ASP Classic Login CAPTCHA VBScript Code Sample

The ASP Classic Login Captcha sample project shows how to add BotDetect CAPTCHA validation to simple ASP login forms.

First Time Here?

Check the BotDetect Developer Crash Course for key integration steps.

To prevent bots from trying to guess the login info by brute force submission of a large number of common values, the visitor first has to prove they are human (by solving the CAPTCHA), and only then is their username and password submission checked against the authentication data store.

Also, if they enter an invalid username + password combination three times, they have to solve the CAPTCHA again. This prevents attempts in which the attacker would first solve the CAPTCHA themselves, and then let a bot brute-force the authentication info.

To keep the example code simple, the sample doesn't access a data store to authenticate the user, but accepts all logins with usernames and passwords at least 5 characters long as valid.

Download the BotDetect Classic ASP CAPTCHA Component and run this sample

Installed Location

By default, the Classic ASP basic Captcha sample project is installed at:
C:\Program Files\Lanapsoft\BotDetect 3 CAPTCHA Component\Asp\WebApp\AspLoginCaptchaSample

You can also run it from the BotDetect Start Menu:
Programs > Lanapsoft > BotDetect 3 CAPTCHA Component > ASP > Web Applications > Run

Default.asp

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.
w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >
<head>
  <title>BotDetect CAPTCHA ASP Login Sample</title>
  <link type="text/css" rel="Stylesheet" href="StyleSheet.css" />
  <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
  <!-- #include file ="BotDetect.asp" -->
</head>
<body>
  <form method="post" action="ProcessLogin.asp" id="form1">

    <h1>BotDetect CAPTCHA ASP Login Sample</h1>
    
    <h2>Login Page</h2>
    
    <fieldset>
      <legend>CAPTCHA included in ASP Login form validation</legend>
      
      <div class="input">
        <label for="Username">Username:</label>
        <input type="text" name="Username" id="Username" 
        class="textbox" value="<%=Request("Username") %>" />
      </div>
      
      <div class="input">
        <label for="Password">Password:</label>
        <input type="password" name="Password" id="Password" 
        class="textbox" />
      </div>
      
      <% ' authentication failed, show error message
        If Request("error") = "Format" Then %>
          <p class="incorrect">Invalid authentication info</p><% 
        ElseIf Request("error") = "Auth" Then %>
          <p class="incorrect">Authentication failed</p><% 
        End If 
      %>
        
      <div class="input">
        <% ' Adding BotDetect CAPTCHA to the page 
          Dim LoginCaptcha : Set LoginCaptcha = (New Captcha)("LoginCaptcha")
          LoginCaptcha.UserInputID = "CaptchaCode"
          
          If Not LoginCaptcha.IsSolved Then %>
            <label for="CaptchaCode">Retype the characters from the 
            picture:</label>
            <%=LoginCaptcha.Html %>
            <input type="text" name="CaptchaCode" id="CaptchaCode" 
            class="textbox" /><%
           ' CAPTCHA validation failed, show error message
            If Request("error") = "Captcha" Then %>
              <span class="incorrect">Incorrect code</span><%
            End If 
          End If
        %>
      </div>
      <input type="submit" name="SubmitButton" id="SubmitButton" 
      value="Submit"  />
    </fieldset>
  </form>
</body>
</html>

[back to top]

ProcessLogin.asp

<!-- #include file ="BotDetect.asp" -->
<% 
  Dim form_page : form_page = "Default.asp"
  
  'directly accessing this script is an error
  If Not Request.ServerVariables("REQUEST_METHOD") = "POST" Then
    Response.Redirect form_page
  End If

  ' sumbitted data
  Dim username : username = Request("Username")
  Dim password : password = Request("Password")
  
  ' CAPTCHA user input validation 
  Dim LoginCaptcha : Set LoginCaptcha = (New Captcha)("LoginCaptcha")
  LoginCaptcha.UserInputID = "CaptchaCode"
  If Not LoginCaptcha.IsSolved Then
    Dim isHuman : isHuman = LoginCaptcha.Validate()
    If Not isHuman Then 
      ' CAPTCHA validation failed, show error message
      Response.Redirect form_page & "?Username=" & Server.URLEncode(
      username) & "&error=Captcha"
    End If
  End If
  
  ' CAPTCHA validation passed, only now do we perform the protected 
  action (try to authenticate the user)
  
  ' check login format
  Dim isValidLogin : isValidLogin = ValidateLogin(username, password)
  If Not isValidLogin Then 
    ' invalid login format, show error message
    Response.Redirect form_page & "?Username=" & Server.URLEncode(
    username) & "&error=Format"
  End If
  
  ' authenticate the user
  Dim isAuthenticated : isAuthenticated = Authenticate(username, 
  password)
  If Not isAuthenticated Then 
    ' authentication attempt failed, show error message
    Response.Redirect form_page & "?Username=" & Server.URLEncode(
    username) & "&error=Auth"
  End If

