Raymond Camden's ColdFusion Blog: Quick and dirty CAPTCHA Guide

Quick and dirty CAPTCHA Guide

A reader recently sent me a note saying he was trying to add CAPTCHA to his site. He had been trying to see how I used it in BlogCFC, and was just confused by what he saw. I thought I'd write a quick and simple guide for getting CAPTCHA on a form.

First - let's look at a simple form without CAPTCHA.

view plain print about

<cfparam name="form.name" default="">
<cfparam name="form.email" default="">
<cfparam name="form.comments" default="">
<cfset showForm = true>

<cfif structKeyExists(form, "sendcomments")>
	<cfset error = "">
	<cfif not len(trim(form.name))>
		<cfset error = error & "You must include your name, bozo.<br>">
	</cfif>
	<cfif not len(trim(form.email)) or not isValid("email", form.email)>
		<cfset error = error & "Include a valid email address idiot!<br>">
	</cfif>
	<cfif not len(trim(form.comments))>
		<cfset error = error & "It's called a Comment Form, stupid.<br>">
	</cfif>
	<cfif error is "">
		<cfmail to="foo@foo.com" from="#form.email#" subject="Pointless comments from the public" wraptext="75">
From: #form.name# (#form.email#)
Comments:
#form.comments#
		</cfmail>
		<cfset showForm = false>
	</cfif>
</cfif>
	
<cfif showForm>
	<cfif structKeyExists(variables, "error")>
		<cfoutput>
		<p>
		<b>Please correct these errors:<br>
		#error#
		</b>
		</p>
		</cfoutput>
	</cfif>
	
	<cfoutput>
	<form action="test.cfm" method="post">
	<table>
		<tr>
			<td>Your Name:</td>
			<td><input type="text" name="name" value="#form.name#"></td>
		</tr>
		<tr>
			<td>Your Email:</td>
			<td><input type="text" name="email" value="#form.email#"></td>
		</tr>
		<tr>
			<td>Your Comments:</td>
			<td><textarea name="comments">#form.comments#</textarea></td>
		</tr>
		<tr>
			<td>&nbsp;</td>
			<td><input type="submit" name="sendcomments" value="Send Comments"></td>
		</tr>
	</table>
	</form>
	</cfoutput>
<cfelse>
	<cfoutput>
	<p>
	Thank you for sending your comments, #form.name#.
	</p>
	</cfoutput>
</cfif>

1  <cfparam name="form.name" default="">
2  <cfparam name="form.email" default="">
3  <cfparam name="form.comments" default="">
4  <cfset showForm = true>
5
6  <cfif structKeyExists(form, "sendcomments")>
7      <cfset error = "">
8      <cfif not len(trim(form.name))>
9          <cfset error = error & "You must include your name, bozo.<br>">
10      </cfif>
11      <cfif not len(trim(form.email)) or not isValid("email", form.email)>
12          <cfset error = error & "Include a valid email address idiot!<br>">
13      </cfif>
14      <cfif not len(trim(form.comments))>
15          <cfset error = error & "It's called a Comment Form, stupid.<br>">
16      </cfif>
17      <cfif error is "">
18          <cfmail to="foo@foo.com" from="#form.email#" subject="Pointless comments from the public" wraptext="75">
19  From: #form.name# (#form.email#)
20  Comments:
21  #form.comments#
22          </cfmail>
23          <cfset showForm = false>
24      </cfif>
25  </cfif>
26
27  <cfif showForm>
28      <cfif structKeyExists(variables, "error")>
29          <cfoutput>
30          <p>
31          <b>Please correct these errors:<br>
32          #error#
33          </b>
34          </p>
35          </cfoutput>
36      </cfif>
37
38      <cfoutput>
39      <form action="test.cfm" method="post">
40      <table>
41          <tr>
42              <td>Your Name:</td>
43              <td><input type="text" name="name" value="#form.name#"></td>
44          </tr>
45          <tr>
46              <td>Your Email:</td>
47              <td><input type="text" name="email" value="#form.email#"></td>
48          </tr>
49          <tr>
50              <td>Your Comments:</td>
51              <td><textarea name="comments">#form.comments#</textarea></td>
52          </tr>
53          <tr>
54              <td> </td>
55              <td><input type="submit" name="sendcomments" value="Send Comments"></td>
56          </tr>
57      </table>
58      </form>
59      </cfoutput>
60  <cfelse>
61      <cfoutput>
62      <p>
63      Thank you for sending your comments, #form.name#.
64      </p>
65      </cfoutput>
66  </cfif>

