Howdy all.ããI'm attempting to add reCaptcha to my newuser.ssjs/inc files. Of course I canãPOST when I hit submit. ããBut I need to submit to the reCaptcha website first to get the true or falseãreply whether the user response was correct.ããHas anyone managed to do this? Or is there a better way, like SESSIONãvariables for creating personal captcha questions? I haven't been able toãfind "session variables" to make captcha easier.ããThanks in advance for any help.ããNoisomeãã---ã þ Synchronet þ Digital 52 BBS - digital52.comã

Re: Attempting to add reCaptchaã By: Noisome to All on Thu Apr 11 2013 14:31:57ãã No> Has anyone managed to do this? Or is there a better way, like SESSIONã No> variables for creating personal captcha questions? I haven't been able toã No> find "session variables" to make captcha easier.ããWe don't have session variables in our SSJS environment, but there are alwaysãtricks you can play using temporary files and such. Not an ideal solution, butãa readily-available one.ããI wrote my own captcha for Synchronet a few years ago, but it was an earlyãeffort and is not all that good. Glancing at the code now I can see that Iãmade some poor choices, and it should be replaced by somethingãnewer-better-safer. That said, it should take some OCR or a lengthyãbrute-force effort to get past it, and I've yet to see any bot signups on myãBBS. You can find it on the CVS at web/lib/captchaLib.ssjs, with supportingãfiles in web/lib/captchaAnsis/. It's meant to use per-letter .asc and .ansãfiles to generate the captcha "image", though right now there are just someãfiglet-generated .asc files. A few small changes would need to be made for itãto work with the stock web interface; I can give further info if you happen toãwant to use it. I'll probably rewrite it in the near future.ããechickenãelectronic chicken bbs - bbs.electronicchicken.com - 416-273-7230ãã---ã þ Synchronet þ electronic chicken bbs - bbs.electronicchicken.comã

I wrote my own captcha for Synchronet a few years ago, ã > ã > echickenããI did see that one and was going to use it, but then thought about reCaptchaãand trying to add that solution. I'm not too savvy on SSJS (still learning)ãand didn't see any session variable info in the documentation, so figured Iãmissed something. Apparently not. :)ããI could incorporate part of PHP scripting in there, but it'll be a non-ãtransferable solution.ããI did see another idea that I could use for reCaptcha though last night.ããhttp://bestservedcold.com/news/embedding-php-in-ssjs-pages/62/ããNot embedding php, but using the idea to POST to the reCaptcha website on theãserver side. I hope it works.ãã---ã þ Synchronet þ Digital 52 BBS - digital52.comã

Re: Re: Attempting to add reCaptchaã By: Noisome to echicken on Fri Apr 12 2013 13:51:28ãã No> Not embedding php, but using the idea to POST to the reCaptcha website onã No> the server side. I hope it works.ããYou can use exec/load/http.js to have your webserver make the HTTP request toãthe reCaptcha API. If you need any info on how to use it, let us know and weãcan post a quick example.ããechickenãelectronic chicken bbs - bbs.electronicchicken.com - 416-273-7230ãã---ã þ Synchronet þ electronic chicken bbs - bbs.electronicchicken.comã

You can use exec/load/http.js to have your webserver make the HTTP requestã > to the reCaptcha API. If you need any info on how to use it, let us knowã > and we can post a quick example.ããPlease if you don't mind. I grepped the web directory for any examples andãdid not see one use the HTTPRequest function. I can probably muck through it,ãbut any direction is better than no direction sometimes.ããThanks for all the help!ãã---ã þ Synchronet þ Digital 52 BBS - digital52.comã

Re: Attempting to add reCaptchaã By: Noisome to All on Thu Apr 11 2013 02:31 pmãã > Howdy all.ãã > I'm attempting to add reCaptcha to my newuser.ssjs/inc files. Of course Iã > can POST when I hit submit. ãã > But I need to submit to the reCaptcha website first to get the true orã > false reply whether the user response was correct.ãã > Has anyone managed to do this? Or is there a better way, like SESSIONãããone thing you might want to consider is just making the script so it confusesãbots. i've done that with several of my websites.ããpeople HATE capcha.ã---ã þ Synchronet þ ::: BBSES.info - free BBS services :::ã

ã > one thing you might want to consider is just making the script so itã > confuses bots. i've done that with several of my websites.ã > ã > people HATE capcha.ãããI do plan on incorporating confusing forms and a few other tricks, but I amã*hoping* that I will soon receive a few people to my site to log in. Withãsome of these people will come the jerks, especially the ones that alreadyãdislike me. ;-) I'd rather make it a tad more annoying than too easy.ããI host game servers and the information will soon be posted to visit myãwebsite. Now this may come as a concern as some will say Synch isn't cut outãfor that many connections, or why not just use apache/lighttpd/etc and php webãforum, etc. ããI'm just having fun, and that's what this is really about in the end.ãã---ã þ Synchronet þ Digital 52 BBS - digital52.comã

Re: Attempting to add reCaptchaã By: Noisome to Mro on Sat Apr 13 2013 10:03 amãã > I host game servers and the information will soon be posted to visit myã > website. Now this may come as a concern as some will say Synch isn't cutã > out for that many connections, or why not just use apache/lighttpd/etc andã > php web forum, etc. ãã > I'm just having fun, and that's what this is really about in the end.ããokay but you will see.ããif you are running a web for non bbs content you are better off with apache orãlighthttpd. it can still be fun :Dã---ã þ Synchronet þ ::: BBSES.info - free BBS services :::ã

ã > if you are running a web for non bbs content you are better off with apacheã > or lighthttpd. it can still be fun :DããOh I have other content running on apache on other good hardware and OS. Butãthis is 100% for fun and not for anything other than that. I'd ratherã"drudge" through this and learn something (limitations being one of the thingsãI want to reach) than repeat the same things I have done too many timesãbefore.ããBut anyway, http.js, any example on the best usage? :)ãã---ã þ Synchronet þ Digital 52 BBS - digital52.comã

one thing you might want to consider is just making the script so itã > confuses bots. i've done that with several of my websites.ã > ã > people HATE capcha.ããTotally agree with this. On sites where I'm getting contact form spam I'veãstarted doing this, with a 100% success rate in blocking spam (and presumablyãa 0% rate of blocking non-spam, but even if it's > 0%, it's only going toãblock people running browsers that don't support CSS, and that can't readãsimple instructions, so no great loss...):ãã- Add txtUrl input boxã- Add label saying "leave this box blank or I will ignore your message"ã- Add CSS to hide both input and labelã- When form is submitted, prepend POSSIBLE_CONTACT_SPAM to subject line if anãUrl was enteredã- Setup mail filter to file away messages with that stringããLike I said works great, and doesn't annoy anybody. It's obviously easilyãcircumvented, but until it is, I'm not going to worry about CAPTCHAs.ãã---ã þ Synchronet þ fTelnet and GameSrv Support BBS -=- http://bbs.ftelnet.caã

Re: Re: Attempting to add reCaptchaã By: Noisome to Mro on Sat Apr 13 2013 12:49:58ãã No> But anyway, http.js, any example on the best usage? :)ããHere's a basic example showing a couple of uses of HTTPRequest.Get andãHTTPRequest.Post:ãã// Load the HTTP request libraryãload("http.js");ãvar response;ãvar http;ãã// Create HTTPRequest object 'http'ãhttp = new HTTPRequest();ãã// Make a GET request, print the responseãresponse = http.Get("http://bbs.electronicchicken.com/test.xjs");ãprint(response);ãã// Make a GET request with arguments in the query string, print the responseãresponse = http.Get(ã "http://bbs.electronicchicken.com/test.xjs?argument1=lol&argument2=dongs"ã);ãprint(response);ãã// Make a POST request, print the responseãresponse = http.Post(ã "http://bbs.electronicchicken.com/test.xjs",ã "&argument1=lol&argument2=dongs"ã);ãprint(response);ãã// End of exampleããIf you want to get a bit fancy, you can wrap your .Get and .Post requests inãtry ... catch blocks so that any errors that are encountered don't get shown toãyour users:ããtry {ã response = http.Get("http://this.will.not.work");ã print(response);ã} catch(err) {ã log("There was an error: " + err);ã}ããOtherwise if the HTTP request fails for any reason, an error will be barfed outãonto your page.ããechickenãelectronic chicken bbs - bbs.electronicchicken.com - 416-273-7230ãã---ã þ Synchronet þ electronic chicken bbs - bbs.electronicchicken.comã

But anyway, http.js, any example on the best usage? :)ã > ã > Here's a basic example showing a couple of uses of HTTPRequest.Get andã > HTTPRequest.Post:ããPerfect example! Thanks a great deal.ãã---ã þ Synchronet þ Digital 52 BBS - digital52.comã

Like I said works great, and doesn't annoy anybody. It's obviously easilyã > circumvented, but until it is, I'm not going to worry about CAPTCHAs.ããWell that's kinda the point I was trying to avoid altogether, the "easilyãcircumvented" part. I will have annoying people joining soon, maybe, and outãof them will be *some* jerk. ãã-hears a whisper, that's why you choose different, proven software :)-ããOne main precaution though is that DOVE-net will be protected from the spamãartists. It will require special requests to access write capabilities forãany user to DOVE-net.ããMy whole attempt is to merge olde sk00l with new skule in the most unl33t wayãpossible.ããThanks to da tuna with legs I'm much closer now :Dãã---ã þ Synchronet þ Digital 52 BBS - digital52.comã