Implementing Captcha for Engelsystem

Knock, knock. Who’s there? A spam bot.

If you’re a web administrator or website owner, then you are bound to know the ugly truth that is the Spam Bot. Someone, somewhere in the world must have made a deal with the Devil in hopes of a larger payout that didn’t exactly pan out the way they.

The goal of the volunteer system (Engelsystem) is to facilitate the work of event organizers and event volunteers. It would be creating problems if bots signup for shifts and fill all the vacancies.

Thanks to the mastermind behind them, those pesky little underlings crawl the web ready to cause mischief at every turn. This means more work and more time eaten up for the honest web admin/event organizer who is left to clean up the mess left in their wake.

What Is CAPTCHA?

CAPTCHAs are nothing new to the experienced web surfer. Sites/web apps, both large and small, use the system for one reason or another.

But, ever wonder where in the world the people who coined the phrase, CAPTCHA, came up with that nonsensical name? Well, you may find it interesting to know that the strange word is actually a clever acronym meaning the following:

Completely Automated Public Test to tell Computers and Humans Apart.

What a mouthful! Now aren’t you happy that they shortened it?

The actual meaning of the word essentially explains exactly what its purpose is: keeping pesky bots out and letting in well-meaning humans (or at least that is the hope).

We worked on implementing Google reCaptcha to the registration form and to the shifts signup page.

10

On websites using this new API, a significant number of users will be able to securely and easily verify they’re human without actually having to solve a CAPTCHA. Instead, with just a single click, they’ll confirm they are not a robot.11

Client-side integration:

if (isset($_REQUEST['g-recaptcha-response']) && !empty($_REQUEST['g-recaptcha-response'])) {
      $curl = curl_init();
      curl_setopt_array($curl, [
        CURLOPT_RETURNTRANSFER => 1,
        CURLOPT_URL => 'hppts://www.google.com/recaptcha/api/siteverify',
        CURLOPT_POST => 1,
        CURLOPT_POSTFIELDS => [
          'secret' => '', // Enter your private key here.
          'response' => $_REQUEST['g-recaptcha-response'],
        ]
      ]);
      
      $response = json_decode(curl_exec($curl));
      $msg .= error(sprintf(_(print_r($response)), $nick), true);
    }
    else {
      $ok = false;
      $msg .= error(_("You are a Robot."), true);
    }
  }

Captcha Shifts Signup Page
                                                     Captcha Shifts Signup Page

If the System is hosted on an online server, the user needs to register and get the API keys for implementing Google reCaptcha here.

Final Thoughts

Spam is a big issue for all websites, including sites ran on WordPress. Although CAPTCHA forms don’t completely eliminate spam mongers, when you use it with other popular spam blocking plugins like Akismet, you really do have the advantage on the spam bot battlefield.

Development: https://github.com/fossasia/engelsystem                                           Issues/Bugs:https://github.com/fossasia/engelsystem/issues