I'm not going to say anything about this code as it's a fairly typical form. This will serve as a base form that we will be adding CAPTCHA too. There are multiple CAPTCHA solutions out there, including the built-in support in BlueDragon and Alagad's CAPTCHA component. For this demo however I'm going to use the same product I used in BlogCFC, Lyla Captcha. This is a free product and is pretty simple to get up and running quickly. Download the product and unzip it to a folder. Any folder will do. Just make sure your application can access it. The first thing we will do in our new form is to create an instance of the CFC:

view plain print about

<cfif not structKeyExists(application, "captcha")>
	<cfset application.captcha = createObject("component", "captchaService").init(configFile="captcha.xml") />
	<cfset application.captcha.setup()>
</cfif>

1  <cfif not structKeyExists(application, "captcha")>
2      <cfset application.captcha = createObject("component", "captchaService").init(configFile="captcha.xml") />
3      <cfset application.captcha.setup()>
4  </cfif>

Lyla Captcha is configured via an XML file. You don't need to touch it immediately though. (Although I'll be pointing to a darn good blog entry about this XML file later on.) Now we need to add the CAPTCHA to the form. I added a new row to my table with this code:

view plain print about

<tr>
	<td>Enter Text Shown in Picture:</td>
	<td>
	<input type="text" name="captcha"><br>
	<!--- Captcha --->
	<cfset captcha = application.captcha.createHashReference()>
	<img src="captcha.cfm?hash=#captcha.hash#">
	<input name="hash" type="hidden" value="#captcha.hash#" />
	</td>
</tr>

1  <tr>
2      <td>Enter Text Shown in Picture:</td>
3      <td>
4      <input type="text" name="captcha"><br>
5      
6      <cfset captcha = application.captcha.createHashReference()>
7      <img src="captcha.cfm?hash=#captcha.hash#">
8      <input name="hash" type="hidden" value="#captcha.hash#" />
9      </td>
10  </tr>

There are a few things going on here. First off - I added a new text field so the user can type in the CAPTCHA text. I then ask Lyla to create a hash reference. This is a long, random string. I pass this to a CFM that will serve up an image. Lastly, I add the hash itself as a hidden form field. Let's leave our form for a second and look at captcha.cfm:

view plain print about

<cfif not structKeyExists(url, "hash")>
	<cfabort>
</cfif>

<cfset variables.captcha = application.captcha.createCaptchaFromHashReference("stream",url.hash) />
<cfcontent type="image/jpg"  variable="#variables.captcha.stream#" reset="false" />

1  <cfif not structKeyExists(url, "hash")>
2      <cfabort>
3  </cfif>
4
5  <cfset variables.captcha = application.captcha.createCaptchaFromHashReference("stream",url.hash) />
6  <cfcontent type="image/jpg" variable="#variables.captcha.stream#" reset="false" />

I do a quick check to ensure the url variable exists, and then I simply use the Lyla Captcha built in functions to get the image data. (You can also store the CAPTCHA as a physical file.) Now let's return back to the form. To validate the CAPTCHA, I simply call one more function in the CFC:

view plain print about

<cfif not application.captcha.validateCaptcha(form.hash, form.captcha)>
	<cfset error = error & "You did not match the image text. Try again with half a brain.<br>">
</cfif>

1  <cfif not application.captcha.validateCaptcha(form.hash, form.captcha)>
2      <cfset error = error & "You did not match the image text. Try again with half a brain.<br>">
3  </cfif>

That's it! Lyla is pretty trivial to use and you can't beat the price. Charlie Arehart also has a blog article on how to simplify the CAPTCHA text a bit - and I definitely recommend following his suggestions: Simplifying the captcha graphic in Lyla Captcha (and BlogCFC) I've included all of my text files in the attachment to this blog entry. test.cfm is the original file and test2.cfm is the file with ~~flare~~CAPTCHA.

This entry was posted on Tuesday, November 14, 2006 at 8:39 AM. It was filed in the following categories: ColdFusion. It has been viewed 11,111 times and has 93 comments. Download attached file.

TweetBacks

Comments

[Add Comment] [Subscribe to Comments]

Comment 1 written by Tom Mollerus on 14 November 2006, at 9:46 AM

Ray,

In the non-quick-and-dirty implementation of a CAPTCHA, do you think there would be any advantage to storing the hash value in SESSION scope? That way you wouldn't have to expose the hash value to the user in the HTML code.

I know that if there's an expiration period to the hash that it's not a big risk in letting the user see it. But I'm curious what you think.
Comment 2 written by Peter J. Farrell on 14 November 2006, at 2:00 PM

Tom,
You can store the hash reference in the session scope if you wish. It does single thread the captcha -- could be a problem if a user has a page open with the captcha and has another tab open and surfs to a page with the cpatcha.

The hash reference is the captcha text + salt (random text that auto-generated) that is hashed. It would be very difficult to break.

Best,
.Peter J. Farrell
LylaCaptcha
Comment 3 written by Tom Mollerus on 14 November 2006, at 2:13 PM

Peter,

I agree that a hash is almost impossible to break, but that's not the danger that I'm considering. I'm supposing that IF a CAPTCHA system doesn't have an expiration for the hash (or if it has an unreasonably long expiration for the hash, such as 30 minutes), that a malicious human user might be able to hand the hash value and the answer text value off to a bot. The bot could then abuse the site until the hash expired. Is that correct, or am I missing something else?

My scenario may not be very likely, but it could be used to spam every blog entry of someone's site in a few minutes. Also, I'm aware that LylaCaptcha does default to expiration of hashes, so please don't consider this a criticism of your software or of anyone else's-- it's more of an academic discussion of what might be possible under a poor CAPTCHA implementation by a site developer.
Comment 4 written by Aaron West on 15 November 2006, at 6:46 AM

One thing to add is that LylaCaptcha does not work in a Linux environment. At least, I *think* this is true. I haven't spent much time on it but I was not able to get LylaCaptcha to work on RedHat.
Comment 5 written by Peter J. Farrell on 15 November 2006, at 10:30 AM

Tom, the hash references don't expire and could potentially be a security hole. Using the session will fix that. Luckily for me, Lyla is still Alpha-ware and I haven't had as much time to work on it as I wish. Been busy with Mach-II, the ColdFusion Weekly Podcast and of course - getting married last month.

Aaron, Lyla will run on Linux. I have it running with CF on CentOS 3 (which is the Open Source version of RHEL3). You must be missing one of the optional packages for RH like x11-deprecated-libs which has the fonts etc. Does your cfcharting work? Also, are you running the RH machine as headless? I've gotten reports on Lyla running on headless machine, but it has to be properly configured.
Comment 6 written by Shaji on 19 November 2006, at 8:25 PM

Aaron,

LylaCaptcha does work on RedHat Linux environment without issue. I am sure that it is permission issue on RedHat Linux. Your name is familiar to me and I think your site is at web hosting provider where I am working. Drop email at support department with subject "Atten Shaji: Captcha issue". I am happy to look on it for you.
Comment 7 written by sarah on 30 November 2006, at 2:49 PM

Hi, I hope this isn't too dumb a question, but where is the test2.cfm file you refer to as an attachment?
Comment 8 written by Raymond Camden on 30 November 2006, at 2:54 PM

It is in the download.
Comment 9 written by Mike M on 1 December 2006, at 2:09 PM

The test.cfm was not included in the zip I downloaded either. Perhaps it was missed when creating the archive?

Uncompressed folder: 76799 bytes contained:
captcha.xml 7k
captchaService.cfc 38k
captchaServiceConfigBean.cfc 22k
lylaCaptchaLicense.txt 11k
Comment 10 written by Raymond Camden on 1 December 2006, at 3:27 PM

So to be clear - you are clicking the word "Download" on my blog entry. It is right above the Savvy ad. I just clicked it again and the zip had the right files in it.
Comment 11 written by Farrah Omar on 8 January 2007, at 9:21 AM

Hi,

It is actually a question and not a comment but I only see a broken image in test2.cfm. I am using ColdFusion MX 6.1. Any help is appreciated.
Thank you
Comment 12 written by Raymond Camden on 8 January 2007, at 8:53 PM

try right clicking and viewing the image by itself and see if you see an error.
Comment 13 written by Farrah on 10 January 2007, at 8:40 AM

I copied the image location and opened it in another tab and this is the error I got:

Attribute validation error for tag CFCONTENT.
The tag does not allow the attribute(s) VARIABLE. The valid attribute(s) are DELETEFILE,FILE,RESET,TYPE.