  Function ValidateLogin(username, password)
    Dim result : result = False
    '  we check username and password are specified and alphanumeric
    If (Len(username) > 0 And Len(password) > 0) Then
      Dim regEx : Set regEx = New RegExp
      regEx.Pattern = "^[a-zA-Z0-9_]+$" ' alphanumeric chars and 
      underscores only
      result = regEx.Test(username) 
      result = result And regEx.Test(password)
    End If
    ValidateLogin = result
  End Function
  
  Function Authenticate(username, password)
    Dim result : result = False
    ' Since this is a simple sample project, we consider all 
    authentication attempts with usernames and 
    ' passwords longer than 5 characters valid instead of looking up 
    the info in a database etc.
    If (Len(username) > 4 And Len(password) > 4) Then
      result = True
    Else
      ' failing authentication 3 times shows the Captcha again
      Dim count : count = CInt(Session("FailedAuthCount"))
      count = count + 1
      If count > 2 Then
        Call LoginCaptcha.Reset
        count = 0
      End If
      Session("FailedAuthCount") = count
    End If
    Authenticate = result
  End Function
%>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http:
//www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" >
<head>
  <title>BotDetect CAPTCHA ASP Login Demo</title>
  <link type="text/css" rel="Stylesheet" href="StyleSheet.css" />
  <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
</head>
<body>
  <h1>BotDetect CAPTCHA ASP Login Sample</h1>
  
  <h2>Protected Page</h2>

  <fieldset id="Properties">
    <legend>Validation passed!</legend>
    
    <div class="input">
      <label for="Username">Username:</label>
      <input name="Username" id="Username" type="text" class="textbox" 
      readonly="readonly" value="<%=Server.HTMLEncode(username) %>" />
    </div>
    
    <div class="input">
      <label for="Password">Password:</label>
      <input name="Password" id="Password" type="text" class="textbox" 
      readonly="readonly" value="<%=Server.HTMLEncode(password) %>" />
    </div>
    
    <p class="navigation">
      <% ' Sample only, we want to show the Captcha again when 
      returning to the form
        Call LoginCaptcha.Reset %>
      <a href="Default.asp">Back to login page</a>
    </p>
  </fieldset>
</body>
</html>

[back to top]

BotDetect\CaptchaConfig.asp

<%

' Captcha code configuration
' ---------------------------------------------------------------------
LBD_Configuration_CodeLength = 4
LBD_Configuration_CodeStyle = 0
LBD_Configuration_CodeTimeout = 1200
LBD_Configuration_Locale = "en-US"
LBD_Configuration_CustomCharset = ""
LBD_Configuration_BannedSequences = ""


' Captcha image configuration
' ---------------------------------------------------------------------
LBD_Configuration_ImageStyle = LBD_ImageStyles("CaughtInTheNet2")
LBD_Configuration_ImageWidth = 200
LBD_Configuration_ImageHeight = 50
LBD_Configuration_ImageFormat = 0
LBD_Configuration_CustomDarkColor = ""
LBD_Configuration_CustomLightColor = ""
LBD_Configuration_HelpLinkEnabled = True
LBD_Configuration_HelpLinkUrl = "http://captcha.biz/captcha.html"
LBD_Configuration_ImageTooltip = "CAPTCHA"


' Captcha sound configuration
' ---------------------------------------------------------------------
LBD_Configuration_SoundEnabled = True
LBD_Configuration_SoundStyle = LBD_RandomFromRange(0, 9)
LBD_Configuration_SoundFormat = 0
LBD_Configuration_SoundTooltip = "Speak the CAPTCHA code"
LBD_Configuration_SoundIconUrl = "BotDetect/SoundIcon.gif"
LBD_Configuration_SoundPackageFolder = "C:\Program Files (x86)
\Lanapsoft\BotDetect 3 CAPTCHA 
Component\Asp\Redistribute\BotDetectSounds"
LBD_Configuration_WarnAboutMissingSoundPackages = True


' Captcha reload configuration
' ---------------------------------------------------------------------
LBD_Configuration_ReloadEnabled = True
LBD_Configuration_ReloadTooltip = "Reload the CAPTCHA code"
LBD_Configuration_ReloadIconUrl = "BotDetect/ReloadIcon.gif"
LBD_Configuration_AutoReloadExpiredCaptchas = True
LBD_Configuration_AutoReloadTimeout = 7200


' Captcha user input  configuration
' ---------------------------------------------------------------------
LBD_Configuration_AutoFocusInput = True
LBD_Configuration_AutoClearInput = True
LBD_Configuration_AutoLowercaseInput = True


' Captcha persistence configuration
' ---------------------------------------------------------------------
Dim LBD_Persistence : Set LBD_Persistence = Session
LBD_Configuration_UseApplicationFallback = True

%>

[back to top]

language: English
  • English English

© Lanapsoft, Inc. 2004-2012. All rights reserved.

BotDetect, BotDetect CAPTCHA, Lanap, Lanap CAPTCHA, Lanap BotDetect, Lanap BotDetect CAPTCHA, Lanapsoft, Lanapsoft CAPTCHA, Lanapsoft BotDetect, Lanapsoft BotDetect CAPTCHA, and Lanap Software are trademarks of Lanapsoft, Inc. All other product, brand, and company names are mentioned for identification purposes only and are trademarks or registered trademarks of their respective owners.