Use ReCAPTCHA with FormMail
You need four things to begin
A backup of your form and current FormMail scripts.
A copy of FormMail which you download here - you need to unzip and edit it later.
You need a PUBLIC and PRIVATE key from Google for the ReCAPTCHA service here
A form that you can add the ReCAPTCHA code to. We will assume you already have a working form - if you dont get a programmer to do this and the ReCAPCHA for you
STEP ONE - Get your form working
Get the form working with your provider WITHOUT the reCAPTCHAcode. Once this is done you proceed to Step Two
For FASTHOSTS the more modern scrpts MUST be amended in probably three locations. The company rightly tries to prevent spam, but this also blocks the "vanilla" form from working so here is the fix
Find the line that says
$mailprog = '/usr/lib/sendmail -i -t
and change it to
$mailprog = '/usr/sbin/sendmail -oi -t -fME\@MYDOMAIN.COM';
where ME@MYDOMAIN.COM is your email address. With Fasthosts this needs to be on their service (NOTE THE USE OF THE -f switch just before the email address.) DO not use upper-case letters, thats just us showing you what needs changing!
NEXT
Find the line that says
@referers = ('scriptarchive.com','72.52.156.109');
and change it to
@referers = ('MYDOMAIN.COM');
where MYDOMAIN.COM is your domain name. Do not use upper-case letters, thats just us showing you what needs changing!
NEXT
Find the line that says
@recipients = &fill_recipients(@referers);
and change it to
@recipients = ('^ME\@MYDOMAIN\.COM');
Again Do not use upper-case letters, thats just us showing you what needs changing!
Now upload to the Fasthosts server and see if it works. (it should so long as the recipient email is on the service and your form is correctly set up.)
THATS ALL YOU NEED TO DO TO RUN A TEST BEFORE EDITING THE SCRIPT FOR ReCAPTCHA
STEP 2 - Editing the FORMMAIL.PL file for DeCAPTCHA
Google provides all the info you need for doing this HERE but here are a few pointers :-
First You need to add your PUBLIC KEY to the FORM
Then Add your PRIVATE KEY to the FormMail Script.
Here is the FORM CODE (you add this inside the pre-existing FORM tags where you want the ReCAPCHA to appear on your web page) Note that you replace the red bit with YOUR PUBLIC Key from the Google sign-up
<script type="text/javascript"
src="http://www.google.com/recaptcha/api/challenge?k=your_public_key">
</script>
<noscript>
<iframe src="http://www.google.com/recaptcha/api/noscript?k=your_public_key"
height="300" width="500" frameborder="0"></iframe>
<textarea name="recaptcha_challenge_field" rows="3" cols="40">
</textarea>
<input type="hidden" name="recaptcha_response_field"
value="manual_challenge">
</noscript>
SO far so good ...
Now open up the Form Mail Script in an editor (Notepad or Simpletext etc)
And add the "LWP" Module - this is usually already included on modern Perl Packages. - note that the PLUS SIGN (+) denotes an addition to the code; the other "stuff" will already be there
# ACCESS CONTROL FIX: Peter D. Thompson Yezek #
# http://www.securityfocus.com/archive/1/62033 #
##############################################################################
+use LWP::UserAgent;
+
Now add the CHECK routine - note that the PLUS SIGN (+) denotes an addition to the code; the other "stuff" will already be there
# Check Required Fields
&check_required;
+# Check the captcha challenge and response.
+&check_captcha;
+
# Send E-Mail
&send_mail;
# Return HTML Page or Redirect User
&return_html;
Now add your PRIVATE KEY to the FormMail Script as follows - note that the PLUS SIGN (+) denotes an addition to the code so basically you add all this stuff below until you get to the #NOTE rev etc etc bit at the bottom which is already in the script. Note that you replace the red bit with YOUR PRIVATE Key from the Google sign-up
+##############################################################################
+# Check the CAPTCHA response via the reCAPTCHA service.
+sub check_captcha {
+
+ my $ua = LWP::UserAgent->new();
+ my $result=$ua->post(
+ 'http://www.google.com/recaptcha/api/verify',
+ {
+ privatekey => 'your_private_key',
+ remoteip => $ENV{'REMOTE_ADDR'},
+ challenge => $Form{'recaptcha_challenge_field'},
+ response => $Form{'recaptcha_response_field'}
+ });
+
+ if ( $result->is_success && $result->content =~ /^true/) {
+ return;
+ } else {
+ &error('captcha_failed');
+ }
+}
+
# NOTE rev1.91: This function is no longer intended to stop abuse, that #
# functionality is now embedded in the checks made on @recipients and the #
# recipient form field. #
Finally edit this tricky bit below. Note again that the PLUS SIGN (+) denotes an addition to the code BUT ALSO a Minus sign (-) means DELETE this code line. The dots at the beginnng of lines represent an unnown number of lines with HTML code so skip to the next place you see </html> and continue reding from there.
if ($Config{'missing_fields_redirect'}) {
print "Location: " . &clean_html($Config{'missing_fields_redirect'}) . "\n\n";
}
+ }
+ elsif ($error eq 'captcha_failed') {
+ print <<"(END ERROR HTML)";
+Content-type: text/html
+
+<html>
+ <head>
+ <title>Error: Captcha Check Failed</title>
+ </head>
+ <body bgcolor=#FFFFFF text=#000000>
+ <center>
+ <table border=0 width=600 bgcolor=#9C9C9C>
+ <tr><th><font size=+2>Error: Captcha Check Failed</font></th></tr%gt;
+ </table>
+ <table border=0 width=600 bgcolor=#CFCFCF>
+ <tr><td>The Captcha response of the form you submitted did not match the challenge.
+ Please check the form and make sure that your response matches the challenge in the captcha image.
+ You can use the browser back button to return to the form.
+ </center%gt;
+ </td></tr>
+ </table>
+ </center>
+ </body>
+</html>
+(END ERROR HTML)
+ }
else {
foreach $missing_field (@error_fields) {
$missing_field_list .= "<li>" . &clean_html($missing_field) . "\n";
.
.
.
</html>
(END ERROR HTML)
}
- }
-
exit;
}
Thats it! - Its easy if you go slowly and methodically.
STEP 3 - Upload
Upload both your new form and the new script and be happy with your new ReCAPTCHA enabled form.
If there are any problems or discrepancies; go with what GOOGLE says - they provide the ReCAPTCHA code and may change the instructions or operation form time to time.
LAST EDITED: OCTOBER 2012
Fasthosts
There are spam conditions implemented (quite rightly) by Fasthosts that prevent the normal use of FormMail - the most important of which is the F switch
-f switch, referrers & recipients variables
On the left you will see there are two main steps to getting ReCAPTCHA working. The first step is getting a modern version of FormMail (we used v1.93 from here ). Once this has been edited with the Fasthosts additions on the left, you can start finding the relevant lines of code and inserting the Google reCAPTCHA "stuff"
All queries to Fashosts or Google please!