The error occurred in D:\Inetpub\wwwroot\library\farrah\lyla\captcha.cfm: line 6

4 :
5 : <cfset variables.captcha = application.captcha.createCaptchaFromHashReference("file",url.hash) />
6 : <cfcontent type="image/jpg" variable="#variables.captcha.fileLocation#" reset="false" />
Comment 14 written by Raymond Camden on 10 January 2007, at 10:47 AM

Ah, variable was added in cf7. Hmmm. try removing the variable and just cfoutput it after the cfcontent tag. I can't test right now but that may work.
Comment 15 written by Franco on 6 February 2007, at 10:30 PM

I added your first script before my form and got this error message: Before application variables can be used, the application state management system must be enabled using the CFAPPLICATION tag. What am I missing here? Thanks.
Comment 16 written by Raymond Camden on 7 February 2007, at 5:09 AM

Well the error message tells you exactly what you need - a cfapplication tag. Just add an application.cfm file to the folder with a cfapplication tag in it.
Comment 17 written by Megan on 6 May 2007, at 6:37 AM

Much thanks for the guide - has reminded me (once again) of my own coding limitations and appreciation for people like you ;-) Cheers. M
Comment 18 written by Brett on 16 May 2007, at 6:04 PM

Hello,

I recently made updates to this examples based off the simplification steps found here: http://carehart.org/blog/client/index.cfm/2006/8/1...

However, after making the updates and refreshing I'm not seeing the updates on test2.cfm. Is there a reset tag somewhere, are the settings cached? How can I refresh the settings?

Thanks!
Brett
Comment 19 written by Raymond Camden on 17 May 2007, at 10:43 AM

Yes, you need to hit your blog with ?reinit=1 in the URL.
Comment 20 written by Haseeb Khan on 6 June 2007, at 1:37 PM

Hi All,

Really a very nice post.

Can you please specify that LylaCaptcha works with ColdFusion 6.1 or not? I am facing many issues with that.

I am very new to ColdFusion. It would be great if a step by step guide can be provided for beginners like me.

Any help would be highly appreciated.

Would certainly wait for your replies.

Thanks and Regards,

Haseeb Khan
Comment 21 written by Nita on 12 October 2007, at 3:10 PM

Does this work with mx7. I downloaded the code. I don't see the image and also I get this error:
http://www.naperville-lib.info/captcha.cfm?hash=10...
Element INSTANCE.HASHREFERENCECACHETIMESTAMP is undefined in VARIABLES.

The error occurred in C:\Websites\132648ha2\captchaService.cfc: line 937
Called from C:\Websites\132648ha2\captchaService.cfc: line 680
Called from C:\Websites\132648ha2\captchaService.cfc: line 659
Called from C:\Websites\132648ha2\captchaService.cfc: line 120
Called from C:\Websites\132648ha2\captcha.cfm: line 5

935 :    </cffunction>
936 :    <cffunction name="getHashReferenceCacheTimestamp" access="public" returntype="numeric" output="false">
937 :       <cfreturn variables.instance.hashReferenceCacheTimestamp />
938 :    </cffunction>
939 :

***************

Thanks for the open source code. Hope this work for me as I am tired of receiving spam.
Comment 22 written by Raymond Camden on 15 October 2007, at 11:31 AM

I believe this goes away if you add this to the XML:

<config name="hashValidPeriod" value="1800000"/>
Comment 23 written by N on 15 October 2007, at 2:49 PM

I added the information in xml file along with other configs but still it is giving me the same error.

Where is the hash value coming from for this page?
http://www.naperville-lib.info/captcha.cfm?hash=BE...
Comment 24 written by Raymond Camden on 15 October 2007, at 2:58 PM

Not sure what to suggest. I just tried again with the code, even w/o that XML there, and it worked just fine.
Comment 25 written by Nita on 15 October 2007, at 10:25 PM

I am using cf MX7 and I have all the files listed together in the same directory, is this ok?
Comment 26 written by Nita on 15 October 2007, at 11:19 PM

hello Raymond:
Finally it is working fine on my PC (which acts as test server), after I configured the testing for the folder with the test server. However when I upload to our website the image doesn't get displayed(hosted by hostmysite.com). I am quite new to cf. What do I need to configure on the website server for this to work? Hey it looks like I am getting closer to get this to work, keeping my finger crossed.

