Google Recaptcha (code for ancient ASP)
Google has a lot of various API (List of Google API),I use Google service and my site contains a lot of pages of Google API, for example:
- (2021) How to build application server based on push notification from Firebase
- (2016) MongoDB - noSQL-database for irregular JSON data (Youtube API).
- (2014) Поштові розсилки через Gmail.
- (2014) Сайт с Google-maps API, имперсонализацией и Dynamic LINQ Expression.
In other case about 2002 year I have wrote own capture API, and I used it in a lot of my projects since 2002 year, for example
`And I have a lot of my own technology to protect rogue login, for example look to this page:
- (2008) Безопасность Web-приложений
In third axis there are a lot of various technology to protect rogue login, for example.
- (2023) Angilar AntiForgeryToken
- (2019) jquery.unobtrusive-ajax.min.js
- (2018) ASP.NET MVC @Html.AntiForgeryToken
This small explanation can help anybody what small background future for protect rogue login is Google recaptcha. But in some case customer select exactly this options and nothing else.
Therefore in this page I want to publish my workable code to ancient ASP.
So, firstly we can going to google and registered domain to Google recapture API https://www.google.com/recaptcha/admin. We can select V2 or V3 version.
That's it for Google.
Server solution.
Next step we need to go on own site and adding capture to Html. There are two way, this is first.
346: <script src="https://www.google.com/recaptcha/api.js" async defer></script>
404: <!--#include file="../Google/RecaptchaDiv.inc"-->
Where RecaptchaDiv.inc is only one DIV (this is useful to place keys related to Recaptcha to one site folder.
Second way.
346: <script src="https://www.google.com/recaptcha/api.js?onload=onloadCallback&render=explicit"></script>
347: <script type="text/javascript">
348: var onloadCallback = function () {
349: grecaptcha.render('recaptcha', {
350: 'sitekey': 'XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX'
351: });
352: };
353: </script>
And than we need place on Postback part the verification code (code from 41-90 is user login - select query with username and password to batabase and set AU cookie and needed session variables).
23: If Request.ServerVariables("REQUEST_METHOD") = "POST" Then
24:
25: if Request.Form("g-recaptcha-response") ="" then
26: Response.Cookies("sfCustomer").Expires = Now()
27: Errormsg = "Invalid Google captcha"
28: else
29:
30: %>
31: <!--#include file="../Google/RecaptchaCheck.inc"-->
32: <%
33: Dim GoogleVerify
34: GoogleVerify = RecaptchaConfirm (Request.Form("g-recaptcha-response"))
35: if GoogleVerify <> "" then
36:
37: Response.Cookies("sfCustomer").Expires = Now()
38: Errormsg = "Invalid Google captcha"
39:
40: else
19:
20:
21: Const vDebug = 0
22: Dim iAuthenticate, custEmail, custPasswd, ErrorMsg, RPage, Arr,StrInvalidChar
23:
24: if Request.QueryString = "" Then
25: RPage = Request.Form ("Rpage")
26: Else
27: Arr = Split (Request.QueryString,"=",2,1)
28: RPage = Arr(1)
29: End if
30:
31: If Request.ServerVariables("REQUEST_METHOD") = "POST" Then
32: custEmail = Request.Form ("custEmail")
33: custPasswd = Request.Form ("custPasswd")
34: StrInvalidChar = "',;,#,(,), ,?,%,--"
35:
36: If CheckInvalidChar(custEmail ,StrInvalidChar) Or CheckInvalidChar(custPasswd,StrInvalidChar) Then
37: Errormsg = "Invalid Email & Password"
38: Response.Cookies("sfCustomer").Expires = Now()
39: iAuthenticate = -110
40: Else
..:
90: End if
91: End if
92: End if
93: %>
94: <html>
And this is my code of RecaptchaCheck.inc, on the end of function you can see correct and wrong answer from Google.
1: <%
2: ' returns "" if correct, otherwise it returns the error response
3: Function RecaptchaConfirm(Token)
4:
5: if Token="" then
6: RecaptchaConfirm = "No token"
7: else
8:
9: Dim recaptcha_private_key, server_response, newCaptcha
10: recaptcha_private_key = "YYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYY" '<------------------------------------------- your private key
11:
12: Dim VarString
13: VarString = _
14: "secret=" & recaptcha_private_key & _
15: "&remoteip=" & Request.ServerVariables("REMOTE_ADDR") & _
16: "&response=" & Token
17:
18: Dim objXmlHttp
19: Set objXmlHttp = Server.CreateObject("Msxml2.ServerXMLHTTP")
20: objXmlHttp.open "POST", "https://www.google.com/recaptcha/api/siteverify", False
21: objXmlHttp.setRequestHeader "Content-Type", "application/x-www-form-urlencoded"
22: objXmlHttp.send VarString
23:
24: Dim ResponseString
25: ResponseString = objXmlHttp.responseText
26: Set objXmlHttp = Nothing
27:
28: if InStr(1, ResponseString, "true") then
29: 'They answered correctly
30: RecaptchaConfirm = ""
31: else
32: 'They answered incorrectly
33: RecaptchaConfirm = ResponseString
34: end if
35: end if
36:
37: End Function
38:
39: %>
40:
41: <!--' (0): "{"
42: ' (1): " \"success\": false,"
43: ' (2): " \"error-codes\": ["
44: ' (3): " \"missing-input-secret\""
45: ' (4): " ]"
46: ' (5): "}"
47: '
48: ' (0): "{"
49: ' (1): " \"success\": true,"
50: ' (2): " \"challenge_ts\": \"2023-05-03T22:52:47Z\","
51: ' (3): " \"hostname\": \"localhost\""
52: ' (4): "}"-->
Client only checking.
In this case we will blocking postback to server. I'm sorry, I have no more time, please see solution on screenshot below.
)
|
|