How can CAPTCHA play nice with AJAX

Events happening in the community are now at Drupal community events on www.drupal.org.
liquidcms's picture
Posted by liquidcms on January 2, 2008 at 8:48am

I have recently had to modify the send.module (tell a friend function) to do a form submit through AJAX. It was not an easy task but was somewhat helped along with the use of the ajaxform submit module.

Now that it is working well; my client has asked for CAPTCHA support on this form. Of course that is going to be very difficult to implement on my ajax submitted form as the CAPTCHA validation function will unset my captcha token if i don't validate and since no page refresh - no token exists the 2nd time i try to submit form. Actually, even if i fix the code to only unset if i do validate, i still have the issue of validating captcha but failing to validate other fields on the form - which again causes resubmit to fail captcha since the token has now been cleared.

So i think possible solutions are to never clear the token? Or somehow figure out how to tie captcha module in to ajaxsubmit so that i can pass back a new captcha token??

Any thoughts?

Categories:

Comments

CAPTCHA and AJAX

Posted by robloach on January 2, 2008 at 7:53pm
robloach's picture

In order to make this work with AJAX/JSON, we'd have to have a menu callback that would handle the CAPTCHA form validation instead of the normal form handling it for us. The menu callback would be called through JSON, and then the result would be returned. This is based on my limited experience with it though, so be warned.

Another solution would be to use reCAPTCHA's AJAX Library. I'm not quite sure how secure this ends up being, not to mention what happens when the client's browser doesn't have Javascript, but it might be a good first step in the direction of putting together an addon library to the reCAPTCHA Drupal Module.

don't think so

Posted by liquidcms on February 11, 2008 at 5:26am
liquidcms's picture

Not sure i get it - but at the moment, this is my setup:

  • i have the send.modules tell-a-friend form embedded on to a teaser and it submits via ajax using the ajaxsumbit module. (was a bit of a feat to embed, the ajax submit was rather easy).
  • this works fine

I am now trying to add captcha to this form.

As long as the user enters the captcha correctly; the form submits ok. If they are wrong, i think something on the form changes and the captcha answer (even though the image hasn't changed) will no longer submit.

Perhaps this is a callback issue; but seems like it might be something simpler. Just starting what i am sure i going to be painful debug path.

Peter Lindstrom
LiquidCMS - Content Management Solution Experts

Peter Lindstrom
LiquidCMS - Content Solution Experts

and leaving the session

Posted by liquidcms on February 11, 2008 at 5:57am
liquidcms's picture

and leaving the session variable remain (i.e. comment out 2 places in the captcha_validate function that clear the captcha) - let this all work now with my ajax submitted send form. :)

I am sure there is a bit of a security risk here.. but really, how bad could it be??

Peter Lindstrom
LiquidCMS - Content Management Solution Experts

Peter Lindstrom
LiquidCMS - Content Solution Experts

CAPTCHA

Group organizers

Group notifications

This group offers an RSS feed. Or subscribe to these personalized, sitewide feeds: