Johann included a copy of Emir Tuzul’s free, but never incorporated it into simpleblog. I looked at how the code works and how Johann implemented comments, and I have successfully added CAPTCHA verification to the comments system. Since doing so a few days ago, not a single spam comment has been left. If you are interested, this is how to do it.
Since Johann included version 2 of the CAPTCHA code page, you do not need to download anything, but you can opt to use version 3 beta 1, which uses more character obfuscation to make it harder for bots to determine the characters in the image.
Edit functions.asp to add the following code to the end of the file, which is the verification function:
<% Function CheckCAPTCHA(valCAPTCHA) SessionCAPTCHA = Trim(Session("CAPTCHA")) Session("CAPTCHA") = vbNullString If Len(SessionCAPTCHA) < 1 Then CheckCAPTCHA = False Exit Function End if If CStr(SessionCAPTCHA) = CStr(valCAPTCHA) Then CheckCAPTCHA = True Else CheckCAPTCHA = False End if End Function %>
Add the following code to functions.asp in the CommentsGet subroutine, which for me starts at line 351. It may be different for you since I think I have added other code higher in the file. This adds the actual CAPTCHA image to the comments form. You will add this code after the call for GetEmoticons and the line break, which for me means inserting this at line 454:
Type the characters shown in the image for verification. <img src="captcha.asp" alt="" width="86" height="21" /> <input name="strCAPTCHA" type="text" id="strCAPTCHA" maxlength="8" /></td>
At line 481 (after the declaration of the str_userIP variable), insert this, which puts the characters entered into the form in a variable:
strCAPTCHA = Trim(Request.Form("strCAPTCHA"))
You’re done! Save functions.asp and then go add a comment to one of your posts. Intentionally enter incorrect characters to confirm the popup works and that the comment did not get added. The only thing missing from this is that it doesn’t preserve the comment in the session. This means that if a real person incorrectly enters the code, when returned to the post to try and enter another code, the actual comment data will have to be entered again. Name, email, and URL don’t have to because they are stored in a cookie on the client. Perhaps I will add that at a later time.