Our FormMail uses CAPTCHAOpens in a new window (also called image verification) for two purposes:
- to prevent your server from becoming a Spam Gateway to send Spam to other people when you want to use the Auto Responding feature.
- to protect your forms from sending you spam (and automated bot submissions in general).
The use of CAPTCHA for Auto Responding is described completely in the How-To Guide for Auto Responding. So, read that Guide if you are attempting to use the Auto Responding feature.
This guide describes how to protect your forms from automated submissions. This means that, subject to advances in computer technology and other CAPTCHA-defeating techniques, you can ensure that only real human beings are submitting your forms.
For information about performing both functions at the same time, please read both How-To guides - you'll find the technique to performing both functions with the one CAPTCHA image at the bottom of each guide.
Overview
The rest of this page describes how to use our simple free CAPTCHA solution called "verifyimg".
You're welcome to use this, however, we now recommend that you use Google's reCAPTCHA. Preferably Invisible reCAPTCHA.
We have a specific How-To guide for using reCAPTCHA with FormMail.
The following lists the steps required to get FormMail to protect your form submissions with CAPTCHA:
- Install verifyimg.php on your server.
- Configure your form to show the image and allow the user to enter the text from the image.
Step 1 - verifyimg.php
You can download verifyimg.php here.
Simply upload it to your server. Read the instructions at the top of verifyimg.php for full details. Use the verifytest.php script to confirm correct operation.
Step 2 - Add the Image to your Form
You need to insert two items into your form: an image URL and a text field.
Here's how to insert the image:
<img src="http://www.yoursite.com/verifyimg.php" alt="Image verification" name="vimg" />
Here's how to get the user's input:
<p>To submit this form, please
enter the characters you see in the image:</p>
<input type="text" size="12" name="imgverify" />
The text field must be named imgverify. That's the special field name that FormMail will look for.
To enforce the input of the imgverify field, you should configure the REQUIRE_CAPTCHA feature of FormMail. This feature is available from version 8.10 of FormMail.
If you're using a version prior to 8.10, then you need to to enforce the input of the imgverify field, using required or conditions and implement an INI file on your server to make your required or conditions secure. Spam Bots cannot bypass the directions you place in an INI file.
Also, we've provided a sample below that handles PHP sessions when cookies are disabled.
Want Better Images?
verifyimg.php is a good way to start, because it's free and simple to install!
For the most security available in a free product, we recommend reCAPTCHA (read the important How-To guide).
Problems With Cookies and Sessions
Using an identical domain name is important. PHP sessions are usually identified by browser cookies, and these cookies are specific to the domain name.
For this reason, we recommend you specify a full URL to your verifyimg.php script, or other CAPTCHA script, and to your FormMail script. Also, make sure you don't mix "www.yoursite.com" with just "yoursite.com". Despite what may be common belief, they are not the same thing.
We recommend you read the information about Cookies and Sessions.
Also, we've provided a sample below that handles PHP sessions when cookies are disabled.
Sample Form
You can download a sample HTML form that enforces image verification.
We've included a PHP version of the same form, which allows you to overcome problems with cookies being disabled in visitors' browsers.
Stopping Bots and Autoresponding at the Same Time
If you want to perform autoresponding, there's a How-To guide about this.
You can stop bots and perform autoresponding using the one image field to control both.
To do this, you simply derive an "arverify" field from "imgverify":
<input type="text" name="derive_fields" value="arverify=imgverify" />
Read the How-To guide on deriving fields for more details about this technique.