Recently Google introduced new reCaptcha API called “No CAPTCHA reCAPTCHA” . Its a complete new design captcha system. This protects your website for spammers and robots. As per Google,
While the new reCAPTCHA API may sound simple, there is a high degree of sophistication behind that modest checkbox. CAPTCHAs have long relied on the inability of robots to solve distorted text. However, our research recently showed that today’s Artificial Intelligence technology can solve even the most difficult variant of distorted text at 99.8% accuracy. Thus distorted text, on its own, is no longer a dependable test.
Now using this new captcha system users do not need to identify a complex distorted text string to prove themselves as human being. Sometimes it becomes too much irritating when the text strings are very much distorted even difficult to recognized by human beings. As per the new catacha system users just need to click on checkbox to identify themselves as human being.
Google does say that this won’t entirely do away with CAPTCHAs — there may still be times when you’ll be asked to enter some text as well.
Google’s new reCATPTCHA system makes use of an advanced risk analysis engine to identify humans and robots.The idea here is to track user’s actions before, during and after ticking the check box saying “I’m not a robot“. Basically it checks how the cursor moved on its way to the check (organic path/acceleration), which part of the checkbox was clicked (random places, or dead on center every time), browser fingerprint, Google cookies & contents. At the end of the day, if it’s not sure, it will still offer you traditional CAPTCHA .
Here is how Google’s new reCAPTCHA looks like.
Sometime if it can not verify only by clicking the checkbox it presents with the old traditional captcha,
In this post I had implemented new reCaptch API system with HTML login form using ColdFusion.
Steps:
1. Click Here to to create a Google reCaptcha application.
2. After this step you will be provided with google site key and secret key. The site key will be used in our HTML form as a hidden field and secret key will be used for communication between our site and google.
Algorithm:
- Add the google site key to the form with a hidden field. Example,
-
<div class="g-recaptcha" data-sitekey="6LctadUSAAAAAI81jKmWaBFGWwMky64xbBGhVl8L"></div>
- When the user clicks on the check box, an ajax request will be automatically sent to the server and validate the CAPTCHA, if it is valid mark it as
in use
. (Show the result – identifier is OK/not OK – to the user) - When the user sends the form, the form’s data contains the identifier. Check it once more on the server side by making a http request to google, it should exist and it should be in
in use
state. - If all validations are succeeded , the form’s data is ready to use/process
Here is the quick demo I have implemented using ColdFusion.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<cfparam name="FORM.username" default="" type="string" > | |
<cfparam name="FORM.password" default="" type="string" > | |
<cfif structKeyExists(FORM,"submit")> | |
<cfset recaptcha = FORM["g-recaptcha-response"] > | |
<cfif len(recaptcha)> | |
<cfset googleUrl = "https://www.google.com/recaptcha/api/siteverify"> | |
<cfset secret = "6LctadUSAAAAAM7NPoPq5jlbm3a37ib3sHlRFyNE"> | |
<cfset ipaddr = CGI.REMOTE_ADDR> | |
<cfset request_url = googleUrl & "?secret=" & secret & "&response=" & recaptcha & "&remoteip" & ipaddr> | |
<cfhttp url="#request_url#" method="get" timeout="10"> | |
<cfset response = deserializeJSON(cfhttp.filecontent)> | |
<cfif response.success eq "YES"> | |
<!— Start validating the username/password here. —> | |
</cfif> | |
</cfif> | |
</cfif> | |
<!DOCTYPE html> | |
<html> | |
<head> | |
<script src='https://www.google.com/recaptcha/api.js'></script> | |
</head> | |
<body> | |
<form method="post"> | |
UserName: | |
<input type="text" name="username"> | |
<br><br> | |
Password: | |
<input type="password" name="password"> | |
<br><br> | |
<div class="g-recaptcha" data-sitekey="6LctadUSAAAAAI81jKmWaBFGWwMky64xbBGhVl8L"></div> | |
<input type="submit" value="Submit" name="submit"> | |
</form> | |
</body> | |
</html> |