locked
Google Captcha answer always true RRS feed

  • Question

  • User2062870280 posted

    Hi everybody,

    I'm trying to install a captcha from google using classic asp.

    I copied and pasted the script from google webpage, the captcha is displayed well.
    The problem is that whatever is typed in the captcha field, it's always accepted :-(


    Here's the code for the first from :
    On top of the asp page I have :

    <%
    recaptcha_challenge_field = Request("recaptcha_challenge_field")
    recaptcha_response_field = Request("recaptcha_response_field")
    recaptcha_public_key = "my public key" ' your public key
    recaptcha_private_key = "here my private one" ' your private key




    ' returns the HTML for the widget
    function recaptcha_challenge_writer()

    recaptcha_challenge_writer = _
    "<script type=""text/javascript"">" & _
    "var RecaptchaOptions = {" & _
    " theme : 'red'," & _
    " tabindex : 0" & _
    "};" & _
    "</script>" & _
    "<script type=""text/javascript"" src=""http://www.google.com/recaptcha/api/challenge?k=" & recaptcha_public_key & """></script>" & _
    "<noscript>" & _
    "<iframe src=""http://www.google.com/recaptcha/api/noscript?k=" & recaptcha_public_key & """ frameborder=""1""></iframe><>" & _
    "<textarea name=""recaptcha_challenge_field"" rows=""3"" cols=""40""></textarea>" & _
    "<input type=""hidden"" name=""recaptcha_response_field""value=""manual_challenge"">" & _
    "</noscript>"

    end function


    ' returns "" if correct, otherwise it returns the error response
    function recaptcha_confirm(rechallenge,reresponse)

    Dim VarString
    VarString = _
    "privatekey=" & recaptcha_private_key & _
    "&remoteip=" & Request.ServerVariables("REMOTE_ADDR") & _
    "&challenge=" & rechallenge & _
    "&response=" & reresponse

    Dim objXmlHttp
    Set objXmlHttp = Server.CreateObject("Msxml2.ServerXMLHTTP")
    objXmlHttp.open "POST", "https://www.google.com/recaptcha/api/verify", False
    objXmlHttp.setRequestHeader "Content-Type", "application/x-www-form-urlencoded"
    objXmlHttp.send VarString

    Dim ResponseString
    ResponseString = split(objXmlHttp.responseText, vblf)
    Set objXmlHttp = Nothing


    if ResponseString(0) = "true" then
    'They answered correctly
    recaptcha_confirm = ""
    else
    'They answered incorrectly
    recaptcha_confirm = ResponseString(1)
    end if

    end function

    server_response = ""
    newCaptcha = True
    if (recaptcha_challenge_field <> "" or recaptcha_response_field <> "") then
    server_response = recaptcha_confirm(recaptcha_challenge_field, recaptcha_response_field)
    newCaptcha = False
    end if

    %>


    To display the captcha above my send button, here's what I have :
    <%=recaptcha_challenge_writer()%>

    Now, for the second asp page, checking if the captcha has been answered well, here's my code

    if server_response <> "" or newCaptcha then
    Erreur="oui"
    else
    Erreur="non"
    end if


    Whatever I write in the captcha, it always returns Erreur="non"

    Thanks in advance for your help

    Wednesday, June 17, 2015 12:07 PM

Answers

  • User753101303 posted

    My first thought was actually a problem in how you think "ASP Classic" works and newCaptcha being empty seems to confirm this.

    So it seems you are really checking for this on a first page that seems to POST to the same page and set Server_response and newCaptch which as this point might be good. Then you go to a new page and it seems you are checking the same variable names but keep in mind that this is another page (and even if the same page you start from scratch each time).

    So my understanding would be that the server_response and newCaptcha variables you are testing in the second page have nothing to do with the variable you previously defined in the previous page. You would need either to pass this value along.

    Or a better architecture could be to just stay on the same page and to the intended job if the captcha is validated at postback time.

    If this is a new app I would suggest to switch to ASP.NET ("ASP Classic" is really old and you'll have better support). In particular "web pages" is quite similar if you don't want to use a full Framework such as Web Forms or MVC.

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Thursday, June 18, 2015 4:42 AM

All replies

  • User753101303 posted

    Hi,

    Basic debugging. Which actual values are found in server_reponse and newCaptcha and start from that... It could be that ResponseString(0) is never true maybe because the http request returned something about incorrect parameters or whatever etc... If it is expected to return "true" or "false" check for those values and do throw an error otherwise (to get alerted ASAP about the issue).

    This way you'll be sure that some unexpected situation would not be silently ignored (and here maybe that the test would just always pass regarless of what is entered).

    Wednesday, June 17, 2015 12:26 PM
  • User2062870280 posted

    I've tried displaying the value of server_response and newCaptcha and they're all empty, whether I put something in the captcha field or not.

    Any idea where that leads ?

    Apparently the problem would be in the code of the first page, but where ?

    Wednesday, June 17, 2015 6:55 PM
  • User753101303 posted

    My first thought was actually a problem in how you think "ASP Classic" works and newCaptcha being empty seems to confirm this.

    So it seems you are really checking for this on a first page that seems to POST to the same page and set Server_response and newCaptch which as this point might be good. Then you go to a new page and it seems you are checking the same variable names but keep in mind that this is another page (and even if the same page you start from scratch each time).

    So my understanding would be that the server_response and newCaptcha variables you are testing in the second page have nothing to do with the variable you previously defined in the previous page. You would need either to pass this value along.

    Or a better architecture could be to just stay on the same page and to the intended job if the captcha is validated at postback time.

    If this is a new app I would suggest to switch to ASP.NET ("ASP Classic" is really old and you'll have better support). In particular "web pages" is quite similar if you don't want to use a full Framework such as Web Forms or MVC.

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Thursday, June 18, 2015 4:42 AM