statement
    Using the community Terms of use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices