Our FormMail uses CAPTCHA (also called image verification) for two purposes:
- to prevent your server from becoming a Spam Gateway to send Spam to other people when you want to use the Auto Responding feature.
- to protect your forms from sending you spam (and automated bot submissions in general).
The use of CAPTCHA for Auto Responding is described completely in the HOW TO Guide for Auto Responding. So, read that Guide if you are attempting to use the Auto Responding feature.
This guide describes how to protect your forms from automated submissions. This means that, subject to advances in computer technology and other CAPTCHA-defeating techniques, you can ensure that only real human beings are submitting your forms.
For information about performing both functions at the same time, please read both HOW TO guides - you'll find the technique to performing both functions with the one CAPTCHA image at the bottom of each guide.
Overview
The following lists the steps required to get FormMail to protect your form submissions with CAPTCHA:
- Install verifyimg.php on your server.
- Configure your form to show the image and allow the user to enter the text from the image.
Step 1 - VerifyImg.php
You can download verifyimg.php from our forums here.
Simply upload it to your server. Read the instructions at the top of verifyimg.php for full details. Use the verifytest.php script to confirm correct operation.
Step 2 - Add the Image to your Form
You need to insert two items into your form: an image URL and a text field.
Here's how to insert the image:
Here's how to get the user's input:
The text field must be named imgverify. That's the special field name that FormMail will look for.
To enforce the input of the imgverify field, you should configure the REQUIRE_CAPTCHA feature of FormMail. This feature is available from version 8.10 of FormMail.
If you're using a version prior to 8.10, then you need to to enforce the input of the imgverify field, using required or conditions and implement an INI file on your server to make your required or conditions secure. Spam Bots cannot bypass the directions you place in an INI file.
Also, we've provided a sample below that handles PHP sessions when cookies are disabled.
Want Better Images?
verifyimg.php is a good way to start, because it's free!
For the most security available in a free product, we recommend reCaptcha (read the important HOW TO guide).
FormMail also supports the commercial product Captcha Creator from www.captchacreator.com. In this case, it's important to use our special HOW TO guide for Captcha Creator.
Problems With Cookies and Sessions
We recommend you read the information about Cookies and Sessions.
Also, we've provided a sample below that handles PHP sessions when cookies are disabled.
Sample Form
You can download a sample HTML form that enforces image verification.
We've included a PHP version of the same form, which allows you to overcome problems with cookies being disabled in visitors' browsers.
Stopping Bots and Autoresponding at the Same Time
If you want to perform autoresponding, there's a HOW TO guide about this.
You can stop bots and perform autoresponding using the one image field to control both.
To do this, you simply derive an "arverify" field from "imgverify":
Read the HOW TO guide on deriving fields for more details about this technique.
