captcha for domino web forms - security image generator


IBM Notes and Domino: Tips & Tricks

CAPTCHA for Domino web forms - Security Image Generator
May 6, 2010

By Lance Zakin, PCLP
Enterprise Architect
Software Engineer
IBM BP NotesMail
This article instructs Domino Developers how to add a CAPTCHA to a Domino web form. Domino web applications running on the public internet are susceptible to spam data submission especially if the web form validation relies soley on JavaScript and the web site is not SSL enabled.

Example: CAPTCHA - Security Image Generator

Security Code: Type each of the letters and numbers below.

Domino Developer Instructions
1. Type a message at the bottom of the web form where you would like the security image to appear. i.e. "Security Code: Type each of the letters and numbers below."

2. Create a field named txt_SubmitCodeImages with Type attributes: Text, Computed when Composed, Allow multiple values
Copy/Paste the formula code in attachment below as the field value. NOTE: The 2 variable values at the top of the formula code can be changed to specify the minimum and maximum images to display (supports 1 to 21 images).

CAPTCHA - Code1.txt.zip

3. Create a user input field named txt_SubmitCodeInput below the field in step 2 with Type attributes: Text, Editable

4. Create a field named txt_SubmitCodeRndNumList below the field in step 3 with Type attributes: Number, Editable, Allow multiple values
Add the Help Description as seen below to the Field property box. Add Default Value: txt_SubmitCodeRndNumList

5. Create a field named txt_SubmitCodeAnswer adjacent to the field in step 4 with Type attributes: Text, Editable
Add the Help Description as seen above to the Field property box. Copy/Paste the formula code in attachment below as the field value.

CAPTCHA - Code2.txt.zipCAPTCHA - Code2.txt.zip

6. Create or edit the reserved field $$Return at the bottom of the web form with Type attributes: Text, Comptuer for Display
Copy/Paste the formula code in the example below as the field value and modify the code as necessary. The boolean expression in pink below determines if the web user typed the correct security image. If the boolean expresion is True, then the user typed the correct security image and the SaveOptions reserved field value must be assigned "1" as seen below in green.

REM "Coded by Lance Zakin - www.notesmail.com";
WebDBName := @ReplaceSubstring(@ReplaceSubstring(@Subset(@DbName; -1); " "; "+" ); "\\"; "/" );
@If(@UpperCase(txt_SubmitCodeInput) = txt_SubmitCodeAnswer; ""; @Return("[/" + WebDBName + "/MyForm?OpenForm]"));
FIELD SaveOptions := "1";
"[/" + WebDBName + "/MyView?OpenView]"

7. Create the reserved field named SaveOptions adjacent to the field in step 6 with Type attributes: Text, Computed when Composed
Hide the field from web browsers, and add the following as the field value: "0"

.