Thanks
Comment 27 written by Raymond Camden on 16 October 2007, at 9:02 AM

You probably need to ping HostMySite. You may want to expose the error by right clicking on the broken image and selecting View.
Comment 28 written by Nita on 16 October 2007, at 11:35 AM

This is my site where I am trying to get it work
http://www.naperville-lib.info/captcha/test2.cfm

There is no option to view the image, however I can go to properties and get the error link, which is;
http://www.naperville-lib.info/captcha/captcha.cfm...
Comment 29 written by Raymond Camden on 16 October 2007, at 11:38 AM

At this point I'd suggest pinging the Lyla Project directly. Sorry.
Comment 30 written by Nita on 16 October 2007, at 11:45 AM

Sorry, how do I do that?
Comment 31 written by Raymond Camden on 16 October 2007, at 11:50 AM

I linked to Lyla in the blog entry.
Comment 32 written by Nita on 16 October 2007, at 1:28 PM

the application name says lylademo, should I change this on application.cfm?
Comment 33 written by Raymond Camden on 16 October 2007, at 1:36 PM

It shouldn't matter -b ut try it. But seriously though - I'd contact the Lyla project.
Comment 34 written by Nita on 23 October 2007, at 2:20 PM

Hi Ray:
I just will let you know that after emailing Peter the problem, figured out that I had to download the newer version of Lyla, then it started to display the image.
Comment 35 written by Lynn Burkholder on 14 January 2008, at 3:24 PM

I have downloaded the zip file from your site with all the needed files and tests. However when I make changes to the captcha.xml file, such as alphaUCase, etc. and upload it, there are no changes in the captcha image. What am I doing wrong?
Comment 36 written by Raymond Camden on 14 January 2008, at 3:32 PM

It may be caching on your web server.
Comment 37 written by Lynn Burkholder on 14 January 2008, at 4:06 PM

Sorry, here is the link to my test site.
http://www.flexroofingsystems.com/captcha/test2.cf...

I checked with the hosting service and they cleared the cache and still no changes.

Any other ideas?

Thanks!
Comment 38 written by Raymond Camden on 14 January 2008, at 4:10 PM

Heh, I forgot my own code. Notice this section:

<cfif not structKeyExists(application, "captcha")>
<cfset application.captcha = createObject("component", "captchaService").init(configFile="captcha.xml") />
<cfset application.captcha.setup()>
</cfif>

This caches your settings. Add this to the CFIF

or isDefined("url.init")

Then hit your site with ?init=1 in the URL.
Comment 39 written by Lynn Burkholder on 14 January 2008, at 4:36 PM

Thanks for the prompt response!

So sorry, however, I am hopelessly not a programmer and all I can do is cut and paste what sombody shows me. Would you be so kind as to put that code in the CFIF for me because I don't know where it goes? I can then put it in place and do the new url as you indicated.

Thanks so much!
Comment 40 written by Raymond Camden on 14 January 2008, at 5:33 PM

Try:

<cfif not structKeyExists(application, "captcha") or isDefined("url.init")>
<cfset application.captcha = createObject("component", "captchaService").init(configFile="captcha.xml") />
<cfset application.captcha.setup()>
</cfif>
Comment 41 written by Nita on 15 January 2008, at 10:40 PM

Ask your hosting services to restart service for cfm. Thats what worked for me. Just uploading the file and removing cache did not help much.
Good Luck!
Comment 42 written by Lynn Burkholder on 16 January 2008, at 12:17 PM

Thanks for the syntax. It all seems to be working great now and I am happy!
Comment 43 written by Matt Bogdanovich on 22 January 2008, at 4:51 PM

Thanks for saving me time! Real good job on a simplification.
Comment 44 written by Matt Bogdanovich on 22 January 2008, at 5:33 PM

Hello Ray,

Have you had any problems with this rendering in Firefox and not IE? I am getting the big X like there is no image in IE. Any thoughts?
Comment 45 written by Raymond Camden on 23 January 2008, at 4:28 PM

Hmm. I want to say I have... but I can't remember exactly why. Sorry. YOu can try right clicking on the image and viewing it, and seeing what you get in the browser.
Comment 46 written by Matt Bogdanovich on 23 January 2008, at 5:10 PM

hehe....Your sorry? You just saved me a ton of time. For anyone else that has this problem; it was obvious that the paths were correct because the dynamic information was in the source of the page. I messed with the css and have no idea what I did, but all is great now. Thanks again for the code.
Comment 47 written by Richard Braxton on 25 March 2008, at 3:34 PM

You should know that this page and the LylaCaptcha code is invaluable. I was able to get the captcha up and running in no time!

Thank You!

