Soren Winslow Soren Winslow
Bot Blocker Form Submit Validator
Unfortunately, nowadays there are a lot of bots online that look for forms, attempt to figure out what form fields are for what and attempt to submit the forms. So, as you may have noticed a lot of web sites are starting implement a graphic code for a human user to input into the form. These codes are made to inhibit a bot from automatically submitting form data, thus validating that the user inputting the form is human and is a human that genuinely wants to submit the form for what ever reason.
Most of those validation codes are graphics. The code below is not a graphic, but is encoded enough that only a human could enter the code into the form. What it does is randomly pick six characters that are either numbers or letters that will be either upper case or lower case. Each character, through a formula, will be encrypted and reversed to display a different character than what will be processed. There is a hidden form field that will contain another validation code as well, but it will be a different value than what the user will be asked to input.
So, instead of messing around with creating a graphic for each number and letter, or creating a bunch of other graphics, this will generate a completely new and unique string each time. Plus to top it off, there is a JavaScript function that will keep a person from attempting to copy and paste the validation string into the validation field. This should be enough to black bots from spamming an email or guestbook from or posting to a blog.
One other cool thing about this code is that it is easy to modify whenever you feel like changing the algorithm. For example, the sample code I provide and the running example are two slightly different formulas. Whatever you do to produce the validation code, just do the opposite to check it.

Here is what it looks like (Go ahead and give it a try):
Input this value: PHbjbV      

Here is the ASP code for this script:


  ValidChrs = ""

  ChkValid = ""

  IsErr = False

  'Turn on random

Randomize Timer

'Create a six character validation code

'of only letters and numbers

For x = 0 to 5

  'Lowest number is 48, Highest number is 122

  RndNum = Int(Rnd * 74) + 48

  GetNum = True

  'Eliminate punctuation and characters

  If RndNum >57 AND RndNum < 65 Then

     x = x - 1

     GetNum = False

  End if

  'Eliminate more punctuation and characters

  If RndNum > 90 AND RndNum < 97 Then

     x = x - 1

     GetNum = False

  End if

  If GetNum = True Then

     ValidChrs = ValidChrs & chr(RndNum)

     ' Add 42 to each number just to throw off the viewed numbers.

     RndNum = RndNum + 42

     'Hex the number

     RndNum = Hex(RndNum)

     While Len(RndNum) < 2

         RndNum = "0" & CStr(RndNum)


    ' Reverse the order of the charcters

     ChkValid = RndNum & " " &  ChkValid

  End If


ChkValid = Replace(ChkValid," ","")

If Request("DoStuff") = "Check Code" Then

 V = Request("V")

 CV = Request("CV")

 If Len(Trim(V)) <> 6 Then

    IsErr = True


   'Unreverse checking string

   For x = 6 to 1 step -1

      'Get hex number

      TheChr = Mid(CV,(x*2)-1,2)

      'convert hex number back to integer

      TheChr = Cint("&H" & TheChr)

      'subtract 42

      TheChr = TheChr - 42

      'Generate VB escape character

      TheChr = Chr(TheChr)

      'Get input character

      CVChr = Mid(V,Len(V)-(x-1),1)


      If CVChr <> TheChr Then

         IsErr = True

      End If


 End If

  If IsErr = True Then

     Response.Write "<b>The validation code you entered is not correct</b><br />"


     Response.Write "You entered a correct validation code.<br />"

  End If

End If


<form name="Validator" method="post" action="<%=Request.ServerVariables("URL")%>">

<input type="hidden" name="CV" value="<%=ChkValid%>">

Input this value:

<span id="ValidChrs"><i><%=ValidChrs%></i></span>

  <input type="text" name="V" class="reg" size="5" value="" maxlength="6">

  <input type="submit" name="DoStuff" value="Check Code">


<script language="JavaScript">

  window.onload = function()


    var element = document.getElementById('ValidChrs');

    element.onselectstart = function () { return false; } // ie

    element.onmousedown = function () { return false; } // mozilla




© 1967 - 2017 Soren Winslow