Lyla Coldfusion AJAX CAPTCA

Recently, I have implemented a CAPTCHA system on a form using LylaCaptcha. A CAPTCHA is a type of challenge-response to test whether or not a user is human. The CAPTCHA generates an image with distorted text for the user to decipher.

I modified the CAPTCHA to work on static HTML pages and I also implemented additional encryption on top of the hash function. The first thing I did was upload the captchaSerive.cfc and the captcha.xml into a directory called captcha from the root path of the site. Then, I added the following to the application variable:

<cfif isDefined(“URL.reinit”) OR NOT isDefined(“application.init”)>
<cfset application.captcha = CreateObject(“component”,”captcha.captchaService”).init(configFile=”/captcha/captcha.xml”) >
<cfset application.captcha.setup()>
<cfset application.init = true>
</cfif>
<cfif not isDefined(“session.captchaHash”)>
<cflock scope=”Session” timeout=”120″ type=”exclusive”>
<cfset session.captchaHash = structnew()>
<cfscript>
session.captchaHash = “”;
</cfscript>
</cflock>
</cfif>

I then created a script called setcaptcha.cfm, which sets the session.captchaHash and outputs the value for the hash value encrypted with the coldfusion crypt function to the JavaScript XMLHttpRequest Object. Once the readyState is equal to complete or 4, the JavaScript outputs the CAPTCHA image into the HTML, passing the encrypted hash value to another script which displays the image by decrypting the hash value then passing it to the lyla function that streams the image. Lastly, if the form is processing, then I validate the entered text with the session.CaptchHash value with the following function:

application.captcha.validateCaptcha(session.captchaHash,form.textValue)