PS: Be wary of the code contained in the PDF in LylaCaptcha_v1Beta.zip - some variables were not fully qualified - the correct function call begins with the word 'create' - and the order of arguments for one of the functions was reversed. Other than that, Awesome! (And thank you Lyla!)
Comment 48 written by Rose on 25 March 2008, at 6:32 PM

Thank you *so* much for this - I was scratching my head and about to give up because of the Lyla documentation, but your example files helped me get it working within a few minutes.

You're a star!
Comment 49 written by Raymond Camden on 25 March 2008, at 8:20 PM

As just an FYI, I plan on writing an updated guide for CF8.
Comment 50 written by Amit on 29 March 2008, at 7:20 PM

Hi Raymond - This is probably ironic considering in ur last post you talked about writing for CF8. I have a site running on CF5 where I need this implemented but got an error on test2.cfm.

Just in time compilation error
Invalid parser construct found on line 4 at position 74. ColdFusion was looking at the following text:
.
Invalid expression format.

Also on test.cfm i got this:

An error occurred while evaluating the expression:
structKeyExists(variables, "error")
Error near line 28.

I have very little exposure in CF and would greatly appreciate your help. Thanks.
Comment 51 written by Raymond Camden on 29 March 2008, at 7:22 PM

Lyla makes use of CFCs, which aren't available in CF5.
Comment 52 written by amit on 29 March 2008, at 7:37 PM

ouch! ok thanks.

do you know of any other solutions out there which would work with cf5?
Comment 53 written by Raymond Camden on 29 March 2008, at 7:38 PM

Unfortunately no.
Comment 54 written by Daniel Greenfeld on 30 March 2008, at 8:52 AM

The way to get captcha into CF5 is to use a third party service like captchas.net.
Comment 55 written by Raymond Camden on 30 March 2008, at 9:18 AM

The CF8 version: http://www.coldfusionjedi.com/index.cfm/2008/3/29/...
Comment 56 written by Bayliss on 11 April 2008, at 12:18 PM

If you are having problems seeing the image on your live site (but it works fine on your local machine) then
it is important to restart coldfusion - ask your hosts to do it which they will do at their convenience.

(On your local machine the easiest way it to just restart your pc.)

Thanks for the files.

We use it on this site www.medarc-limited.co.uk
Comment 57 written by koko on 20 June 2008, at 4:50 AM

I have downloaded your entire blogcfc52 and I dont see any test.cfm file, could you please give me the link to where it is ?
Comment 58 written by Raymond Camden on 20 June 2008, at 7:38 AM

You need to click the Download link at the bottom of the article text. That will give you lyla.zip which includes all the files.
Comment 59 written by Noel on 30 June 2008, at 4:10 AM

SPAM is forcing me now to start adding Captcha's to all my forms :/
So.. I'm trying the demo (the one with test.cfm and test2.cfm), but when running test2.cfm I keep getting an error in line 3 "Variable application is undefined."
I've unzipped all the files in one directory.
The error is with MX7 running on a Linux server.

Anyone here who might know what could be wrong?
Comment 60 written by Raymond Camden on 30 June 2008, at 6:34 AM

Rename application.cfm to Application.cfm.
Comment 61 written by Noel on 30 June 2008, at 6:51 AM

Thank you Raymond. That did the trick.
Comment 62 written by Rick on 1 July 2008, at 8:19 PM

I'd like to update the captcha image by updating captcha.xml. But it looks like the edits never stick. How do I re-instantiate the captcha object after making changes to the XML file so that I can see the updates?

Thanks so much
Rick
Comment 63 written by Rick on 1 July 2008, at 8:27 PM

By the way, I'm not using the captcha on BlogCFC, so I cannot use the ?renit method. Thanks again.
Comment 64 written by Raymond Camden on 2 July 2008, at 6:27 AM

Did you see this code in test2.cfm?


<cfif not structKeyExists(application, "captcha")>
<cfset application.captcha = createObject("component", "captchaService").init(configFile="captcha.xml") />
<cfset application.captcha.setup()>
</cfif>

You can modify the CFIF to look for url.reinit so you can force a refresh.
Comment 65 written by Rick on 2 July 2008, at 9:01 AM

I do see that code...unfortunately, I'm not quite sure how to modify it to look for url.reinit.
Comment 66 written by Raymond Camden on 2 July 2008, at 9:04 AM

You don't know how to check for the existence of a variable? That's pretty basic CF. I'm not trying to be mean here - please note that - but that is something that all CF developers should have a grip on. There are 2 ways of doing it. isDefined or with structKeyExists. Here is an example of both:

