Google Captcha answer always true

Question

User2062870280 posted

Hi everybody,

I'm trying to install a captcha from google using classic asp.

I copied and pasted the script from google webpage, the captcha is displayed well.
The problem is that whatever is typed in the captcha field, it's always accepted :-(

Here's the code for the first from :
On top of the asp page I have :

<%
recaptcha_challenge_field = Request("recaptcha_challenge_field")
recaptcha_response_field = Request("recaptcha_response_field")
recaptcha_public_key = "my public key" ' your public key
recaptcha_private_key = "here my private one" ' your private key




' returns the HTML for the widget
function recaptcha_challenge_writer()

recaptcha_challenge_writer = _
"<script type=""text/javascript"">" & _
"var RecaptchaOptions = {" & _
" theme : 'red'," & _
" tabindex : 0" & _
"};" & _
"</script>" & _
"<script type=""text/javascript"" src=""http://www.google.com/recaptcha/api/challenge?k=" & recaptcha_public_key & """></script>" & _
"<noscript>" & _
"<iframe src=""http://www.google.com/recaptcha/api/noscript?k=" & recaptcha_public_key & """ frameborder=""1""></iframe><>" & _
"<textarea name=""recaptcha_challenge_field"" rows=""3"" cols=""40""></textarea>" & _
"<input type=""hidden"" name=""recaptcha_response_field""value=""manual_challenge"">" & _
"</noscript>"

end function


' returns "" if correct, otherwise it returns the error response
function recaptcha_confirm(rechallenge,reresponse)

Dim VarString
VarString = _
"privatekey=" & recaptcha_private_key & _
"&remoteip=" & Request.ServerVariables("REMOTE_ADDR") & _
"&challenge=" & rechallenge & _
"&response=" & reresponse

Dim objXmlHttp
Set objXmlHttp = Server.CreateObject("Msxml2.ServerXMLHTTP")
objXmlHttp.open "POST", "https://www.google.com/recaptcha/api/verify", False
objXmlHttp.setRequestHeader "Content-Type", "application/x-www-form-urlencoded"
objXmlHttp.send VarString

Dim ResponseString
ResponseString = split(objXmlHttp.responseText, vblf)
Set objXmlHttp = Nothing


if ResponseString(0) = "true" then
'They answered correctly
recaptcha_confirm = ""
else
'They answered incorrectly
recaptcha_confirm = ResponseString(1)
end if

end function

server_response = ""
newCaptcha = True
if (recaptcha_challenge_field <> "" or recaptcha_response_field <> "") then
server_response = recaptcha_confirm(recaptcha_challenge_field, recaptcha_response_field)
newCaptcha = False
end if

%>


To display the captcha above my send button, here's what I have :
<%=recaptcha_challenge_writer()%>

Now, for the second asp page, checking if the captcha has been answered well, here's my code

if server_response <> "" or newCaptcha then
Erreur="oui"
else
Erreur="non"
end if

Whatever I write in the captcha, it always returns Erreur="non"

Thanks in advance for your help

Answer 1

User753101303 posted

Hi,

Basic debugging. Which actual values are found in server_reponse and newCaptcha and start from that... It could be that ResponseString(0) is never true maybe because the http request returned something about incorrect parameters or whatever etc... If it is expected to return "true" or "false" check for those values and do throw an error otherwise (to get alerted ASAP about the issue).

This way you'll be sure that some unexpected situation would not be silently ignored (and here maybe that the test would just always pass regarless of what is entered).

Answer 2

User2062870280 posted

I've tried displaying the value of server_response and newCaptcha and they're all empty, whether I put something in the captcha field or not.

Any idea where that leads ?

Apparently the problem would be in the code of the first page, but where ?

Answer 3

User753101303 posted

My first thought was actually a problem in how you think "ASP Classic" works and newCaptcha being empty seems to confirm this.

So it seems you are really checking for this on a first page that seems to POST to the same page and set Server_response and newCaptch which as this point might be good. Then you go to a new page and it seems you are checking the same variable names but keep in mind that this is another page (and even if the same page you start from scratch each time).

So my understanding would be that the server_response and newCaptcha variables you are testing in the second page have nothing to do with the variable you previously defined in the previous page. You would need either to pass this value along.

Or a better architecture could be to just stay on the same page and to the intended job if the captcha is validated at postback time.

If this is a new app I would suggest to switch to ASP.NET ("ASP Classic" is really old and you'll have better support). In particular "web pages" is quite similar if you don't want to use a full Framework such as Web Forms or MVC.