0

I am so confused, I want to add some anti-spam security to my upcoming register page but something is really wrong.
Note that my server is Coldfusion MX7 (i can not afford better) and because of that i can not use
cfimage(captcha).

This is what i have:

<cfset strLowerCaseAlpha = "abcdefghijklmnopqrstuvwxyz">
 
<cfset strUpperCaseAlpha = UCase( strLowerCaseAlpha )>

<cfset strNumbers = "0123456789">
 
<cfset strAllValidChars = (
    strLowerCaseAlpha &
    strUpperCaseAlpha &
    strNumbers
    )>
 
<cfset arrPassword = ArrayNew( 1 )>
 
<cfset arrPassword[ 1 ] = Mid(
    strNumbers,
    RandRange( 1, Len( strNumbers ) ),
    1
    )>
 
<cfset arrPassword[ 2 ] = Mid(
    strLowerCaseAlpha,
    RandRange( 1, Len( strLowerCaseAlpha ) ),
    1
    )>
 
<cfset arrPassword[ 3 ] = Mid(
    strUpperCaseAlpha,
    RandRange( 1, Len( strUpperCaseAlpha ) ),
    1
    )>
 
<cfloop
    index="intChar"
    from="#(ArrayLen( arrPassword ) + 1)#"
    to="8"
    step="1">
 
    <cfset arrPassword[ intChar ] = Mid(
        strAllValidChars,
        RandRange( 1, Len( strAllValidChars ) ),
        1
        )>
 
</cfloop>
 
 
<cfset strPassword = ArrayToList(
    arrPassword,
    ""
    )>




<cfif IsDefined("FORM.spamcode")>
    <cfif form.spamcode neq strPassword >
    not equal
    <cfelse>
   finally working
</cfif>
</cfif>



                 <cfif isdefined ("strPassword")>
                 <cfoutput>#strPassword#</cfoutput>
                 </cfif>


<form action="" method="post">
  <label>
    <input type="text" name="spamcode" id="spamcode" />
  </label>
</form>

this is just testing code but it is somehow messed up.
every time when i click on the submit button i get not equal!
I also need to add when i set up strPassword manualy instead of ArrayToList, for example
<cfset strPassword=test413> and then insert in form test413 and compare it everything is fine. You can copy/paste this code to test it. Any ideas please?

2
Contributors
4
Replies
5
Views
8 Years
Discussion Span
Last Post by pirula
0

I am so confused, I want to add some anti-spam security to my upcoming register page but something is really wrong.
Note that my server is Coldfusion MX7 (i can not afford better) and because of that i can not use
cfimage(captcha).

This is what i have:

<cfset strLowerCaseAlpha = "abcdefghijklmnopqrstuvwxyz">
 
<cfset strUpperCaseAlpha = UCase( strLowerCaseAlpha )>

<cfset strNumbers = "0123456789">
 
<cfset strAllValidChars = (
    strLowerCaseAlpha &
    strUpperCaseAlpha &
    strNumbers
    )>
 
<cfset arrPassword = ArrayNew( 1 )>
 
<cfset arrPassword[ 1 ] = Mid(
    strNumbers,
    RandRange( 1, Len( strNumbers ) ),
    1
    )>
 
<cfset arrPassword[ 2 ] = Mid(
    strLowerCaseAlpha,
    RandRange( 1, Len( strLowerCaseAlpha ) ),
    1
    )>
 
<cfset arrPassword[ 3 ] = Mid(
    strUpperCaseAlpha,
    RandRange( 1, Len( strUpperCaseAlpha ) ),
    1
    )>
 
<cfloop
    index="intChar"
    from="#(ArrayLen( arrPassword ) + 1)#"
    to="8"
    step="1">
 
    <cfset arrPassword[ intChar ] = Mid(
        strAllValidChars,
        RandRange( 1, Len( strAllValidChars ) ),
        1
        )>
 
</cfloop>
 
 
<cfset strPassword = ArrayToList(
    arrPassword,
    ""
    )>




<cfif IsDefined("FORM.spamcode")>
    <cfif form.spamcode neq strPassword >
    not equal
    <cfelse>
   finally working
</cfif>
</cfif>



                 <cfif isdefined ("strPassword")>
                 <cfoutput>#strPassword#</cfoutput>
                 </cfif>


<form action="" method="post">
  <label>
    <input type="text" name="spamcode" id="spamcode" />
  </label>
</form>

this is just testing code but it is somehow messed up.
every time when i click on the submit button i get not equal!
I also need to add when i set up strPassword manualy instead of ArrayToList, for example
<cfset strPassword=test413> and then insert in form test413 and compare it everything is fine. You can copy/paste this code to test it. Any ideas please?

I have only had a few minutes to look at the code and the problem I see is that the value in your text field is being compared with the NEW spamcode; not the one that is generated for the page that you entered the text value on.
Try the code below and you will see what I am saying:

<cfif IsDefined("FORM.spamcode")>
    We are comparing <cfoutput>#form.spamcode# with #strPassword# which happens to be the NEW spamcode</cfoutput><br />
    <cfif form.spamcode neq strPassword >
    not equal
    <cfelse>
   finally working
</cfif>
</cfif>
0

In your form declare a hidden type input and set it to 'strPassword' <input type="hidden" name="OldCode" value="<cfoutput>#strPassword#</cfoutput>" /> and then change the comparison <cfif> to <cfif Compare(FORM.spamcode, FORM.OldCode)> Keep in mind though - Hidden type fields are visible when you do a 'View Source' on the page. Therefore sensitive data should not be passed through them.

0

similar idea came to me. i figured out it has something to do with page
refresh. It's perfectly clear now, you explained it well in your first post.
Problem is i still can not make it work. I tried several things with cfifs and cfaborts and somehow, for some reason i didn't succeed. I will keep trying.

i already tried Compare and same! also your code from second post doesn't seem to be working as it supose to. problem still persist.

0

I found a solution for my problem! If you need code please let me know i will post it here.

This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.