<cfif not structKeyExists(application,"captcha") or isDefined("url.reinit")>

or

<cfif not structKeyExists(application,"captcha") or structKeyExists(url,"reinit")>
Comment 67 written by Rick on 2 July 2008, at 10:03 AM

ah, got it...I do know how to do this. Sorry, have too many things going on at once. Thanks.
Comment 68 written by Karen on 26 September 2008, at 4:24 PM

Thanks for the tutorial Raymond, it was a big help. I know very little CF so the instructions that Peter provides w/ the Lyla download were over my head. Your step-by-step explanation and samples gave me enough direction to get my LylaCaptcha functioning perfectly.
Comment 69 written by Chris on 3 November 2008, at 1:33 AM

Hello Gurus,

I encountered some problems installing Lyla for the first time. On my local machine running CF8, everything is fine.

On my production server running CF MX 6.1, none of my images appear.

Looking at captcha.cfm, I get the following error:

=====================
Attribute validation error for tag CFCONTENT.
The tag does not allow the attribute(s) VARIABLE. The valid attribute(s) are DELETEFILE,FILE,RESET,TYPE.

4 :
5 : <cfset variables.captcha = application.captcha.createCaptchaFromHashReference("stream",url.hash) />
6 : <cfcontent type="image/jpeg" variable="#variables.captcha.stream#" reset="false" />
=====================

Any known workarounds for those of us on CF MX 6.1?

Note I did change the cfcontent type to "image/jpeg" from "image/jpg" which I read was also required - can anyone confirm this?

Thanks for your great support,
Chris
Comment 70 written by Raymond Camden on 3 November 2008, at 10:37 AM

I believe you want to remove variable from cfcontent, and after the end of the tag, try either <cfoutput>#variables.captcha.stream#</cfoutput> or <cfoutput>#toBinary(variables.captcha.stream)#</cfoutput>
Comment 71 written by Chris on 3 November 2008, at 1:15 PM

Thanks for your quick suggestions Raymond.

Unfortunately, it did not completely solve the problem.

Now I'm receiving the following error:

====================
Error Occurred While Processing Request
Element INSTANCE.HASHREFERENCECACHETIMESTAMP is undefined in VARIABLES.

The error occurred in \Htdocs\test\lyla\captchaService.cfc: line 936

Called from \Htdocs\test\lyla\captchaService.cfc: line 680

Called from \Htdocs\test\lyla\captchaService.cfc: line 659

Called from \Htdocs\test\lyla\captchaService.cfc: line 120

Called from \Htdocs\test\lyla\captcha.cfm: line 5
====================

This is getting much deeper than my level of understanding so I may need to find an alternative solution.

If anyone has additional input for us MX 6.1 users, it would be appreciated.

Thanks for your expertise -
Chris
Comment 72 written by Chris on 5 November 2008, at 11:25 PM

Just adding these comments I received from Peter J. Farrell, author of Lyla Captcha, in case anyone is following this discussion regarding MX 6.1:

====================
"You cannot server via a stream on 6.1 - you'll need to use the file type createCaptchaFromHashReference("file", url.hash") instead and then use a .cfm page that serves that file via cfcontent."
====================
Comment 73 written by Tim on 16 December 2008, at 7:35 PM

Does anybody out there have a working sample for version 6.1? I got it to work on 7 but not 6.1 servers. Code samples would greatly be appreciated. I'm aware of the posts regarding version 6 not being able to stream and having to using cf via cfcontent... samples would be great!

errors i'm getting:
captcha The tag does not allow the attribute(s) VARIABLE. The valid attribute(s) are DELETEFILE,FILE,RESET,TYPE

Thanks in advance!
Comment 74 written by Frank Gerritse on 27 May 2009, at 7:09 AM

On some sites on CF7 I have the following problem. When restarting the server or de Coldfusion services for some reason. Lylacaptcha won't work The image is not display. But if I change the application name and restart the services again the captcha is working fine untill we restart the services or server for some reason again ?
Comment 75 written by Raymond Camden on 27 May 2009, at 7:19 AM

@Tim: Variable was added to cfcontent in 7. You would need to change the code to save the binary data to a temp file and then use the file attribute.

@Frank: May be best to ping the Lyla project direct for support.
Comment 76 written by Vikie on 31 October 2009, at 9:13 AM

I think there is no need in captcha at all at the most of the cases. For example, on www.buyselldress.com we implement fairly simple but effective approach to block spam messages. Several steps are made, but obvious check for mouse movements in browser is best thing to block most of spambots. And this is very convenient for users. I hate captchas as user.
Comment 77 written by James on 10 November 2009, at 2:10 PM

Is Lyla still around, I tried going to the site, but it not up. Does anyone else have the code I need for this to work? I'm running MX7. Thanks.
Comment 78 written by Raymond Camden on 10 November 2009, at 2:28 PM

I'm thinking it is just temporary. I was at http://lyla.maestropublishing.com/ a few days ago and it was fine.
Comment 79 written by Lisa on 14 February 2010, at 4:21 PM

I am hoping you can offer a bit of advice. I have successfully installed the Lyla Captcha to several websites all residing on my CF7 server. I have moved another site, who I had hosted elsewhere on a CF8 server and then moved it onto my CF7 server. The captcha broke because in CF7 there is no cfimage tag. Now, I copy the exact files, code, etc. for the CF7 captcha into this new site but keep getting an error. Either a cfscript error (no ending tag --which there is) or a "captcha not available" error. I have the cfapplication set up exactly as the others with no luck. Any suggestions? I'm running out of ideas to try. Thank you so much.
Comment 80 written by Raymond Camden on 15 February 2010, at 7:38 AM

Not sure what I ca do here to help. It sounds like you have multiple issues. I'd try to focus in on one at a time. The "captcha not available" error is something the Lyla folks discuss on their FAQ I believe, and you should check there first. (http://lyla.maestropublishing.com/FAQ.cfm)
Comment 81 written by Lisa on 15 February 2010, at 6:24 PM

I have already looked at Lyla's site and it's already in an persistent scope. Just can't figure out why the exact same code is working for 5+ sites and not for this one. 20 minute task has become 3 days...

Thanks though.
Comment 82 written by Sebastian VanDyke on 23 February 2010, at 2:20 PM

Thanks for this. Lifesaver dude.
Comment 83 written by Bobbi on 8 July 2010, at 1:29 PM

I'm using captcha in one of my forms. Yet for some reason, I'll get an error that the hash(form.password)
Comment 84 written by Bobbi on 8 July 2010, at 1:34 PM

Sorry about previous post.
I'm using captcha in a form (myform.cfm), where I have an input field for the password (userInput), and a hidden field (hashVal) that has its value set to #rndHash#, which is a generated hash value. Then in my action form (myaction.cfm) I compare the values of "userInput" and "hashVal" . If they match the form is processed, else the user is notified that an invalid password was entered. Sometimes, I get this notification even though I can see that the hash value of "userInput" is equal to the value of "hashVal". I can't figure out why this happens. Help!
Comment 85 written by Raymond Camden on 8 July 2010, at 1:47 PM

Not sure what to tell you. If it works sometimes and not others, it could mean many things. Perhaps you can share your code (via pastebin).
Comment 86 written by Bobbi on 9 July 2010, at 7:07 AM

I'd be glad to! What's pastebin?
Comment 87 written by Raymond Camden on 9 July 2010, at 9:37 AM

Free service that lets you paste up code and share with others.

http://pastebin.com/
Comment 88 written by Bobbi on 12 July 2010, at 8:00 AM

Hi Raymond,
I've posted my code to pastebin. Thanks!!!
http://pastebin.com/0yayvW88
Comment 89 written by Raymond Camden on 12 July 2010, at 8:08 AM

Nothing really stands out. How do you generate your random string?
Comment 90 written by Bobbi on 12 July 2010, at 8:18 AM

I think it's just an attribute of the cfimage tag:
http://livedocs.adobe.com/coldfusion/8/htmldocs/he...

Thanks!!!
Comment 91 written by Raymond Camden on 12 July 2010, at 8:20 AM

No - you create the string, not the tag. The tag just takes your string and makes it ugly in the picture. I think you may need to provide your _complete_ code templates, not just snippets.
Comment 92 written by Bobbi on 12 July 2010, at 8:27 AM

Sorry. I've posted all of the code. I was trying to prevent you from having to wade through all of the code. But in doing so, I missed the code to generate the image:
http://pastebin.com/E4DQubAS

Thanks!!!
Comment 93 written by Raymond Camden on 12 July 2010, at 3:31 PM

You got me. I don't see any reason why it would fail. I'd maybe add a cflog before your cfif in the action page and write out the two values. Maybe they are NOT exactly the same.